IP Threat Report
162.158.94.119
ABUSE.MOM — BEHAVE OR GET EXPOSED
Geolocation & Classification
Detection Signatures
| Signature | Description | Points | Severity |
|---|---|---|---|
| 404 ratio 40-60% | Majority of requests returned 404 — enumeration | +15 | |
| Danger medium hits: 1 | Medium-risk: admin panels, config files | +10 | |
| Danger strong hits: 2 | High-risk paths: shells, RCE vectors, exploits | +50 |
Observed Activity
Reconstructed HTTP requests from server access logs. Target domains redacted for security.
* Typical request patterns for detected signatures. Actual target domains are redacted.
Timeline
Recommendations
Actions taken & recommended
- IP 162.158.94.119 is blocked at application level (HTTP 403)
- Consider blocking at firewall level (iptables/CSF) to reduce server load
- Other malicious IPs detected in the same /24 subnet — consider blocking 162.158.94.0/24
- Ensure sensitive files (.env, .git, backups) are not accessible from the web
🔎 Directory Scan Defense
IP 162.158.94.119 is enumerating directories. Configure fail2ban apache-404 jail after 10+ 404 errors. Disable directory listings. Normalize all 404 responses.
Neighbors in 162.158.94.0/24
Other blocked IPs from the same /24 subnet — indicates systematic abuse from this network range.
Blacklist Status (DNSBL)
This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.
Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.
Threat Analysis
162.158.94.119 has been assigned a threat score of 75/100 (High). At this threat level, the IP is considered high risk. Firewall rules should be updated to deny traffic from this source.
The following attack categories were identified:
📊 Threat Analysis
IP address 162.158.94.119 has been traced to an unknown location. Our threat detection systems have flagged this address based on observed malicious behavior patterns. Over a period of 2 days, this IP generated 110 malicious requests, averaging approximately 55 requests per day. Active path scanning has been detected — this IP probes for hundreds of common file and directory names. The score of 75/100 indicates a confirmed malicious actor. Network-level blocking is appropriate.
Related Threats
Top threats from ??
View all →Security Intelligence
💡 Directory Traversal Attacks
Path traversal attacks attempt to access files outside the intended directory by manipulating file path references. Attackers use sequences like ../ to reach sensitive system files such as /etc/passwd or application configuration files.
💡 Data Breach Impact Assessment
The impact of data breaches extends beyond immediate financial losses. Regulatory fines, legal liability, reputational damage, and customer churn create long-term costs that often exceed the direct costs of incident response and remediation.