IP Threat Report
162.241.63.6
ABUSE.MOM — BEHAVE OR GET EXPOSED
Geolocation & Classification
Detection Signatures
| Signature | Description | Points | Severity |
|---|---|---|---|
| Danger strong hits: 2 | High-risk paths: shells, RCE vectors, exploits | +50 | |
| Danger medium hits: 2 | Medium-risk: admin panels, config files | +20 |
Observed Activity
Reconstructed HTTP requests from server access logs. Target domains redacted for security.
* Typical request patterns for detected signatures. Actual target domains are redacted.
Timeline
Network Provider
Recommendations
Actions taken & recommended
- IP 162.241.63.6 is blocked at application level (HTTP 403)
- Consider blocking at firewall level (iptables/CSF) to reduce server load
- Report abuse to the network provider via their abuse contact
- Ensure sensitive files (.env, .git, backups) are not accessible from the web
⚙️ General Security
Add 162.241.63.6 to your firewall blocklist. Review logs for successful connections. Enable comprehensive logging on all public-facing services.
Open Ports & Services
Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.
| Port | Service | Risk | Description |
|---|---|---|---|
| 21 | FTP | Medium | File Transfer Protocol — often targeted for anonymous login attacks |
| 22 | SSH | Low | Secure Shell — common brute force target for remote access |
| 26 | Unknown | Low | Service on port 26 |
| 53 | DNS | Low | DNS server — potential for DNS amplification attacks |
| 80 | HTTP | Low | HTTP web server — standard web traffic |
| 110 | POP3 | Low | Service on port 110 |
| 143 | IMAP | Low | Service on port 143 |
| 443 | HTTPS | Low | HTTPS web server — encrypted web traffic |
| 465 | Unknown | Low | Service on port 465 |
| 587 | Unknown | Low | Service on port 587 |
| 993 | IMAPS | Low | Service on port 993 |
| 995 | POP3S | Low | Service on port 995 |
| 2077 | Unknown | Low | Service on port 2077 |
| 2082 | Unknown | Low | Service on port 2082 |
| 2083 | Unknown | Low | Service on port 2083 |
| 2086 | Unknown | Low | Service on port 2086 |
| 2087 | Unknown | Low | Service on port 2087 |
| 2095 | Unknown | Low | Service on port 2095 |
| 2096 | Unknown | Low | Service on port 2096 |
| 2222 | Unknown | Low | Service on port 2222 |
| 3306 | MySQL | High | MySQL database — should never be exposed to the internet |
⚠️ 2 high-risk ports detected on 162.241.63.6. These services should not be publicly accessible without strict firewall rules.
| CVE ID | Link |
|---|---|
| CVE-2021-41617 | NVD → |
| CVE-2023-51385 | NVD → |
| CVE-2018-20685 | NVD → |
| CVE-2021-36368 | NVD → |
| CVE-2023-38408 | NVD → |
| CVE-2023-48795 | NVD → |
| CVE-2020-15778 | NVD → |
| CVE-2020-14145 | NVD → |
| CVE-2025-26465 | NVD → |
| CVE-2025-32728 | NVD → |
| CVE-2019-6111 | NVD → |
| CVE-2007-2768 | NVD → |
| CVE-2023-51767 | NVD → |
| CVE-2018-15919 | NVD → |
| CVE-2017-15906 | NVD → |
| CVE-2016-20012 | NVD → |
| CVE-2008-3844 | NVD → |
| CVE-2019-6110 | NVD → |
| CVE-2019-6109 | NVD → |
| CVE-2018-15473 | NVD → |
🔴 This host has 20 known CVEs associated with its exposed services. This volume strongly suggests severely outdated software. Review each CVE in the NVD database.
Data source: Shodan InternetDB. Scanned independently of abuse.mom.
Blacklist Status (DNSBL)
This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.
Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.
Threat Analysis
162.241.63.6 has been assigned a threat score of 70/100 (High). This score indicates high threat severity. The IP has shown clear patterns of malicious behavior that warrant immediate defensive measures.
📊 Threat Analysis
Network traffic from 162.241.63.6, located in Vinhedo, Brazil, operating on the network of Network Solutions, LLC, has been classified as malicious by our automated threat scoring engine. The address has been active for 1 days in our monitoring system, producing 1 flagged requests at a rate of ~1/day. This is a residential IP address, suggesting a compromised home device such as a router, smart appliance, or infected workstation participating in a botnet. A threat score of 70/100 places this IP in the high-risk category. Blocking at the firewall level is recommended.
This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.
Related Threats
Security Intelligence
💡 Prototype Pollution Attacks
Prototype pollution manipulates JavaScript object prototypes to inject properties that affect all objects in an application. This can lead to denial of service, property injection, and in some cases remote code execution in Node.js applications.
💡 Mobile Network Threat Landscape
Mobile carrier NAT (CGNAT) means thousands of users share a single public IP, making mobile IPs unreliable for reputation scoring. However, mobile networks are increasingly used as attack platforms through compromised apps and malicious SDKs.