IP Threat Report
173.244.42.155
ABUSE.MOM — BEHAVE OR GET EXPOSED
Geolocation & Classification
Detection Signatures
| Signature | Description | Points | Severity |
|---|---|---|---|
| Danger strong hits: 3 | High-risk paths: shells, RCE vectors, exploits | +75 | |
| Danger medium hits: 2 | Medium-risk: admin panels, config files | +20 |
Observed Activity
Reconstructed HTTP requests from server access logs. Target domains redacted for security.
* Typical request patterns for detected signatures. Actual target domains are redacted.
Timeline
Network Provider
Recommendations
Actions taken & recommended
- IP 173.244.42.155 is blocked at application level (HTTP 403)
- Consider blocking at firewall level (iptables/CSF) to reduce server load
- Other malicious IPs detected in the same /24 subnet — consider blocking 173.244.42.0/24
- Report abuse to the network provider via their abuse contact
- Ensure sensitive files (.env, .git, backups) are not accessible from the web
⚙️ Defensive Recommendations
Block 173.244.42.155 at the network perimeter. Implement defense-in-depth combining IP blocking with application-layer protections.
Neighbors in 173.244.42.0/24
Other blocked IPs from the same /24 subnet — indicates systematic abuse from this network range.
Open Ports & Services
Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.
| Port | Service | Risk | Description |
|---|---|---|---|
| 443 | HTTPS | Low | HTTPS web server — encrypted web traffic |
| 1337 | Unknown | Low | Service on port 1337 |
| 6443 | Unknown | Low | Service on port 6443 |
| 8080 | HTTP-Alt | Low | HTTP alternative port — often used for admin panels or proxies |
| 8443 | HTTPS-Alt | Low | Service on port 8443 |
Data source: Shodan InternetDB. Scanned independently of abuse.mom.
Blacklist Status (DNSBL)
This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.
Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.
Threat Analysis
173.244.42.155 has been assigned a threat score of 95/100 (Critical). A score this high marks a critical threat actor. This address has demonstrated persistent, aggressive malicious behavior across multiple detection vectors.
📊 Threat Analysis
Threat intelligence analysis has linked 173.244.42.155 to malicious activity originating from Seoul, South Korea, operating on the network of LogicWeb Inc.. The address has been under observation since its initial detection. The address has been active for 22 days in our monitoring system, producing 2 flagged requests at a rate of ~0.1/day. This IP is identified as a VPN or proxy endpoint, commonly used to mask the true origin of attack traffic and bypass geographic or reputation-based blocking. Our records show 106 malicious IPs originating from South Korea, positioning it as a significant contributor to global threat activity. With a threat score of 95/100, this IP is among the most dangerous addresses in our database. Immediate and complete blocking is strongly recommended.
This IP is associated with a VPN or proxy service. Attackers frequently route their traffic through anonymizing services to obscure their true location. This makes attribution more challenging but the malicious behavior patterns remain detectable.
Related Threats
🇰🇷 Top threats from South Korea
4.217.180.34 (280)20.214.155.242 (280)20.214.157.214 (280)52.231.66.246 (280)20.194.25.241 (280)View all →Security Intelligence
💡 GraphQL Security Risks
GraphQL APIs introduce specific vulnerabilities including introspection information disclosure, query complexity attacks, batching abuse, and authorization bypass through nested queries. Depth limiting, cost analysis, and field-level authorization address these GraphQL-specific threats.
💡 Directory Traversal Attacks
Path traversal attacks attempt to access files outside the intended directory by manipulating file path references. Attackers use sequences like ../ to reach sensitive system files such as /etc/passwd or application configuration files.