IP Threat Report
195.210.106.10
ABUSE.MOM — BEHAVE OR GET EXPOSED
Geolocation & Classification
Detection Signatures
| Signature | Description | Points | Severity |
|---|---|---|---|
| 404 ratio >= 60% | Majority of requests returned 404 — enumeration | +25 | |
| Danger medium hits: 1 | Medium-risk: admin panels, config files | +10 | |
| Danger strong hits: 1 | High-risk paths: shells, RCE vectors, exploits | +25 | |
| Foreign referer seen | Referer from unrelated external domain | +10 | |
| UA suspicious | Behavioral anomaly detected by automated analysis | +15 |
Observed Activity
Reconstructed HTTP requests from server access logs. Target domains redacted for security.
* Typical request patterns for detected signatures. Actual target domains are redacted.
Timeline
Network Provider
Recommendations
Actions taken & recommended
- IP 195.210.106.10 is blocked at application level (HTTP 403)
- Consider blocking at firewall level (iptables/CSF) to reduce server load
- Other malicious IPs detected in the same /24 subnet — consider blocking 195.210.106.0/24
- Report abuse to the network provider via their abuse contact
- Ensure sensitive files (.env, .git, backups) are not accessible from the web
🔎 Path Enumeration Protection
Block scanning from 195.210.106.10: rate-limit 404 responses per IP, deploy a honeypot 404 page, ensure no backup files are web-accessible.
🤖 Bot Detection
Address UA spoofing from 195.210.106.10: maintain blocklist of known malicious UA strings, require consistent UA across sessions, implement TLS fingerprinting.
Neighbors in 195.210.106.0/24
Other blocked IPs from the same /24 subnet — indicates systematic abuse from this network range.
Blacklist Status (DNSBL)
This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.
Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.
Threat Analysis
195.210.106.10 has been assigned a threat score of 75/100 (High). The IP is rated as a high-level threat. Network administrators should implement blocking rules and monitor for any connections from this address.
The following attack categories were identified:
📊 Threat Analysis
195.210.106.10 is registered in Little Rock, United States, operating on the network of GSL Networks Pty LTD. This IP first appeared in our threat feeds after triggering multiple behavioral detection signatures. The address has been active for 76 days in our monitoring system, producing 62 flagged requests at a rate of ~0.8/day. This IP is identified as a VPN or proxy endpoint, commonly used to mask the true origin of attack traffic and bypass geographic or reputation-based blocking. The dual attack vectors of Path Enumeration combined with User-Agent Anomaly indicate a coordinated assault rather than opportunistic scanning. With 116 flagged addresses, United States represents a significant presence in our threat database. A threat score of 75/100 places this IP in the high-risk category. Blocking at the firewall level is recommended.
This IP is associated with a VPN or proxy service. Attackers frequently route their traffic through anonymizing services to obscure their true location. This makes attribution more challenging but the malicious behavior patterns remain detectable.
Related Threats
🇺🇸 Top threats from United States
104.28.246.115 (350)104.28.246.113 (340)104.28.246.116 (340)104.28.235.58 (340)104.28.246.122 (340)View all →Security Intelligence
💡 XML External Entity (XXE) Attacks
XXE vulnerabilities in XML parsers allow attackers to read local files, perform SSRF, and execute denial of service attacks. Many legacy applications and APIs remain vulnerable to XXE due to insecure default XML parser configurations.
💡 Passive DNS for Threat Hunting
Passive DNS databases record historical DNS resolution data, enabling analysts to track domain changes, identify related infrastructure, and discover malicious domains sharing hosting with known threats. This historical context is invaluable for threat investigation.