Dashboard›🇮🇳 India›202.21.47.139

THREAT REPORT

IP Threat Report
202.21.47.139

ABUSE.MOM — BEHAVE OR GET EXPOSED

Generated: 2026-05-27 08:24:43

First seen: 2026-03-12 07:00:07

Last seen: 2026-04-18 21:00:08

Geolocation & Classification

IP Address

202.21.47.139

Type

Residential

Country

🇮🇳 India

City

Coimbatore

ISP

RailTel Corporation

Organization

Railtel

Autonomous System

AS24186 RailTel Corporation of India Ltd

Hit Count

Detection Signatures

Signature	Description	Points
Danger strong hits: 1	High-risk paths: shells, RCE vectors, exploits	+25
Danger medium hits: 1	Medium-risk: admin panels, config files	+10
404 ratio >= 60%	Majority of requests returned 404 — enumeration	+25
POST requests present	Behavioral anomaly detected by automated analysis	+8
Danger strong hits: 3	High-risk paths: shells, RCE vectors, exploits	+75
Danger medium hits: 2	Medium-risk: admin panels, config files	+20
Danger strong hits: 2	High-risk paths: shells, RCE vectors, exploits	+50
404 ratio 40-60%	Majority of requests returned 404 — enumeration	+15

Σ = 228

Observed Activity

Reconstructed HTTP requests from server access logs. Target domains redacted for security.

[redacted]

GET

200

Requests shown: 1 · HTTP 404: 0 · Dangerous patterns: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

Timeline

2026-03-12 07:00:07

First malicious request detected

IP entered monitoring from server access logs

During observation

Multiple detection signatures triggered

Danger strong hits: 1 (+25), Danger medium hits: 1 (+10), 404 ratio >= 60% (+25)

2026-04-18 21:00:08

Last malicious request observed

Total score reached: 103/100

Next cycle

IP blocked — all subsequent requests denied (HTTP 403)

Added to blocklist automatically

Network Provider

RailTel Corporation

AS24186 · 🇮🇳 India

Recommendations

Actions taken & recommended

IP 202.21.47.139 is blocked at application level (HTTP 403)
Consider blocking at firewall level (iptables/CSF) to reduce server load
Report abuse to the network provider via their abuse contact
Ensure sensitive files (.env, .git, backups) are not accessible from the web

🔎 Directory Scan Defense

IP 202.21.47.139 is enumerating directories. Configure fail2ban apache-404 jail after 10+ 404 errors. Disable directory listings. Normalize all 404 responses.

Open Ports & Services

Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.

OPEN PORTS (7)

Port	Service	Risk	Description
135	Unknown	Low	Service on port 135
443	HTTPS	Low	HTTPS web server — encrypted web traffic
3306	MySQL	High	MySQL database — should never be exposed to the internet
3388	Unknown	Low	Service on port 3388
5985	Unknown	Low	Service on port 5985
33060	Unknown	Low	Service on port 33060
47001	Unknown	Low	Service on port 47001

⚠️ Network scanning reveals 1 dangerous service exposed on 202.21.47.139. These services should not be publicly accessible without strict firewall rules.

DETECTED TECHNOLOGIES

microsoft:asp.netmicrosoft:internet_information_services:10.0microsoft:windowsoracle:mysql:8.4.8microsoft:internet_information_services

Hostnames: rw-00139-72.203.103.rcil.gov.in

PTR: rw-00139-72.203.103.rcil.gov.in

Data source: Shodan InternetDB. Scanned independently of abuse.mom.

Blacklist Status (DNSBL)

This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.

⛔ LISTED

Spamhaus ZEN

Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.

Threat Analysis

202.21.47.139 has been assigned a threat score of 103/100 (Critical). A score this high marks a critical threat actor. This address has demonstrated persistent, aggressive malicious behavior across multiple detection vectors.

The following attack categories were identified:

Path Enumeration

📊 Threat Analysis

Our monitoring infrastructure has identified 202.21.47.139, geolocated to Coimbatore, India, operating on the network of RailTel Corporation, as a source of suspicious network activity. Over a period of 37 days, this IP generated 7 malicious requests, averaging approximately 0.2 requests per day. Operating from a residential network, this IP may represent a compromised home gateway or IoT device that has been drafted into a larger attack infrastructure. The IP exhibits directory enumeration behavior, systematically requesting non-existent paths to discover hidden files and misconfigured resources. With 136 flagged addresses, India represents a significant presence in our threat database. At 103/100, this is an extremely high-risk address. All traffic should be considered hostile.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

Related Threats

🇮🇳 Top threats from India

49.248.192.204 (313)62.72.43.237 (305)4.188.251.0 (280)103.78.247.150 (280)40.80.90.214 (280)View all →

🏢 Same network: AS24186

103.30.64.224 (103)202.141.94.170 (103)27.0.216.179 (103)220.158.156.133 (103)202.141.98.106 (103)View all →

Security Intelligence

💡 File Upload Vulnerabilities

Insecure file upload functionality allows attackers to upload web shells, malware, or scripts that execute on the server. Proper validation must check file content, not just extensions, and uploaded files should be stored outside the web root.

💡 Rate Limiting and Throttling Strategies

Effective rate limiting must balance protection against abuse with allowing legitimate traffic bursts. Sliding window algorithms, token buckets, and adaptive thresholds based on client reputation provide layered defense against flooding attacks.

🔍 Check Any IP Address

Share this report:

IP Threat Report202.21.47.139

⛔ Verdict: BLOCK