IP Threat Report
23.236.157.219
ABUSE.MOM — BEHAVE OR GET EXPOSED
Geolocation & Classification
Detection Signatures
| Signature | Description | Points | Severity |
|---|---|---|---|
| 404 ratio 40-60% | Majority of requests returned 404 — enumeration | +15 | |
| Danger medium hits: 3 | Medium-risk: admin panels, config files | +30 | |
| Foreign referer | Referer from unrelated external domain | +10 | |
| Probe 302→404 | Behavioral anomaly detected by automated analysis | +20 |
Observed Activity
Reconstructed HTTP requests from server access logs. Target domains redacted for security.
* Typical request patterns for detected signatures. Actual target domains are redacted.
Timeline
Recommendations
Actions taken & recommended
- IP 23.236.157.219 is blocked at application level (HTTP 403)
- Consider blocking at firewall level (iptables/CSF) to reduce server load
- Other malicious IPs detected in the same /24 subnet — consider blocking 23.236.157.0/24
- Ensure sensitive files (.env, .git, backups) are not accessible from the web
🔎 Path Enumeration Protection
Block scanning from 23.236.157.219: rate-limit 404 responses per IP, deploy a honeypot 404 page, ensure no backup files are web-accessible.
Neighbors in 23.236.157.0/24
Other blocked IPs from the same /24 subnet — indicates systematic abuse from this network range.
Blacklist Status (DNSBL)
This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.
Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.
Threat Analysis
23.236.157.219 has been assigned a threat score of 75/100 (High). At this threat level, the IP is considered high risk. Firewall rules should be updated to deny traffic from this source.
The following attack categories were identified:
📊 Threat Analysis
23.236.157.219 is registered in an unknown location. This IP first appeared in our threat feeds after triggering multiple behavioral detection signatures. Our sensors captured 19 malicious requests from this address across a 1-day span, reflecting a sustained attack cadence of ~19 requests per day. Active path scanning has been detected — this IP probes for hundreds of common file and directory names. At 75/100, this IP warrants immediate defensive action.
Related Threats
Top threats from ??
View all →Security Intelligence
💡 Credential Stuffing at Scale
Credential stuffing uses stolen username-password pairs from data breaches to attempt logins across many websites. Since users frequently reuse passwords, these automated attacks achieve success rates of 0.1-2%, which translates to thousands of compromised accounts from millions of attempts.
💡 Remote Code Execution (RCE)
RCE vulnerabilities allow attackers to execute arbitrary code on target servers. These critical flaws often arise from deserialization bugs, template injection, or file upload vulnerabilities, and represent the highest severity class of web application weaknesses.