THREAT REPORT
IP Threat Report
45.88.138.44
ABUSE.MOM — BEHAVE OR GET EXPOSED
01
Geolocation & Classification
IP Address
45.88.138.44
Type
Residential
Country
🇳🇱 Netherlands
City
Amsterdam
ISP
Ayosoft LTD
Organization
Ayosoft LTD
Autonomous System
AS213737 AYOSOFT LTD
Hit Count
20553
02
Detection Signatures
| Signature | Description | Points | Severity |
|---|---|---|---|
| 404 ratio 40-60% | Majority of requests returned 404 — enumeration | +15 | |
| 404 ratio >= 60% | Majority of requests returned 404 — enumeration | +25 | |
| Burst 107/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 108/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 118/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 121/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 124/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 126/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 132/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 137/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 138/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 139/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 142/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 143/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 145/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 147/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 148/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 149/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 150/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 150/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 151/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 152/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 152/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 153/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 155/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 156/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 159/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 160/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 160/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 173/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 180/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 189/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 193/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 194/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 195/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 197/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 199/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 200/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 200/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 35/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 47/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 53/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 58/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 61/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 62/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 66/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 67/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 68/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 70/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 71/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 72/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 72/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 73/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 73/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 74/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 74/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 75/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 75/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 76/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 76/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 78/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 78/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 79/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 80/10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 80/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst 87/2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 10 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 101 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 103 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 106 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 107 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 109 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 11 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 111 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 12 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 12 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 122 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 125 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 126 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 128 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 128 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 13 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 13 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 14 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 141 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 143 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 144 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 145 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 146 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 147 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 148 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 149 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 15 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 15 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 150 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 151 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 16 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 18 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 20 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 20 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 200 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 21 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 22 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 25 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 25 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 28 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 28 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 29 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 39 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 41 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 42 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 43 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 47 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 5 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 53 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 54 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 55 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 55 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 56 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 57 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 58 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 59 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 6 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 62 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 63 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 67 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 67 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 69 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 7 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 70 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 71 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 72 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 72 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 73 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 73 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 74 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 74 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 75 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 78 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 8 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 80 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 82 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 91 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger medium hits: 1 | Medium-risk: admin panels, config files | +10 | |
| Danger medium hits: 2 | Medium-risk: admin panels, config files | +20 | |
| Danger medium hits: 24 | Medium-risk: admin panels, config files | +60 | |
| Danger medium hits: 34 | Medium-risk: admin panels, config files | +60 | |
| Danger medium hits: 4 | Medium-risk: admin panels, config files | +40 | |
| Danger medium hits: 52 | Medium-risk: admin panels, config files | +60 | |
| Danger medium hits: 53 | Medium-risk: admin panels, config files | +60 | |
| Danger medium hits: 55 | Medium-risk: admin panels, config files | +60 | |
| Danger medium hits: 57 | Medium-risk: admin panels, config files | +60 | |
| Danger medium hits: 6 | Medium-risk: admin panels, config files | +60 | |
| Danger medium hits: 8 | Medium-risk: admin panels, config files | +60 | |
| Danger medium hits: 85 | Medium-risk: admin panels, config files | +60 | |
| Danger strong hits: 1 | High-risk paths: shells, RCE vectors, exploits | +25 | |
| Danger strong hits: 10 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 105 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 106 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 11 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 12 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 13 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 134 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 14 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 18 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 2 | High-risk paths: shells, RCE vectors, exploits | +50 | |
| Danger strong hits: 20 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 21 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 3 | High-risk paths: shells, RCE vectors, exploits | +75 | |
| Danger strong hits: 31 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 32 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 36 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 4 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 40 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 44 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 45 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 46 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 47 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 48 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 5 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 50 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 57 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 58 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 59 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 6 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 66 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 67 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 8 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 9 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 92 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 93 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 94 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Foreign referer | Referer from unrelated external domain | +10 | |
| Foreign referer seen | Referer from unrelated external domain | +10 | |
| POST requests present | Behavioral anomaly detected by automated analysis | +8 | |
| UA bot: Go-http-client | Known bot/crawler User-Agent detected | +40 | |
| UA changed | Multiple User-Agents — bot rotation technique | +25 | |
| UA changed for same IP | Multiple User-Agents — bot rotation technique | +25 |
Σ = 9253
03
Observed Activity
Reconstructed HTTP requests from server access logs. Target domains redacted for security.
[redacted]
GET
/
200
[redacted]
GET
/page
200
Requests shown: 2 · HTTP 404: 0 · Dangerous patterns: 0
* Typical request patterns for detected signatures. Actual target domains are redacted.
04
Timeline
2026-03-30 09:00:06
First malicious request detected
IP entered monitoring from server access logs
During observation
Multiple detection signatures triggered
404 ratio 40-60% (+15), 404 ratio >= 60% (+25), Burst 107/2s (+35)
2026-05-30 06:17:39
Last malicious request observed
Total score reached: 320/100
Next cycle
IP blocked — all subsequent requests denied (HTTP 403)
Added to blocklist automatically
05
Network Provider
Ayosoft LTD
AS213737 · 🇳🇱 Netherlands
06
Recommendations
Actions taken & recommended
- IP 45.88.138.44 is blocked at application level (HTTP 403)
- Consider blocking at firewall level (iptables/CSF) to reduce server load
- Report abuse to the network provider via their abuse contact
- Ensure sensitive files (.env, .git, backups) are not accessible from the web
🔎 Directory Scan Defense
IP 45.88.138.44 is enumerating directories. Configure fail2ban apache-404 jail after 10+ 404 errors. Disable directory listings. Normalize all 404 responses.
🌊 Traffic Flood Defense
IP 45.88.138.44 is generating excessive traffic. Limit connections per source IP. Enable geographic blocking if traffic from this region is unexpected.
🤖 Bot Detection
Address UA spoofing from 45.88.138.44: maintain blocklist of known malicious UA strings, require consistent UA across sessions, implement TLS fingerprinting.
09
Blacklist Status (DNSBL)
This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.
✓ Clean
spam.dnsbl.sorbs.net
✓ Clean
zen.spamhaus.org
✓ Clean
bl.spamcop.net
Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.
10
Threat Analysis
45.88.138.44 has been assigned a threat score of 320/100 (Critical). With this rating, the IP falls into the critical severity bracket — among the most dangerous addresses in our monitoring database.
The following attack categories were identified:
Path EnumerationRequest FloodingUser-Agent Anomaly
📊 Threat Analysis
IP address 45.88.138.44 has been traced to Amsterdam, Netherlands, operating on the network of Ayosoft LTD. Our threat detection systems have flagged this address based on observed malicious behavior patterns. During its 60-day observation window, we recorded 20,553 hostile requests from this IP — roughly 342.6 per day on average. This is a residential IP address, suggesting a compromised home device such as a router, smart appliance, or infected workstation participating in a botnet. With 3 different attack patterns detected, this IP exhibits behavior characteristic of advanced automated scanning frameworks. With 106 flagged addresses, Netherlands represents a significant presence in our threat database. With a threat score of 320/100, this IP is among the most dangerous addresses in our database. Immediate and complete blocking is strongly recommended.
This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.
11
Related Threats
🇳🇱 Top threats from Netherlands
185.184.192.251 (338)45.82.64.236 (315)5.181.169.192 (313)157.22.73.141 (313)155.212.109.187 (303)View all →🏢 Same network: AS213737
View all →12
Security Intelligence
💡 DDoS Mitigation Approaches
Distributed denial of service attacks overwhelm infrastructure with traffic volume. Effective mitigation combines always-on traffic scrubbing, anycast network distribution, rate limiting, and the ability to quickly scale absorption capacity during attacks.
💡 User-Agent Analysis Techniques
Analyzing User-Agent strings reveals automated tools masquerading as legitimate browsers. Inconsistencies between claimed browser capabilities and actual behavior, impossible version combinations, and known scanner signatures help identify malicious clients.
🔍 Check Any IP Address
Share this report: