THREAT REPORT
IP Threat Report
49.248.192.204
ABUSE.MOM — BEHAVE OR GET EXPOSED
01
Geolocation & Classification
IP Address
49.248.192.204
Type
Residential
Country
🇮🇳 India
City
Mumbai
ISP
Tata Teleservices (Maharashtra) Ltd
Organization
Tata Teleservices (Maharashtra) Ltd
Autonomous System
AS17762 Tata Teleservices Maharashtra Ltd
Hit Count
116
02
Detection Signatures
| Signature | Description | Points | Severity |
|---|---|---|---|
| UA suspicious (short/empty) | Behavioral anomaly detected by automated analysis | +15 | |
| UA changed for same IP | Multiple User-Agents — bot rotation technique | +25 | |
| Danger strong hits: 72 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 12 | Medium-risk: admin panels, config files | +60 | |
| 404 ratio 40-60% | Majority of requests returned 404 — enumeration | +15 | |
| Probe pattern 302->404 same path | Behavioral anomaly detected by automated analysis | +20 | |
| Burst: 104 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 104 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| POST requests present | Behavioral anomaly detected by automated analysis | +8 | |
| Danger strong hits: 144 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 24 | Medium-risk: admin panels, config files | +60 | |
| 404 ratio >= 60% | Majority of requests returned 404 — enumeration | +25 | |
| Danger strong hits: 142 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Foreign referer seen | Referer from unrelated external domain | +10 | |
| Danger strong hits: 108 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 18 | Medium-risk: admin panels, config files | +60 | |
| Imported from old blocklist | Behavioral anomaly detected by automated analysis | +0 | |
| Danger strong hits: 32 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 40 | Medium-risk: admin panels, config files | +60 | |
| Burst: 132 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 132 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 34 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 48 | Medium-risk: admin panels, config files | +60 | |
| Burst: 150 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 150 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger medium hits: 46 | Medium-risk: admin panels, config files | +60 | |
| Burst: 135 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 135 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 149 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 149 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger medium hits: 45 | Medium-risk: admin panels, config files | +60 | |
| Burst: 143 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 143 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 145 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 145 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 68 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 96 | Medium-risk: admin panels, config files | +60 | |
| Danger strong hits: 33 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 47 | Medium-risk: admin panels, config files | +60 | |
| Burst: 146 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 146 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 148 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 148 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 147 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 147 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 16 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 21 | Medium-risk: admin panels, config files | +60 | |
| Burst: 64 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 64 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 17 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 75 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 75 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger medium hits: 44 | Medium-risk: admin panels, config files | +60 | |
| Burst: 134 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 134 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 29 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 35 | Medium-risk: admin panels, config files | +60 | |
| Burst: 116 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 116 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 141 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 141 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 30 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 43 | Medium-risk: admin panels, config files | +60 | |
| Burst: 140 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 140 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 19 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 77 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 77 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 31 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 41 | Medium-risk: admin panels, config files | +60 | |
| Burst: 137 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 137 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 9 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 11 | Medium-risk: admin panels, config files | +60 | |
| Burst: 39 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 39 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 144 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 144 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 48 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 14 | Medium-risk: admin panels, config files | +60 | |
| Burst: 151 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 151 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 6 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 20 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 20 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 43 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 7 | Medium-risk: admin panels, config files | +60 | |
| Danger medium hits: 9 | Medium-risk: admin panels, config files | +60 | |
| Burst: 99 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 99 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 41 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 10 | Medium-risk: admin panels, config files | +60 | |
| Burst: 121 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 121 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 21 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 80 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 80 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 54 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 16 | Medium-risk: admin panels, config files | +60 | |
| Danger strong hits: 50 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 59 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 157 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 157 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 56 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 24 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 5 | Medium-risk: admin panels, config files | +50 | |
| Burst: 47 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 47 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 44 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 15 | Medium-risk: admin panels, config files | +60 | |
| Burst: 123 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 123 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 55 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 13 | Medium-risk: admin panels, config files | +60 | |
| Burst: 138 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 138 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 49 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 127 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 127 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 47 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 128 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 128 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 37 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 117 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 117 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 120 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 120 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 51 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 42 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 62 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 19 | Medium-risk: admin panels, config files | +60 | |
| Burst: 179 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 179 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 65 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 164 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 164 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 73 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 200 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 200 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 58 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 17 | Medium-risk: admin panels, config files | +60 | |
| Burst: 167 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 167 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 61 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 194 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 194 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 57 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger strong hits: 39 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 112 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 112 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 158 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 158 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 60 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Burst: 156 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 156 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger medium hits: 20 | Medium-risk: admin panels, config files | +60 | |
| Burst: 175 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 175 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 177 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 177 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 100 req / 2s | Abnormally fast request rate — automated scanning | +35 | |
| Burst: 100 req / 10s | Abnormally fast request rate — automated scanning | +35 | |
| Danger strong hits: 81 | High-risk paths: shells, RCE vectors, exploits | +100 | |
| Danger medium hits: 4 | Medium-risk: admin panels, config files | +40 |
Σ = 8888
03
Observed Activity
Reconstructed HTTP requests from server access logs. Target domains redacted for security.
[redacted]
GET
/
200
[redacted]
GET
/page
200
Requests shown: 2 · HTTP 404: 0 · Dangerous patterns: 0
* Typical request patterns for detected signatures. Actual target domains are redacted.
04
Timeline
2026-02-17 17:25:05
First malicious request detected
IP entered monitoring from server access logs
During observation
Multiple detection signatures triggered
UA suspicious (short/empty) (+15), UA changed for same IP (+25), Danger strong hits: 72 (+100)
2026-02-19 21:00:05
Last malicious request observed
Total score reached: 313/100
Next cycle
IP blocked — all subsequent requests denied (HTTP 403)
Added to blocklist automatically
05
Network Provider
Tata Teleservices (Maharashtra) Ltd
AS17762 · 🇮🇳 India
06
Recommendations
Actions taken & recommended
- IP 49.248.192.204 is blocked at application level (HTTP 403)
- Consider blocking at firewall level (iptables/CSF) to reduce server load
- Report abuse to the network provider via their abuse contact
- Ensure sensitive files (.env, .git, backups) are not accessible from the web
🤖 Bot Detection
Address UA spoofing from 49.248.192.204: maintain blocklist of known malicious UA strings, require consistent UA across sessions, implement TLS fingerprinting.
🔎 Directory Scan Defense
IP 49.248.192.204 is enumerating directories. Configure fail2ban apache-404 jail after 10+ 404 errors. Disable directory listings. Normalize all 404 responses.
🌊 Traffic Flood Defense
IP 49.248.192.204 is generating excessive traffic. Limit connections per source IP. Enable geographic blocking if traffic from this region is unexpected.
08
Open Ports & Services
Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.
OPEN PORTS (3)
| Port | Service | Risk | Description |
|---|---|---|---|
| 111 | Unknown | Low | Service on port 111 |
| 8080 | HTTP-Alt | Low | HTTP alternative port — often used for admin panels or proxies |
| 8822 | Unknown | Low | Service on port 8822 |
KNOWN VULNERABILITIES (CVE) (12)
| CVE ID | Link |
|---|---|
| CVE-2023-38408 | NVD → |
| CVE-2025-26465 | NVD → |
| CVE-2016-20012 | NVD → |
| CVE-2023-48795 | NVD → |
| CVE-2021-36368 | NVD → |
| CVE-2025-32728 | NVD → |
| CVE-2008-3844 | NVD → |
| CVE-2024-6387 | NVD → |
| CVE-2007-2768 | NVD → |
| CVE-2021-41617 | NVD → |
| CVE-2023-51385 | NVD → |
| CVE-2023-51767 | NVD → |
🔴 Security scanning identified 12 vulnerability entries on this host. This volume strongly suggests severely outdated software. Consult NVD advisories for details.
DETECTED TECHNOLOGIES
openbsd:openssh:8.7
Hostnames: stmum.tatatelebusiness.com
PTR: stmum.tatatelebusiness.com
Data source: Shodan InternetDB. Scanned independently of abuse.mom.
09
Blacklist Status (DNSBL)
This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.
⛔ LISTED
Spamhaus ZEN
Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.
10
Threat Analysis
49.248.192.204 has been assigned a threat score of 313/100 (Critical). With this rating, the IP falls into the critical severity bracket — among the most dangerous addresses in our monitoring database.
The following attack categories were identified:
User-Agent AnomalyPath EnumerationRequest Flooding
📊 Threat Analysis
Our monitoring infrastructure has identified 49.248.192.204, geolocated to Mumbai, India, operating on the network of Tata Teleservices (Maharashtra) Ltd, as a source of suspicious network activity. During its 2-day observation window, we recorded 116 hostile requests from this IP — roughly 58 per day on average. The address is classified as residential, meaning it likely belongs to an end-user ISP connection. Malicious activity from residential IPs typically indicates device compromise or botnet membership. With 3 different attack patterns detected, this IP exhibits behavior characteristic of advanced automated scanning frameworks. India currently accounts for 101 blocked IPs in our database, making it a significant source of malicious traffic. At 313/100, this is an extremely high-risk address. All traffic should be considered hostile.
This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.
11
Related Threats
🇮🇳 Top threats from India
62.72.43.237 (305)4.188.251.0 (280)103.78.247.150 (280)40.80.90.214 (280)52.172.248.2 (280)View all →🏢 Same network: AS17762
View all →12
Security Intelligence
💡 User-Agent Analysis Techniques
Analyzing User-Agent strings reveals automated tools masquerading as legitimate browsers. Inconsistencies between claimed browser capabilities and actual behavior, impossible version combinations, and known scanner signatures help identify malicious clients.
💡 DDoS Mitigation Approaches
Distributed denial of service attacks overwhelm infrastructure with traffic volume. Effective mitigation combines always-on traffic scrubbing, anycast network distribution, rate limiting, and the ability to quickly scale absorption capacity during attacks.
🔍 Check Any IP Address
Share this report: