Painel›🇨🇳 China›101.201.50.253

RELATÓRIO DE AMEAÇA

Relatório de ameaça IP
101.201.50.253

ABUSE.MOM — COMPORTE-SE OU SERÁ EXPOSTO

Gerado: 2026-05-30 10:03:57

Primeira vez visto: 2026-04-25 21:00:04

Última vez visto: 2026-04-25 21:00:04

Geolocalização e classificação

Endereço IP

101.201.50.253

Tipo

Residential

País

🇨🇳 China

Cidade

Beijing

ISP

Hangzhou Alibaba Advertising Co

Organização

Aliyun Computing Co., LTD

Sistema autônomo

AS37963 Hangzhou Alibaba Advertising Co.,Ltd.

Nº de solicitações

Assinaturas de detecção

Assinatura	Descrição	Pontos
Danger strong hits: 2	Caminhos de alto risco: shells, RCE, exploits	+50
404 ratio 40-60%	Maioria das solicitações retornou 404 — enumeração	+15
Probe pattern 302->404 same path	Anomalia comportamental detectada automaticamente	+20

Σ = 85

Atividade observada

Solicitações HTTP reconstruídas dos logs do servidor. Domínios alvo ocultados por segurança.

[redacted]

GET

200

Solicitações exibidas: 1 · HTTP 404: 0 · Padrões perigosos: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

Cronologia

2026-04-25 21:00:04

Primeira solicitação maliciosa detectada

IP entrou em monitoramento a partir dos logs

Durante observação

Múltiplas assinaturas de detecção ativadas

Danger strong hits: 2 (+50), 404 ratio 40-60% (+15), Probe pattern 302->404 same path (+20)

2026-04-25 21:00:04

Última solicitação maliciosa observada

Pontuação total atingida: 85/100

Próximo ciclo

IP bloqueado — todas as solicitações subsequentes negadas (HTTP 403)

Adicionado à lista de bloqueio automaticamente

Provedor de rede

Hangzhou Alibaba Advertising Co

AS37963 · 🇨🇳 China

Recomendações

Ações tomadas e recomendadas

IP 101.201.50.253 está bloqueado no nível da aplicação (HTTP 403)
Considere bloquear no nível do firewall (iptables/CSF)
Reporte o abuso ao provedor de rede através do contato de abuso
Garanta que arquivos sensíveis (.env, .git) não sejam acessíveis pela web

🔎 Defesa contra varredura de diretórios

IP 101.201.50.253 está enumerando diretórios. Configure fail2ban com jail apache-404 após 10+ erros 404.

Portas abertas e serviços

Dados de reconhecimento de rede do Shodan. Portas abertas podem indicar serviços em execução, configurações incorretas ou superfícies de ataque.

PORTAS ABERTAS (261)

Port	Service	Risk	Description
11	Unknown	Low	Service on port 11
13	Unknown	Low	Service on port 13
15	Unknown	Low	Service on port 15
23	Telnet	Critical	Telnet — unencrypted remote access, extremely dangerous if exposed
43	Unknown	Low	Service on port 43
70	Unknown	Low	Service on port 70
86	Unknown	Low	Service on port 86
91	Unknown	Low	Service on port 91
102	Unknown	Low	Service on port 102
195	Unknown	Low	Service on port 195
389	Unknown	Low	Service on port 389
450	Unknown	Low	Service on port 450
513	Unknown	Low	Service on port 513
771	Unknown	Low	Service on port 771
830	Unknown	Low	Service on port 830
843	Unknown	Low	Service on port 843
873	Unknown	Low	Service on port 873
943	Unknown	Low	Service on port 943
993	IMAPS	Low	Service on port 993
1002	Unknown	Low	Service on port 1002
1023	Unknown	Low	Service on port 1023
1080	Unknown	Low	Service on port 1080
1153	Unknown	Low	Service on port 1153
1177	Unknown	Low	Service on port 1177
1200	Unknown	Low	Service on port 1200
1283	Unknown	Low	Service on port 1283
1292	Unknown	Low	Service on port 1292
1494	Unknown	Low	Service on port 1494
1554	Unknown	Low	Service on port 1554
1604	Unknown	Low	Service on port 1604
1800	Unknown	Low	Service on port 1800
1883	Unknown	Low	Service on port 1883
1962	Unknown	Low	Service on port 1962
2000	Unknown	Low	Service on port 2000
2008	Unknown	Low	Service on port 2008
2069	Unknown	Low	Service on port 2069
2083	Unknown	Low	Service on port 2083
2154	Unknown	Low	Service on port 2154
2222	Unknown	Low	Service on port 2222
2332	Unknown	Low	Service on port 2332
2362	Unknown	Low	Service on port 2362
2404	Unknown	Low	Service on port 2404
2455	Unknown	Low	Service on port 2455
2553	Unknown	Low	Service on port 2553
2599	Unknown	Low	Service on port 2599
2761	Unknown	Low	Service on port 2761
3001	Unknown	Low	Service on port 3001
3124	Unknown	Low	Service on port 3124
3148	Unknown	Low	Service on port 3148
3153	Unknown	Low	Service on port 3153
3164	Unknown	Low	Service on port 3164
3169	Unknown	Low	Service on port 3169
3191	Unknown	Low	Service on port 3191
3193	Unknown	Low	Service on port 3193
3260	Unknown	Low	Service on port 3260
3268	Unknown	Low	Service on port 3268
3301	Unknown	Low	Service on port 3301
3388	Unknown	Low	Service on port 3388
3389	RDP	High	Remote Desktop Protocol — primary target for ransomware attacks
3790	Unknown	Low	Service on port 3790
4022	Unknown	Low	Service on port 4022
4063	Unknown	Low	Service on port 4063
4064	Unknown	Low	Service on port 4064
4157	Unknown	Low	Service on port 4157
4200	Unknown	Low	Service on port 4200
4242	Unknown	Low	Service on port 4242
4282	Unknown	Low	Service on port 4282
4369	Unknown	Low	Service on port 4369
4433	Unknown	Low	Service on port 4433
4434	Unknown	Low	Service on port 4434
4443	Unknown	Low	Service on port 4443
4445	Unknown	Low	Service on port 4445
4500	Unknown	Low	Service on port 4500
4531	Unknown	Low	Service on port 4531
4664	Unknown	Low	Service on port 4664
4700	Unknown	Low	Service on port 4700
4786	Unknown	Low	Service on port 4786
4911	Unknown	Low	Service on port 4911
5004	Unknown	Low	Service on port 5004
5007	Unknown	Low	Service on port 5007
5022	Unknown	Low	Service on port 5022
5224	Unknown	Low	Service on port 5224
5234	Unknown	Low	Service on port 5234
5257	Unknown	Low	Service on port 5257
5269	Unknown	Low	Service on port 5269
5274	Unknown	Low	Service on port 5274
5276	Unknown	Low	Service on port 5276
5435	Unknown	Low	Service on port 5435
5672	Unknown	Low	Service on port 5672
5917	Unknown	Low	Service on port 5917
5984	Unknown	Low	Service on port 5984
6001	Unknown	Low	Service on port 6001
6297	Unknown	Low	Service on port 6297
6331	Unknown	Low	Service on port 6331
6379	Redis	Critical	Redis in-memory database — frequently misconfigured without auth
6633	Unknown	Low	Service on port 6633
6653	Unknown	Low	Service on port 6653
6666	Unknown	Low	Service on port 6666
6667	Unknown	Low	Service on port 6667
6668	Unknown	Low	Service on port 6668
6779	Unknown	Low	Service on port 6779
7003	Unknown	Low	Service on port 7003
7020	Unknown	Low	Service on port 7020
7071	Unknown	Low	Service on port 7071
7078	Unknown	Low	Service on port 7078
7173	Unknown	Low	Service on port 7173
7218	Unknown	Low	Service on port 7218
7634	Unknown	Low	Service on port 7634
7676	Unknown	Low	Service on port 7676
8005	Unknown	Low	Service on port 8005
8009	Unknown	Low	Service on port 8009
8039	Unknown	Low	Service on port 8039
8089	Unknown	Low	Service on port 8089
8108	Unknown	Low	Service on port 8108
8124	Unknown	Low	Service on port 8124
8126	Unknown	Low	Service on port 8126
8131	Unknown	Low	Service on port 8131
8143	Unknown	Low	Service on port 8143
8195	Unknown	Low	Service on port 8195
8291	MikroTik	High	MikroTik Winbox — router management, targeted by VPNFilter malware
8403	Unknown	Low	Service on port 8403
8436	Unknown	Low	Service on port 8436
8448	Unknown	Low	Service on port 8448
8463	Unknown	Low	Service on port 8463
8472	Unknown	Low	Service on port 8472
8481	Unknown	Low	Service on port 8481
8500	Unknown	Low	Service on port 8500
8503	Unknown	Low	Service on port 8503
8554	Unknown	Low	Service on port 8554
8579	Unknown	Low	Service on port 8579
8580	Unknown	Low	Service on port 8580
8584	Unknown	Low	Service on port 8584
8589	Unknown	Low	Service on port 8589
8602	Unknown	Low	Service on port 8602
8649	Unknown	Low	Service on port 8649
8728	Unknown	Low	Service on port 8728
8834	Unknown	Low	Service on port 8834
8845	Unknown	Low	Service on port 8845
9001	Unknown	Low	Service on port 9001
9042	Unknown	Low	Service on port 9042
9053	Unknown	Low	Service on port 9053
9095	Unknown	Low	Service on port 9095
9131	Unknown	Low	Service on port 9131
9132	Unknown	Low	Service on port 9132
9216	Unknown	Low	Service on port 9216
9223	Unknown	Low	Service on port 9223
9236	Unknown	Low	Service on port 9236
9307	Unknown	Low	Service on port 9307
9398	Unknown	Low	Service on port 9398
9530	Unknown	Low	Service on port 9530
9600	Unknown	Low	Service on port 9600
9690	Unknown	Low	Service on port 9690
9758	Unknown	Low	Service on port 9758
9876	Unknown	Low	Service on port 9876
9943	Unknown	Low	Service on port 9943
9950	Unknown	Low	Service on port 9950
9966	Unknown	Low	Service on port 9966
9998	Unknown	Low	Service on port 9998
10000	Unknown	Low	Service on port 10000
10090	Unknown	Low	Service on port 10090
10909	Unknown	Low	Service on port 10909
11000	Unknown	Low	Service on port 11000
11007	Unknown	Low	Service on port 11007
11027	Unknown	Low	Service on port 11027
11211	Unknown	Low	Service on port 11211
11288	Unknown	Low	Service on port 11288
11300	Unknown	Low	Service on port 11300
11602	Unknown	Low	Service on port 11602
12000	Unknown	Low	Service on port 12000
12001	Unknown	Low	Service on port 12001
12019	Unknown	Low	Service on port 12019
12144	Unknown	Low	Service on port 12144
12153	Unknown	Low	Service on port 12153
12164	Unknown	Low	Service on port 12164
12238	Unknown	Low	Service on port 12238
12253	Unknown	Low	Service on port 12253
12259	Unknown	Low	Service on port 12259
12270	Unknown	Low	Service on port 12270
12271	Unknown	Low	Service on port 12271
12301	Unknown	Low	Service on port 12301
12311	Unknown	Low	Service on port 12311
12326	Unknown	Low	Service on port 12326
12343	Unknown	Low	Service on port 12343
12345	Unknown	Low	Service on port 12345
12355	Unknown	Low	Service on port 12355
12358	Unknown	Low	Service on port 12358
12362	Unknown	Low	Service on port 12362
12366	Unknown	Low	Service on port 12366
12374	Unknown	Low	Service on port 12374
12412	Unknown	Low	Service on port 12412
12418	Unknown	Low	Service on port 12418
12437	Unknown	Low	Service on port 12437
12492	Unknown	Low	Service on port 12492
12504	Unknown	Low	Service on port 12504
12506	Unknown	Low	Service on port 12506
12553	Unknown	Low	Service on port 12553
13380	Unknown	Low	Service on port 13380
13443	Unknown	Low	Service on port 13443
14026	Unknown	Low	Service on port 14026
14344	Unknown	Low	Service on port 14344
14875	Unknown	Low	Service on port 14875
16027	Unknown	Low	Service on port 16027
16028	Unknown	Low	Service on port 16028
16041	Unknown	Low	Service on port 16041
16076	Unknown	Low	Service on port 16076
16080	Unknown	Low	Service on port 16080
16311	Unknown	Low	Service on port 16311
16316	Unknown	Low	Service on port 16316
16443	Unknown	Low	Service on port 16443
18005	Unknown	Low	Service on port 18005
18011	Unknown	Low	Service on port 18011
18030	Unknown	Low	Service on port 18030
18061	Unknown	Low	Service on port 18061
18076	Unknown	Low	Service on port 18076
18077	Unknown	Low	Service on port 18077
18089	Unknown	Low	Service on port 18089
20060	Unknown	Low	Service on port 20060
20185	Unknown	Low	Service on port 20185
20547	Unknown	Low	Service on port 20547
20800	Unknown	Low	Service on port 20800
20894	Unknown	Low	Service on port 20894
21200	Unknown	Low	Service on port 21200
21257	Unknown	Low	Service on port 21257
21259	Unknown	Low	Service on port 21259
21307	Unknown	Low	Service on port 21307
21326	Unknown	Low	Service on port 21326
21329	Unknown	Low	Service on port 21329
21379	Unknown	Low	Service on port 21379
23023	Unknown	Low	Service on port 23023
23889	Unknown	Low	Service on port 23889
24443	Unknown	Low	Service on port 24443
24649	Unknown	Low	Service on port 24649
25001	Unknown	Low	Service on port 25001
25565	Unknown	Low	Service on port 25565
25831	Unknown	Low	Service on port 25831
27015	Unknown	Low	Service on port 27015
28621	Unknown	Low	Service on port 28621
29799	Unknown	Low	Service on port 29799
29810	Unknown	Low	Service on port 29810
32800	Unknown	Low	Service on port 32800
35004	Unknown	Low	Service on port 35004
44303	Unknown	Low	Service on port 44303
44332	Unknown	Low	Service on port 44332
45668	Unknown	Low	Service on port 45668
47080	Unknown	Low	Service on port 47080
47366	Unknown	Low	Service on port 47366
48012	Unknown	Low	Service on port 48012
49121	Unknown	Low	Service on port 49121
49551	Unknown	Low	Service on port 49551
51002	Unknown	Low	Service on port 51002
53490	Unknown	Low	Service on port 53490
54138	Unknown	Low	Service on port 54138
55000	Unknown	Low	Service on port 55000
55481	Unknown	Low	Service on port 55481
55553	Unknown	Low	Service on port 55553
61616	Unknown	Low	Service on port 61616
62858	Unknown	Low	Service on port 62858
63127	Unknown	Low	Service on port 63127
63205	Unknown	Low	Service on port 63205
63210	Unknown	Low	Service on port 63210
63256	Unknown	Low	Service on port 63256

⚠️ Foram detectadas 4 portas de alto risco em 101.201.50.253. RDP exposto (3389) é o vetor #1 para ataques de ransomware. Portas de banco de dados abertas sugerem risco de exfiltração de dados. Telnet (23) transmite credenciais em texto plano — provavelmente um dispositivo IoT comprometido. Estes serviços não devem ser acessíveis publicamente sem regras rígidas de firewall.

VULNERABILIDADES CONHECIDAS (CVE) (42)

CVE ID	Link
CVE-2016-10011	NVD →
CVE-2023-38408	NVD →
CVE-2015-5352	NVD →
CVE-2011-5000	NVD →
CVE-2007-2768	NVD →
CVE-2021-36368	NVD →
CVE-2016-1908	NVD →
CVE-2018-15473	NVD →
CVE-2016-3115	NVD →
CVE-2017-15906	NVD →
CVE-2023-51767	NVD →
CVE-2014-1692	NVD →
CVE-2020-14145	NVD →
CVE-2019-6109	NVD →
CVE-2016-20012	NVD →
CVE-2016-10010	NVD →
CVE-2010-5107	NVD →
CVE-2023-51385	NVD →
CVE-2016-10012	NVD →
CVE-2015-6564	NVD →
CVE-2016-10009	NVD →
CVE-2025-26465	NVD →
CVE-2014-2532	NVD →
CVE-2026-35414	NVD →
CVE-2014-2653	NVD →

+17 mais

🔴 Este host possui 42 CVEs conhecidos associados aos seus serviços expostos. Este volume sugere software severamente desatualizado. Revise cada CVE no banco de dados NVD.

TECNOLOGIAS DETECTADAS

apache:subversionopenbsd:openssh:7.4opennetworking:openflow:1.0openbsd:openssh:7.2p2openbsd:openssh:8.2p1openbsd:openssh:7.6p1microsoft:internet_information_servicescanonical:ubuntu_linuxopenbsd:openssh:6.6.1microsoft:windowsopenbsd:openssh:7.5openbsd:openssh:5.3openbsd:openssh:X.X

Fonte: Shodan InternetDB. Escaneado independentemente do abuse.mom.

Status em listas negras (DNSBL)

Este IP foi verificado nas principais listas negras DNS usadas por servidores de e-mail e firewalls.

✓ Limpo

ix.dnsbl.manitu.net

✓ Limpo

dnsbl.sorbs.net

✓ Limpo

dnsbl-1.uceprotect.net

✓ Limpo

bl.spamcop.net

✓ Limpo

zen.spamhaus.org

✓ Limpo

b.barracudacentral.org

✓ Limpo

truncate.gbudb.net

✓ Limpo

psbl.surriel.com

Verificado: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect.

Threat Analysis

101.201.50.253 has been assigned a threat score of 85/100 (Critical). Com esta classificação, o IP se enquadra na faixa de severidade crítica — entre os endereços mais perigosos em nosso banco de dados de monitoramento.

The following attack categories were identified:

Path Enumeration

📊 Threat Analysis

A análise de inteligência de ameaças vinculou 101.201.50.253 a atividade maliciosa originada de Beijing, China, operando na rede de Hangzhou Alibaba Advertising Co. O endereço está sob observação desde sua detecção inicial. Ao longo de 1 dias, este IP gerou 1 requisições maliciosas, com média de aproximadamente 1 requisições por dia. O endereço é classificado como residencial. Atividade maliciosa de IPs residenciais tipicamente indica comprometimento de dispositivo ou participação em botnet. O IP exibe comportamento de enumeração de diretórios, solicitando sistematicamente caminhos inexistentes. Nossos registros mostram 123 IPs maliciosos originados de China, posicionando-o como um contribuinte significativa para atividade de ameaças global. Uma pontuação de 85/100 coloca este IP na categoria de alto risco. Bloqueio no nível de firewall é recomendado.

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

Related Threats

🇨🇳 Top threats from China

180.184.55.222 (340)117.50.120.215 (235)115.191.1.205 (235)123.58.16.244 (235)43.142.47.248 (230)View all →

🏢 Same network: AS37963

120.26.168.44 (230)139.196.99.108 (195)47.116.207.202 (190)121.43.99.231 (185)182.92.218.96 (170)View all →

Security Intelligence

💡 Command Injection Techniques

Command injection occurs when attackers insert operating system commands through application inputs. Successful exploitation grants direct server access, enabling data theft, malware installation, and lateral movement across networks.

💡 Behavioral Analysis vs Signature Detection

Signature-based detection matches known attack patterns but misses novel threats. Behavioral analysis identifies anomalies in request patterns, timing, and volume, catching zero-day attacks that signatures cannot recognize.

🔍 Check Any IP Address

Share this report:

Relatório de ameaça IP101.201.50.253

⛔ Veredito: BLOQUEIO

Geolocalização e classificação

Assinaturas de detecção

Atividade observada

Cronologia

Provedor de rede

Recomendações

Ações tomadas e recomendadas

🔎 Defesa contra varredura de diretórios

Portas abertas e serviços

Status em listas negras (DNSBL)

Threat Analysis

📊 Threat Analysis

Related Threats

🇨🇳 Top threats from China

🏢 Same network: AS37963

Security Intelligence

💡 Command Injection Techniques

💡 Behavioral Analysis vs Signature Detection

🔍 Check Any IP Address

Relatório de ameaça IP
101.201.50.253