ОТЧЁТ ОБ УГРОЗЕ
Отчёт по IP-адресу
101.201.50.253
ABUSE.MOM — ВЕДИ СЕБЯ ПРИЛИЧНО ИЛИ БУДЕШЬ РАЗОБЛАЧЁН
01
Геолокация и классификация
IP-адрес
101.201.50.253
Тип
Residential
Страна
🇨🇳 China
Город
Beijing
Провайдер
Hangzhou Alibaba Advertising Co
Организация
Aliyun Computing Co., LTD
Автономная система
AS37963 Hangzhou Alibaba Advertising Co.,Ltd.
Кол-во запросов
1
02
Сработавшие сигнатуры
| Сигнатура | Описание | Баллы | Опасность |
|---|---|---|---|
| Danger strong hits: 2 | Запросы к опасным путям: шеллы, RCE, эксплойты | +50 | |
| 404 ratio 40-60% | Большинство запросов вернули 404 — перебор файлов | +15 | |
| Probe pattern 302->404 same path | Поведенческая аномалия обнаружена автоматически | +20 |
Σ = 85
03
Зафиксированная активность
Реконструированные HTTP-запросы из серверных логов. Целевые домены скрыты в целях безопасности.
[redacted]
GET
/
200
Показано запросов: 1 · HTTP 404: 0 · Опасных паттернов: 0
* Typical request patterns for detected signatures. Actual target domains are redacted.
04
Хронология
2026-04-25 21:00:04
Обнаружен первый вредоносный запрос
IP поставлен на мониторинг по данным логов
В ходе наблюдения
Сработало несколько сигнатур обнаружения
Danger strong hits: 2 (+50), 404 ratio 40-60% (+15), Probe pattern 302->404 same path (+20)
2026-04-25 21:00:04
Зафиксирован последний вредоносный запрос
Итоговый балл: 85/100
Следующий цикл
IP заблокирован — все последующие запросы отклоняются (HTTP 403)
Добавлен в чёрный список автоматически
05
Сетевой провайдер
Hangzhou Alibaba Advertising Co
AS37963 · 🇨🇳 China
06
Рекомендации
Предпринятые и рекомендуемые меры
- IP 101.201.50.253 заблокирован на уровне приложения (HTTP 403)
- Рекомендуется блокировка на уровне файрвола (iptables/CSF)
- Направьте жалобу провайдеру через abuse-контакт
- Убедитесь, что файлы (.env, .git, бэкапы) недоступны из веба
🔎 Защита от сканирования каталогов
IP 101.201.50.253 перебирает директории. Настройте fail2ban джейл apache-404 после 10+ ошибок 404. Отключите листинг директорий. Унифицируйте все ответы 404.
08
Открытые порты и сервисы
Данные сетевой разведки Shodan. Открытые порты могут указывать на работающие сервисы, неправильную конфигурацию или поверхность атаки.
ОТКРЫТЫЕ ПОРТЫ (261)
| Port | Service | Risk | Description |
|---|---|---|---|
| 11 | Unknown | Low | Service on port 11 |
| 13 | Unknown | Low | Service on port 13 |
| 15 | Unknown | Low | Service on port 15 |
| 23 | Telnet | Critical | Telnet — unencrypted remote access, extremely dangerous if exposed |
| 43 | Unknown | Low | Service on port 43 |
| 70 | Unknown | Low | Service on port 70 |
| 86 | Unknown | Low | Service on port 86 |
| 91 | Unknown | Low | Service on port 91 |
| 102 | Unknown | Low | Service on port 102 |
| 195 | Unknown | Low | Service on port 195 |
| 389 | Unknown | Low | Service on port 389 |
| 450 | Unknown | Low | Service on port 450 |
| 513 | Unknown | Low | Service on port 513 |
| 771 | Unknown | Low | Service on port 771 |
| 830 | Unknown | Low | Service on port 830 |
| 843 | Unknown | Low | Service on port 843 |
| 873 | Unknown | Low | Service on port 873 |
| 943 | Unknown | Low | Service on port 943 |
| 993 | IMAPS | Low | Service on port 993 |
| 1002 | Unknown | Low | Service on port 1002 |
| 1023 | Unknown | Low | Service on port 1023 |
| 1080 | Unknown | Low | Service on port 1080 |
| 1153 | Unknown | Low | Service on port 1153 |
| 1177 | Unknown | Low | Service on port 1177 |
| 1200 | Unknown | Low | Service on port 1200 |
| 1283 | Unknown | Low | Service on port 1283 |
| 1292 | Unknown | Low | Service on port 1292 |
| 1494 | Unknown | Low | Service on port 1494 |
| 1554 | Unknown | Low | Service on port 1554 |
| 1604 | Unknown | Low | Service on port 1604 |
| 1800 | Unknown | Low | Service on port 1800 |
| 1883 | Unknown | Low | Service on port 1883 |
| 1962 | Unknown | Low | Service on port 1962 |
| 2000 | Unknown | Low | Service on port 2000 |
| 2008 | Unknown | Low | Service on port 2008 |
| 2069 | Unknown | Low | Service on port 2069 |
| 2083 | Unknown | Low | Service on port 2083 |
| 2154 | Unknown | Low | Service on port 2154 |
| 2222 | Unknown | Low | Service on port 2222 |
| 2332 | Unknown | Low | Service on port 2332 |
| 2362 | Unknown | Low | Service on port 2362 |
| 2404 | Unknown | Low | Service on port 2404 |
| 2455 | Unknown | Low | Service on port 2455 |
| 2553 | Unknown | Low | Service on port 2553 |
| 2599 | Unknown | Low | Service on port 2599 |
| 2761 | Unknown | Low | Service on port 2761 |
| 3001 | Unknown | Low | Service on port 3001 |
| 3124 | Unknown | Low | Service on port 3124 |
| 3148 | Unknown | Low | Service on port 3148 |
| 3153 | Unknown | Low | Service on port 3153 |
| 3164 | Unknown | Low | Service on port 3164 |
| 3169 | Unknown | Low | Service on port 3169 |
| 3191 | Unknown | Low | Service on port 3191 |
| 3193 | Unknown | Low | Service on port 3193 |
| 3260 | Unknown | Low | Service on port 3260 |
| 3268 | Unknown | Low | Service on port 3268 |
| 3301 | Unknown | Low | Service on port 3301 |
| 3388 | Unknown | Low | Service on port 3388 |
| 3389 | RDP | High | Remote Desktop Protocol — primary target for ransomware attacks |
| 3790 | Unknown | Low | Service on port 3790 |
| 4022 | Unknown | Low | Service on port 4022 |
| 4063 | Unknown | Low | Service on port 4063 |
| 4064 | Unknown | Low | Service on port 4064 |
| 4157 | Unknown | Low | Service on port 4157 |
| 4200 | Unknown | Low | Service on port 4200 |
| 4242 | Unknown | Low | Service on port 4242 |
| 4282 | Unknown | Low | Service on port 4282 |
| 4369 | Unknown | Low | Service on port 4369 |
| 4433 | Unknown | Low | Service on port 4433 |
| 4434 | Unknown | Low | Service on port 4434 |
| 4443 | Unknown | Low | Service on port 4443 |
| 4445 | Unknown | Low | Service on port 4445 |
| 4500 | Unknown | Low | Service on port 4500 |
| 4531 | Unknown | Low | Service on port 4531 |
| 4664 | Unknown | Low | Service on port 4664 |
| 4700 | Unknown | Low | Service on port 4700 |
| 4786 | Unknown | Low | Service on port 4786 |
| 4911 | Unknown | Low | Service on port 4911 |
| 5004 | Unknown | Low | Service on port 5004 |
| 5007 | Unknown | Low | Service on port 5007 |
| 5022 | Unknown | Low | Service on port 5022 |
| 5224 | Unknown | Low | Service on port 5224 |
| 5234 | Unknown | Low | Service on port 5234 |
| 5257 | Unknown | Low | Service on port 5257 |
| 5269 | Unknown | Low | Service on port 5269 |
| 5274 | Unknown | Low | Service on port 5274 |
| 5276 | Unknown | Low | Service on port 5276 |
| 5435 | Unknown | Low | Service on port 5435 |
| 5672 | Unknown | Low | Service on port 5672 |
| 5917 | Unknown | Low | Service on port 5917 |
| 5984 | Unknown | Low | Service on port 5984 |
| 6001 | Unknown | Low | Service on port 6001 |
| 6297 | Unknown | Low | Service on port 6297 |
| 6331 | Unknown | Low | Service on port 6331 |
| 6379 | Redis | Critical | Redis in-memory database — frequently misconfigured without auth |
| 6633 | Unknown | Low | Service on port 6633 |
| 6653 | Unknown | Low | Service on port 6653 |
| 6666 | Unknown | Low | Service on port 6666 |
| 6667 | Unknown | Low | Service on port 6667 |
| 6668 | Unknown | Low | Service on port 6668 |
| 6779 | Unknown | Low | Service on port 6779 |
| 7003 | Unknown | Low | Service on port 7003 |
| 7020 | Unknown | Low | Service on port 7020 |
| 7071 | Unknown | Low | Service on port 7071 |
| 7078 | Unknown | Low | Service on port 7078 |
| 7173 | Unknown | Low | Service on port 7173 |
| 7218 | Unknown | Low | Service on port 7218 |
| 7634 | Unknown | Low | Service on port 7634 |
| 7676 | Unknown | Low | Service on port 7676 |
| 8005 | Unknown | Low | Service on port 8005 |
| 8009 | Unknown | Low | Service on port 8009 |
| 8039 | Unknown | Low | Service on port 8039 |
| 8089 | Unknown | Low | Service on port 8089 |
| 8108 | Unknown | Low | Service on port 8108 |
| 8124 | Unknown | Low | Service on port 8124 |
| 8126 | Unknown | Low | Service on port 8126 |
| 8131 | Unknown | Low | Service on port 8131 |
| 8143 | Unknown | Low | Service on port 8143 |
| 8195 | Unknown | Low | Service on port 8195 |
| 8291 | MikroTik | High | MikroTik Winbox — router management, targeted by VPNFilter malware |
| 8403 | Unknown | Low | Service on port 8403 |
| 8436 | Unknown | Low | Service on port 8436 |
| 8448 | Unknown | Low | Service on port 8448 |
| 8463 | Unknown | Low | Service on port 8463 |
| 8472 | Unknown | Low | Service on port 8472 |
| 8481 | Unknown | Low | Service on port 8481 |
| 8500 | Unknown | Low | Service on port 8500 |
| 8503 | Unknown | Low | Service on port 8503 |
| 8554 | Unknown | Low | Service on port 8554 |
| 8579 | Unknown | Low | Service on port 8579 |
| 8580 | Unknown | Low | Service on port 8580 |
| 8584 | Unknown | Low | Service on port 8584 |
| 8589 | Unknown | Low | Service on port 8589 |
| 8602 | Unknown | Low | Service on port 8602 |
| 8649 | Unknown | Low | Service on port 8649 |
| 8728 | Unknown | Low | Service on port 8728 |
| 8834 | Unknown | Low | Service on port 8834 |
| 8845 | Unknown | Low | Service on port 8845 |
| 9001 | Unknown | Low | Service on port 9001 |
| 9042 | Unknown | Low | Service on port 9042 |
| 9053 | Unknown | Low | Service on port 9053 |
| 9095 | Unknown | Low | Service on port 9095 |
| 9131 | Unknown | Low | Service on port 9131 |
| 9132 | Unknown | Low | Service on port 9132 |
| 9216 | Unknown | Low | Service on port 9216 |
| 9223 | Unknown | Low | Service on port 9223 |
| 9236 | Unknown | Low | Service on port 9236 |
| 9307 | Unknown | Low | Service on port 9307 |
| 9398 | Unknown | Low | Service on port 9398 |
| 9530 | Unknown | Low | Service on port 9530 |
| 9600 | Unknown | Low | Service on port 9600 |
| 9690 | Unknown | Low | Service on port 9690 |
| 9758 | Unknown | Low | Service on port 9758 |
| 9876 | Unknown | Low | Service on port 9876 |
| 9943 | Unknown | Low | Service on port 9943 |
| 9950 | Unknown | Low | Service on port 9950 |
| 9966 | Unknown | Low | Service on port 9966 |
| 9998 | Unknown | Low | Service on port 9998 |
| 10000 | Unknown | Low | Service on port 10000 |
| 10090 | Unknown | Low | Service on port 10090 |
| 10909 | Unknown | Low | Service on port 10909 |
| 11000 | Unknown | Low | Service on port 11000 |
| 11007 | Unknown | Low | Service on port 11007 |
| 11027 | Unknown | Low | Service on port 11027 |
| 11211 | Unknown | Low | Service on port 11211 |
| 11288 | Unknown | Low | Service on port 11288 |
| 11300 | Unknown | Low | Service on port 11300 |
| 11602 | Unknown | Low | Service on port 11602 |
| 12000 | Unknown | Low | Service on port 12000 |
| 12001 | Unknown | Low | Service on port 12001 |
| 12019 | Unknown | Low | Service on port 12019 |
| 12144 | Unknown | Low | Service on port 12144 |
| 12153 | Unknown | Low | Service on port 12153 |
| 12164 | Unknown | Low | Service on port 12164 |
| 12238 | Unknown | Low | Service on port 12238 |
| 12253 | Unknown | Low | Service on port 12253 |
| 12259 | Unknown | Low | Service on port 12259 |
| 12270 | Unknown | Low | Service on port 12270 |
| 12271 | Unknown | Low | Service on port 12271 |
| 12301 | Unknown | Low | Service on port 12301 |
| 12311 | Unknown | Low | Service on port 12311 |
| 12326 | Unknown | Low | Service on port 12326 |
| 12343 | Unknown | Low | Service on port 12343 |
| 12345 | Unknown | Low | Service on port 12345 |
| 12355 | Unknown | Low | Service on port 12355 |
| 12358 | Unknown | Low | Service on port 12358 |
| 12362 | Unknown | Low | Service on port 12362 |
| 12366 | Unknown | Low | Service on port 12366 |
| 12374 | Unknown | Low | Service on port 12374 |
| 12412 | Unknown | Low | Service on port 12412 |
| 12418 | Unknown | Low | Service on port 12418 |
| 12437 | Unknown | Low | Service on port 12437 |
| 12492 | Unknown | Low | Service on port 12492 |
| 12504 | Unknown | Low | Service on port 12504 |
| 12506 | Unknown | Low | Service on port 12506 |
| 12553 | Unknown | Low | Service on port 12553 |
| 13380 | Unknown | Low | Service on port 13380 |
| 13443 | Unknown | Low | Service on port 13443 |
| 14026 | Unknown | Low | Service on port 14026 |
| 14344 | Unknown | Low | Service on port 14344 |
| 14875 | Unknown | Low | Service on port 14875 |
| 16027 | Unknown | Low | Service on port 16027 |
| 16028 | Unknown | Low | Service on port 16028 |
| 16041 | Unknown | Low | Service on port 16041 |
| 16076 | Unknown | Low | Service on port 16076 |
| 16080 | Unknown | Low | Service on port 16080 |
| 16311 | Unknown | Low | Service on port 16311 |
| 16316 | Unknown | Low | Service on port 16316 |
| 16443 | Unknown | Low | Service on port 16443 |
| 18005 | Unknown | Low | Service on port 18005 |
| 18011 | Unknown | Low | Service on port 18011 |
| 18030 | Unknown | Low | Service on port 18030 |
| 18061 | Unknown | Low | Service on port 18061 |
| 18076 | Unknown | Low | Service on port 18076 |
| 18077 | Unknown | Low | Service on port 18077 |
| 18089 | Unknown | Low | Service on port 18089 |
| 20060 | Unknown | Low | Service on port 20060 |
| 20185 | Unknown | Low | Service on port 20185 |
| 20547 | Unknown | Low | Service on port 20547 |
| 20800 | Unknown | Low | Service on port 20800 |
| 20894 | Unknown | Low | Service on port 20894 |
| 21200 | Unknown | Low | Service on port 21200 |
| 21257 | Unknown | Low | Service on port 21257 |
| 21259 | Unknown | Low | Service on port 21259 |
| 21307 | Unknown | Low | Service on port 21307 |
| 21326 | Unknown | Low | Service on port 21326 |
| 21329 | Unknown | Low | Service on port 21329 |
| 21379 | Unknown | Low | Service on port 21379 |
| 23023 | Unknown | Low | Service on port 23023 |
| 23889 | Unknown | Low | Service on port 23889 |
| 24443 | Unknown | Low | Service on port 24443 |
| 24649 | Unknown | Low | Service on port 24649 |
| 25001 | Unknown | Low | Service on port 25001 |
| 25565 | Unknown | Low | Service on port 25565 |
| 25831 | Unknown | Low | Service on port 25831 |
| 27015 | Unknown | Low | Service on port 27015 |
| 28621 | Unknown | Low | Service on port 28621 |
| 29799 | Unknown | Low | Service on port 29799 |
| 29810 | Unknown | Low | Service on port 29810 |
| 32800 | Unknown | Low | Service on port 32800 |
| 35004 | Unknown | Low | Service on port 35004 |
| 44303 | Unknown | Low | Service on port 44303 |
| 44332 | Unknown | Low | Service on port 44332 |
| 45668 | Unknown | Low | Service on port 45668 |
| 47080 | Unknown | Low | Service on port 47080 |
| 47366 | Unknown | Low | Service on port 47366 |
| 48012 | Unknown | Low | Service on port 48012 |
| 49121 | Unknown | Low | Service on port 49121 |
| 49551 | Unknown | Low | Service on port 49551 |
| 51002 | Unknown | Low | Service on port 51002 |
| 53490 | Unknown | Low | Service on port 53490 |
| 54138 | Unknown | Low | Service on port 54138 |
| 55000 | Unknown | Low | Service on port 55000 |
| 55481 | Unknown | Low | Service on port 55481 |
| 55553 | Unknown | Low | Service on port 55553 |
| 61616 | Unknown | Low | Service on port 61616 |
| 62858 | Unknown | Low | Service on port 62858 |
| 63127 | Unknown | Low | Service on port 63127 |
| 63205 | Unknown | Low | Service on port 63205 |
| 63210 | Unknown | Low | Service on port 63210 |
| 63256 | Unknown | Low | Service on port 63256 |
⚠️ Обнаружено 4 портов высокого риска на 101.201.50.253. Открытый RDP (3389) — основная точка входа для атак программ-вымогателей. Открытые порты баз данных указывают на возможный риск утечки данных. Telnet (23) передаёт учётные данные открытым текстом — вероятно скомпрометированное IoT-устройство. Эти сервисы не должны быть публично доступны без строгих правил файрвола.
ИЗВЕСТНЫЕ УЯЗВИМОСТИ (CVE) (42)
+17 ещё
| CVE ID | Link |
|---|---|
| CVE-2016-10011 | NVD → |
| CVE-2023-38408 | NVD → |
| CVE-2015-5352 | NVD → |
| CVE-2011-5000 | NVD → |
| CVE-2007-2768 | NVD → |
| CVE-2021-36368 | NVD → |
| CVE-2016-1908 | NVD → |
| CVE-2018-15473 | NVD → |
| CVE-2016-3115 | NVD → |
| CVE-2017-15906 | NVD → |
| CVE-2023-51767 | NVD → |
| CVE-2014-1692 | NVD → |
| CVE-2020-14145 | NVD → |
| CVE-2019-6109 | NVD → |
| CVE-2016-20012 | NVD → |
| CVE-2016-10010 | NVD → |
| CVE-2010-5107 | NVD → |
| CVE-2023-51385 | NVD → |
| CVE-2016-10012 | NVD → |
| CVE-2015-6564 | NVD → |
| CVE-2016-10009 | NVD → |
| CVE-2025-26465 | NVD → |
| CVE-2014-2532 | NVD → |
| CVE-2026-35414 | NVD → |
| CVE-2014-2653 | NVD → |
🔴 Сканирование безопасности выявило 42 записей уязвимостей на этом хосте. Такой объём указывает на крайне устаревшее ПО. Сверьтесь с рекомендациями NVD.
ОБНАРУЖЕННЫЕ ТЕХНОЛОГИИ
apache:subversionopenbsd:openssh:7.4opennetworking:openflow:1.0openbsd:openssh:7.2p2openbsd:openssh:8.2p1openbsd:openssh:7.6p1microsoft:internet_information_servicescanonical:ubuntu_linuxopenbsd:openssh:6.6.1microsoft:windowsopenbsd:openssh:7.5openbsd:openssh:5.3openbsd:openssh:X.X
Источник: Shodan InternetDB. Сканирование независимо от abuse.mom.
09
Статус в чёрных списках (DNSBL)
Этот IP проверен по основным DNS-чёрным спискам, используемым почтовыми серверами и файрволами по всему миру.
✓ Чист
ix.dnsbl.manitu.net
✓ Чист
dnsbl.sorbs.net
✓ Чист
dnsbl-1.uceprotect.net
✓ Чист
bl.spamcop.net
✓ Чист
zen.spamhaus.org
✓ Чист
b.barracudacentral.org
✓ Чист
truncate.gbudb.net
✓ Чист
psbl.surriel.com
Проверено: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Результаты могут меняться.
10
Анализ угрозы
101.201.50.253 получил оценку угрозы 85/100 (Критический). С такой оценкой IP попадает в критическую зону — в число наиболее опасных адресов в нашей базе мониторинга.
Обнаружены следующие категории атак:
Перебор путей
📊 Threat Analysis
Анализ разведки угроз связал 101.201.50.253 с вредоносной активностью из Beijing, China, работающий в сети Hangzhou Alibaba Advertising Co. Адрес находится под наблюдением с момента первого обнаружения. За период в 1 дней этот IP сгенерировал 1 вредоносных запросов, в среднем ~1 запросов в день. Этот жилой IP — вероятно, скомпрометированное пользовательское устройство. Домашние роутеры и IoT-оборудование с паролями по умолчанию — главные цели операторов ботнетов. Обнаружено активное сканирование путей — этот IP зондирует сотни распространённых имён файлов и директорий. С 123 отмеченными адресами China представляет значительным присутствие в нашей базе угроз. Оценка 85/100 указывает на подтверждённого вредоносного агента. Блокировка на сетевом уровне уместна.
Этот IP классифицирован как жилой (residential), что может означать скомпрометированное домашнее устройство, участник IoT-ботнета или заражённый ПК. Владелец обычно не знает о вредоносной активности.
11
Связанные угрозы
12
Аналитика безопасности
💡 Command Injection Techniques
Command injection occurs when attackers insert operating system commands through application inputs. Successful exploitation grants direct server access, enabling data theft, malware installation, and lateral movement across networks.
💡 Behavioral Analysis vs Signature Detection
Signature-based detection matches known attack patterns but misses novel threats. Behavioral analysis identifies anomalies in request patterns, timing, and volume, catching zero-day attacks that signatures cannot recognize.
🔍 Проверить любой IP-адрес
Поделиться отчётом: