威胁报告
IP威胁报告
101.201.50.253
ABUSE.MOM — 规矩点,否则你将被曝光
01
地理位置与分类
IP地址
101.201.50.253
类型
Residential
国家
🇨🇳 China
城市
Beijing
ISP
Hangzhou Alibaba Advertising Co
组织
Aliyun Computing Co., LTD
自治系统
AS37963 Hangzhou Alibaba Advertising Co.,Ltd.
请求次数
1
02
检测签名
| 签名 | 描述 | 分数 | 严重性 |
|---|---|---|---|
| Danger strong hits: 2 | 高风险路径:Webshell、RCE、漏洞利用 | +50 | |
| 404 ratio 40-60% | 大多数请求返回404——目录枚举 | +15 | |
| Probe pattern 302->404 same path | 自动分析检测到行为异常 | +20 |
Σ = 85
03
观察到的活动
从服务器访问日志重建的HTTP请求。出于安全考虑,目标域名已隐藏。
[redacted]
GET
/
200
显示请求: 1 · HTTP 404: 0 · 危险模式: 0
* Typical request patterns for detected signatures. Actual target domains are redacted.
04
时间线
2026-04-25 21:00:04
检测到首次恶意请求
IP已从服务器日志进入监控
观察期间
触发了多个检测签名
Danger strong hits: 2 (+50), 404 ratio 40-60% (+15), Probe pattern 302->404 same path (+20)
2026-04-25 21:00:04
观察到最后一次恶意请求
总分达到: 85/100
下一周期
IP已封锁——所有后续请求被拒绝(HTTP 403)
自动添加到封锁列表
05
网络供应商
Hangzhou Alibaba Advertising Co
AS37963 · 🇨🇳 China
06
建议
已采取和建议的措施
- IP 101.201.50.253 已在应用层封锁(HTTP 403)
- 建议在防火墙层(iptables/CSF)进行封锁
- 通过abuse联系方式向网络供应商举报
- 确保敏感文件(.env、.git、备份)无法从网络访问
🔎 目录扫描防御
IP 101.201.50.253正在枚举目录。在10次以上404错误后配置fail2ban apache-404 jail。禁用目录列表。
08
开放端口和服务
来自Shodan的网络侦察数据。开放端口可能表示正在运行的服务、错误配置或潜在的攻击面。
开放端口 (261)
| Port | Service | Risk | Description |
|---|---|---|---|
| 11 | Unknown | Low | Service on port 11 |
| 13 | Unknown | Low | Service on port 13 |
| 15 | Unknown | Low | Service on port 15 |
| 23 | Telnet | Critical | Telnet — unencrypted remote access, extremely dangerous if exposed |
| 43 | Unknown | Low | Service on port 43 |
| 70 | Unknown | Low | Service on port 70 |
| 86 | Unknown | Low | Service on port 86 |
| 91 | Unknown | Low | Service on port 91 |
| 102 | Unknown | Low | Service on port 102 |
| 195 | Unknown | Low | Service on port 195 |
| 389 | Unknown | Low | Service on port 389 |
| 450 | Unknown | Low | Service on port 450 |
| 513 | Unknown | Low | Service on port 513 |
| 771 | Unknown | Low | Service on port 771 |
| 830 | Unknown | Low | Service on port 830 |
| 843 | Unknown | Low | Service on port 843 |
| 873 | Unknown | Low | Service on port 873 |
| 943 | Unknown | Low | Service on port 943 |
| 993 | IMAPS | Low | Service on port 993 |
| 1002 | Unknown | Low | Service on port 1002 |
| 1023 | Unknown | Low | Service on port 1023 |
| 1080 | Unknown | Low | Service on port 1080 |
| 1153 | Unknown | Low | Service on port 1153 |
| 1177 | Unknown | Low | Service on port 1177 |
| 1200 | Unknown | Low | Service on port 1200 |
| 1283 | Unknown | Low | Service on port 1283 |
| 1292 | Unknown | Low | Service on port 1292 |
| 1494 | Unknown | Low | Service on port 1494 |
| 1554 | Unknown | Low | Service on port 1554 |
| 1604 | Unknown | Low | Service on port 1604 |
| 1800 | Unknown | Low | Service on port 1800 |
| 1883 | Unknown | Low | Service on port 1883 |
| 1962 | Unknown | Low | Service on port 1962 |
| 2000 | Unknown | Low | Service on port 2000 |
| 2008 | Unknown | Low | Service on port 2008 |
| 2069 | Unknown | Low | Service on port 2069 |
| 2083 | Unknown | Low | Service on port 2083 |
| 2154 | Unknown | Low | Service on port 2154 |
| 2222 | Unknown | Low | Service on port 2222 |
| 2332 | Unknown | Low | Service on port 2332 |
| 2362 | Unknown | Low | Service on port 2362 |
| 2404 | Unknown | Low | Service on port 2404 |
| 2455 | Unknown | Low | Service on port 2455 |
| 2553 | Unknown | Low | Service on port 2553 |
| 2599 | Unknown | Low | Service on port 2599 |
| 2761 | Unknown | Low | Service on port 2761 |
| 3001 | Unknown | Low | Service on port 3001 |
| 3124 | Unknown | Low | Service on port 3124 |
| 3148 | Unknown | Low | Service on port 3148 |
| 3153 | Unknown | Low | Service on port 3153 |
| 3164 | Unknown | Low | Service on port 3164 |
| 3169 | Unknown | Low | Service on port 3169 |
| 3191 | Unknown | Low | Service on port 3191 |
| 3193 | Unknown | Low | Service on port 3193 |
| 3260 | Unknown | Low | Service on port 3260 |
| 3268 | Unknown | Low | Service on port 3268 |
| 3301 | Unknown | Low | Service on port 3301 |
| 3388 | Unknown | Low | Service on port 3388 |
| 3389 | RDP | High | Remote Desktop Protocol — primary target for ransomware attacks |
| 3790 | Unknown | Low | Service on port 3790 |
| 4022 | Unknown | Low | Service on port 4022 |
| 4063 | Unknown | Low | Service on port 4063 |
| 4064 | Unknown | Low | Service on port 4064 |
| 4157 | Unknown | Low | Service on port 4157 |
| 4200 | Unknown | Low | Service on port 4200 |
| 4242 | Unknown | Low | Service on port 4242 |
| 4282 | Unknown | Low | Service on port 4282 |
| 4369 | Unknown | Low | Service on port 4369 |
| 4433 | Unknown | Low | Service on port 4433 |
| 4434 | Unknown | Low | Service on port 4434 |
| 4443 | Unknown | Low | Service on port 4443 |
| 4445 | Unknown | Low | Service on port 4445 |
| 4500 | Unknown | Low | Service on port 4500 |
| 4531 | Unknown | Low | Service on port 4531 |
| 4664 | Unknown | Low | Service on port 4664 |
| 4700 | Unknown | Low | Service on port 4700 |
| 4786 | Unknown | Low | Service on port 4786 |
| 4911 | Unknown | Low | Service on port 4911 |
| 5004 | Unknown | Low | Service on port 5004 |
| 5007 | Unknown | Low | Service on port 5007 |
| 5022 | Unknown | Low | Service on port 5022 |
| 5224 | Unknown | Low | Service on port 5224 |
| 5234 | Unknown | Low | Service on port 5234 |
| 5257 | Unknown | Low | Service on port 5257 |
| 5269 | Unknown | Low | Service on port 5269 |
| 5274 | Unknown | Low | Service on port 5274 |
| 5276 | Unknown | Low | Service on port 5276 |
| 5435 | Unknown | Low | Service on port 5435 |
| 5672 | Unknown | Low | Service on port 5672 |
| 5917 | Unknown | Low | Service on port 5917 |
| 5984 | Unknown | Low | Service on port 5984 |
| 6001 | Unknown | Low | Service on port 6001 |
| 6297 | Unknown | Low | Service on port 6297 |
| 6331 | Unknown | Low | Service on port 6331 |
| 6379 | Redis | Critical | Redis in-memory database — frequently misconfigured without auth |
| 6633 | Unknown | Low | Service on port 6633 |
| 6653 | Unknown | Low | Service on port 6653 |
| 6666 | Unknown | Low | Service on port 6666 |
| 6667 | Unknown | Low | Service on port 6667 |
| 6668 | Unknown | Low | Service on port 6668 |
| 6779 | Unknown | Low | Service on port 6779 |
| 7003 | Unknown | Low | Service on port 7003 |
| 7020 | Unknown | Low | Service on port 7020 |
| 7071 | Unknown | Low | Service on port 7071 |
| 7078 | Unknown | Low | Service on port 7078 |
| 7173 | Unknown | Low | Service on port 7173 |
| 7218 | Unknown | Low | Service on port 7218 |
| 7634 | Unknown | Low | Service on port 7634 |
| 7676 | Unknown | Low | Service on port 7676 |
| 8005 | Unknown | Low | Service on port 8005 |
| 8009 | Unknown | Low | Service on port 8009 |
| 8039 | Unknown | Low | Service on port 8039 |
| 8089 | Unknown | Low | Service on port 8089 |
| 8108 | Unknown | Low | Service on port 8108 |
| 8124 | Unknown | Low | Service on port 8124 |
| 8126 | Unknown | Low | Service on port 8126 |
| 8131 | Unknown | Low | Service on port 8131 |
| 8143 | Unknown | Low | Service on port 8143 |
| 8195 | Unknown | Low | Service on port 8195 |
| 8291 | MikroTik | High | MikroTik Winbox — router management, targeted by VPNFilter malware |
| 8403 | Unknown | Low | Service on port 8403 |
| 8436 | Unknown | Low | Service on port 8436 |
| 8448 | Unknown | Low | Service on port 8448 |
| 8463 | Unknown | Low | Service on port 8463 |
| 8472 | Unknown | Low | Service on port 8472 |
| 8481 | Unknown | Low | Service on port 8481 |
| 8500 | Unknown | Low | Service on port 8500 |
| 8503 | Unknown | Low | Service on port 8503 |
| 8554 | Unknown | Low | Service on port 8554 |
| 8579 | Unknown | Low | Service on port 8579 |
| 8580 | Unknown | Low | Service on port 8580 |
| 8584 | Unknown | Low | Service on port 8584 |
| 8589 | Unknown | Low | Service on port 8589 |
| 8602 | Unknown | Low | Service on port 8602 |
| 8649 | Unknown | Low | Service on port 8649 |
| 8728 | Unknown | Low | Service on port 8728 |
| 8834 | Unknown | Low | Service on port 8834 |
| 8845 | Unknown | Low | Service on port 8845 |
| 9001 | Unknown | Low | Service on port 9001 |
| 9042 | Unknown | Low | Service on port 9042 |
| 9053 | Unknown | Low | Service on port 9053 |
| 9095 | Unknown | Low | Service on port 9095 |
| 9131 | Unknown | Low | Service on port 9131 |
| 9132 | Unknown | Low | Service on port 9132 |
| 9216 | Unknown | Low | Service on port 9216 |
| 9223 | Unknown | Low | Service on port 9223 |
| 9236 | Unknown | Low | Service on port 9236 |
| 9307 | Unknown | Low | Service on port 9307 |
| 9398 | Unknown | Low | Service on port 9398 |
| 9530 | Unknown | Low | Service on port 9530 |
| 9600 | Unknown | Low | Service on port 9600 |
| 9690 | Unknown | Low | Service on port 9690 |
| 9758 | Unknown | Low | Service on port 9758 |
| 9876 | Unknown | Low | Service on port 9876 |
| 9943 | Unknown | Low | Service on port 9943 |
| 9950 | Unknown | Low | Service on port 9950 |
| 9966 | Unknown | Low | Service on port 9966 |
| 9998 | Unknown | Low | Service on port 9998 |
| 10000 | Unknown | Low | Service on port 10000 |
| 10090 | Unknown | Low | Service on port 10090 |
| 10909 | Unknown | Low | Service on port 10909 |
| 11000 | Unknown | Low | Service on port 11000 |
| 11007 | Unknown | Low | Service on port 11007 |
| 11027 | Unknown | Low | Service on port 11027 |
| 11211 | Unknown | Low | Service on port 11211 |
| 11288 | Unknown | Low | Service on port 11288 |
| 11300 | Unknown | Low | Service on port 11300 |
| 11602 | Unknown | Low | Service on port 11602 |
| 12000 | Unknown | Low | Service on port 12000 |
| 12001 | Unknown | Low | Service on port 12001 |
| 12019 | Unknown | Low | Service on port 12019 |
| 12144 | Unknown | Low | Service on port 12144 |
| 12153 | Unknown | Low | Service on port 12153 |
| 12164 | Unknown | Low | Service on port 12164 |
| 12238 | Unknown | Low | Service on port 12238 |
| 12253 | Unknown | Low | Service on port 12253 |
| 12259 | Unknown | Low | Service on port 12259 |
| 12270 | Unknown | Low | Service on port 12270 |
| 12271 | Unknown | Low | Service on port 12271 |
| 12301 | Unknown | Low | Service on port 12301 |
| 12311 | Unknown | Low | Service on port 12311 |
| 12326 | Unknown | Low | Service on port 12326 |
| 12343 | Unknown | Low | Service on port 12343 |
| 12345 | Unknown | Low | Service on port 12345 |
| 12355 | Unknown | Low | Service on port 12355 |
| 12358 | Unknown | Low | Service on port 12358 |
| 12362 | Unknown | Low | Service on port 12362 |
| 12366 | Unknown | Low | Service on port 12366 |
| 12374 | Unknown | Low | Service on port 12374 |
| 12412 | Unknown | Low | Service on port 12412 |
| 12418 | Unknown | Low | Service on port 12418 |
| 12437 | Unknown | Low | Service on port 12437 |
| 12492 | Unknown | Low | Service on port 12492 |
| 12504 | Unknown | Low | Service on port 12504 |
| 12506 | Unknown | Low | Service on port 12506 |
| 12553 | Unknown | Low | Service on port 12553 |
| 13380 | Unknown | Low | Service on port 13380 |
| 13443 | Unknown | Low | Service on port 13443 |
| 14026 | Unknown | Low | Service on port 14026 |
| 14344 | Unknown | Low | Service on port 14344 |
| 14875 | Unknown | Low | Service on port 14875 |
| 16027 | Unknown | Low | Service on port 16027 |
| 16028 | Unknown | Low | Service on port 16028 |
| 16041 | Unknown | Low | Service on port 16041 |
| 16076 | Unknown | Low | Service on port 16076 |
| 16080 | Unknown | Low | Service on port 16080 |
| 16311 | Unknown | Low | Service on port 16311 |
| 16316 | Unknown | Low | Service on port 16316 |
| 16443 | Unknown | Low | Service on port 16443 |
| 18005 | Unknown | Low | Service on port 18005 |
| 18011 | Unknown | Low | Service on port 18011 |
| 18030 | Unknown | Low | Service on port 18030 |
| 18061 | Unknown | Low | Service on port 18061 |
| 18076 | Unknown | Low | Service on port 18076 |
| 18077 | Unknown | Low | Service on port 18077 |
| 18089 | Unknown | Low | Service on port 18089 |
| 20060 | Unknown | Low | Service on port 20060 |
| 20185 | Unknown | Low | Service on port 20185 |
| 20547 | Unknown | Low | Service on port 20547 |
| 20800 | Unknown | Low | Service on port 20800 |
| 20894 | Unknown | Low | Service on port 20894 |
| 21200 | Unknown | Low | Service on port 21200 |
| 21257 | Unknown | Low | Service on port 21257 |
| 21259 | Unknown | Low | Service on port 21259 |
| 21307 | Unknown | Low | Service on port 21307 |
| 21326 | Unknown | Low | Service on port 21326 |
| 21329 | Unknown | Low | Service on port 21329 |
| 21379 | Unknown | Low | Service on port 21379 |
| 23023 | Unknown | Low | Service on port 23023 |
| 23889 | Unknown | Low | Service on port 23889 |
| 24443 | Unknown | Low | Service on port 24443 |
| 24649 | Unknown | Low | Service on port 24649 |
| 25001 | Unknown | Low | Service on port 25001 |
| 25565 | Unknown | Low | Service on port 25565 |
| 25831 | Unknown | Low | Service on port 25831 |
| 27015 | Unknown | Low | Service on port 27015 |
| 28621 | Unknown | Low | Service on port 28621 |
| 29799 | Unknown | Low | Service on port 29799 |
| 29810 | Unknown | Low | Service on port 29810 |
| 32800 | Unknown | Low | Service on port 32800 |
| 35004 | Unknown | Low | Service on port 35004 |
| 44303 | Unknown | Low | Service on port 44303 |
| 44332 | Unknown | Low | Service on port 44332 |
| 45668 | Unknown | Low | Service on port 45668 |
| 47080 | Unknown | Low | Service on port 47080 |
| 47366 | Unknown | Low | Service on port 47366 |
| 48012 | Unknown | Low | Service on port 48012 |
| 49121 | Unknown | Low | Service on port 49121 |
| 49551 | Unknown | Low | Service on port 49551 |
| 51002 | Unknown | Low | Service on port 51002 |
| 53490 | Unknown | Low | Service on port 53490 |
| 54138 | Unknown | Low | Service on port 54138 |
| 55000 | Unknown | Low | Service on port 55000 |
| 55481 | Unknown | Low | Service on port 55481 |
| 55553 | Unknown | Low | Service on port 55553 |
| 61616 | Unknown | Low | Service on port 61616 |
| 62858 | Unknown | Low | Service on port 62858 |
| 63127 | Unknown | Low | Service on port 63127 |
| 63205 | Unknown | Low | Service on port 63205 |
| 63210 | Unknown | Low | Service on port 63210 |
| 63256 | Unknown | Low | Service on port 63256 |
⚠️ 在101.201.50.253上检测到4个高风险端口。暴露的RDP (3389)是勒索软件攻击的首要入口。 开放的数据库端口表明可能存在数据泄露风险。 Telnet (23)以明文传输凭据——可能是被入侵的IoT设备。 这些服务在没有严格防火墙规则的情况下不应公开访问。
已知漏洞 (CVE) (42)
+17 更多
| CVE ID | Link |
|---|---|
| CVE-2016-10011 | NVD → |
| CVE-2023-38408 | NVD → |
| CVE-2015-5352 | NVD → |
| CVE-2011-5000 | NVD → |
| CVE-2007-2768 | NVD → |
| CVE-2021-36368 | NVD → |
| CVE-2016-1908 | NVD → |
| CVE-2018-15473 | NVD → |
| CVE-2016-3115 | NVD → |
| CVE-2017-15906 | NVD → |
| CVE-2023-51767 | NVD → |
| CVE-2014-1692 | NVD → |
| CVE-2020-14145 | NVD → |
| CVE-2019-6109 | NVD → |
| CVE-2016-20012 | NVD → |
| CVE-2016-10010 | NVD → |
| CVE-2010-5107 | NVD → |
| CVE-2023-51385 | NVD → |
| CVE-2016-10012 | NVD → |
| CVE-2015-6564 | NVD → |
| CVE-2016-10009 | NVD → |
| CVE-2025-26465 | NVD → |
| CVE-2014-2532 | NVD → |
| CVE-2026-35414 | NVD → |
| CVE-2014-2653 | NVD → |
🔴 此主机有42个已知CVE与其暴露的服务相关联。如此大量的漏洞强烈表明软件严重过时。 请在NVD数据库中查看每个CVE的详细信息。
检测到的技术
apache:subversionopenbsd:openssh:7.4opennetworking:openflow:1.0openbsd:openssh:7.2p2openbsd:openssh:8.2p1openbsd:openssh:7.6p1microsoft:internet_information_servicescanonical:ubuntu_linuxopenbsd:openssh:6.6.1microsoft:windowsopenbsd:openssh:7.5openbsd:openssh:5.3openbsd:openssh:X.X
数据来源:Shodan InternetDB。独立于abuse.mom进行扫描。
09
黑名单状态 (DNSBL)
该IP已通过全球邮件服务器和防火墙使用的主要DNS黑名单进行检查。
✓ 清洁
ix.dnsbl.manitu.net
✓ 清洁
dnsbl.sorbs.net
✓ 清洁
dnsbl-1.uceprotect.net
✓ 清洁
bl.spamcop.net
✓ 清洁
zen.spamhaus.org
✓ 清洁
b.barracudacentral.org
✓ 清洁
truncate.gbudb.net
✓ 清洁
psbl.surriel.com
已检查:Spamhaus、SpamCop、Barracuda、SORBS、CBL、UCEProtect。
10
Threat Analysis
101.201.50.253 has been assigned a threat score of 85/100 (Critical). 凭借此评分,该IP属于严重威胁级别——是我们监控数据库中最危险的地址之一。
The following attack categories were identified:
Path Enumeration
📊 Threat Analysis
威胁情报分析将101.201.50.253与来自Beijing, China,运营在Hangzhou Alibaba Advertising Co的网络中的恶意活动相关联。该地址自首次检测以来一直处于观察状态。 在1天的时间内,此IP产生了1次恶意请求,平均每天约1次请求。 该地址被归类为住宅,意味着它可能属于终端用户ISP连接。来自住宅IP的恶意活动通常表明设备已被入侵或属于僵尸网络。 该IP表现出目录枚举行为,系统地请求不存在的路径以发现隐藏文件和配置错误的资源。 我们的记录显示来自China的123个恶意IP,使其成为全球威胁活动的重要贡献者。 威胁评分85/100将此IP置于高风险类别。建议在防火墙级别进行封锁。
This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.
11
Related Threats
12
Security Intelligence
💡 Command Injection Techniques
Command injection occurs when attackers insert operating system commands through application inputs. Successful exploitation grants direct server access, enabling data theft, malware installation, and lateral movement across networks.
💡 Behavioral Analysis vs Signature Detection
Signature-based detection matches known attack patterns but misses novel threats. Behavioral analysis identifies anomalies in request patterns, timing, and volume, catching zero-day attacks that signatures cannot recognize.
🔍 Check Any IP Address
Share this report: