控制台🇯🇴 JO176.241.66.87
ABUSE.MOM
威胁报告

IP威胁报告
176.241.66.87

ABUSE.MOM — 规矩点,否则你将被曝光

生成时间: 2026-05-27 08:00:08
首次发现: 2026-04-04 21:00:04
最后发现: 2026-04-16 15:00:06
103

⛔ 判定:封锁

该IP地址已被归类为自动化恶意活动的来源。 威胁评分: 103/100. 已观察到的恶意请求总数: 3.

DANGER_PATHRATIO_404METHOD
01

地理位置与分类

IP地址
176.241.66.87
类型
Residential
国家
🇯🇴 JO
城市
Amman
ISP
VTEL HOLDINGS LIMITED/JORDAN CO.
组织
VTEL HOLDINGS LIMITED/JORDAN CO
自治系统
AS50670 VTEL HOLDINGS LIMITED/JORDAN CO.
请求次数
3
02

检测签名

签名描述分数严重性
Danger strong hits: 1高风险路径:Webshell、RCE、漏洞利用+25
Danger medium hits: 1中等风险:管理面板、配置文件+10
404 ratio >= 60%大多数请求返回404——目录枚举+25
POST requests present自动分析检测到行为异常+8
Danger strong hits: 3高风险路径:Webshell、RCE、漏洞利用+75
Danger medium hits: 2中等风险:管理面板、配置文件+20
Σ = 163
03

观察到的活动

从服务器访问日志重建的HTTP请求。出于安全考虑,目标域名已隐藏。

[redacted]
GET
/
200
显示请求: 1 · HTTP 404: 0 · 危险模式: 0

* Typical request patterns for detected signatures. Actual target domains are redacted.

04

时间线

2026-04-04 21:00:04
检测到首次恶意请求
IP已从服务器日志进入监控
观察期间
触发了多个检测签名
Danger strong hits: 1 (+25), Danger medium hits: 1 (+10), 404 ratio >= 60% (+25)
2026-04-16 15:00:06
观察到最后一次恶意请求
总分达到: 103/100
下一周期
IP已封锁——所有后续请求被拒绝(HTTP 403)
自动添加到封锁列表
05

网络供应商

VTEL HOLDINGS LIMITED/JORDAN CO.
AS50670 · 🇯🇴 JO
06

建议

已采取和建议的措施

  • IP 176.241.66.87 已在应用层封锁(HTTP 403)
  • 建议在防火墙层(iptables/CSF)进行封锁
  • 通过abuse联系方式向网络供应商举报
  • 确保敏感文件(.env、.git、备份)无法从网络访问

🔎 目录扫描防御

IP 176.241.66.87正在枚举目录。在10次以上404错误后配置fail2ban apache-404 jail。禁用目录列表。

08

开放端口和服务

来自Shodan的网络侦察数据。开放端口可能表示正在运行的服务、错误配置或潜在的攻击面。

开放端口 (359)
PortServiceRiskDescription
11UnknownLowService on port 11
13UnknownLowService on port 13
37UnknownLowService on port 37
49UnknownLowService on port 49
80HTTPLowHTTP web server — standard web traffic
81UnknownLowService on port 81
83UnknownLowService on port 83
102UnknownLowService on port 102
113UnknownLowService on port 113
122UnknownLowService on port 122
143IMAPLowService on port 143
264UnknownLowService on port 264
427UnknownLowService on port 427
440UnknownLowService on port 440
480UnknownLowService on port 480
541UnknownLowService on port 541
548UnknownLowService on port 548
554UnknownLowService on port 554
636UnknownLowService on port 636
789UnknownLowService on port 789
902UnknownLowService on port 902
992UnknownLowService on port 992
993IMAPSLowService on port 993
1027UnknownLowService on port 1027
1177UnknownLowService on port 1177
1234UnknownLowService on port 1234
1235UnknownLowService on port 1235
1311UnknownLowService on port 1311
1337UnknownLowService on port 1337
1414UnknownLowService on port 1414
1433MSSQLHighService on port 1433
1440UnknownLowService on port 1440
1471UnknownLowService on port 1471
1515UnknownLowService on port 1515
1800UnknownLowService on port 1800
1801UnknownLowService on port 1801
1820UnknownLowService on port 1820
1830UnknownLowService on port 1830
1911UnknownLowService on port 1911
1935UnknownLowService on port 1935
1962UnknownLowService on port 1962
1972UnknownLowService on port 1972
1980UnknownLowService on port 1980
2002UnknownLowService on port 2002
2008UnknownLowService on port 2008
2051UnknownLowService on port 2051
2082UnknownLowService on port 2082
2086UnknownLowService on port 2086
2095UnknownLowService on port 2095
2109UnknownLowService on port 2109
2121UnknownLowService on port 2121
2154UnknownLowService on port 2154
2181UnknownLowService on port 2181
2196UnknownLowService on port 2196
2222UnknownLowService on port 2222
2224UnknownLowService on port 2224
2266UnknownLowService on port 2266
2332UnknownLowService on port 2332
2375UnknownLowService on port 2375
2455UnknownLowService on port 2455
2553UnknownLowService on port 2553
2568UnknownLowService on port 2568
2628UnknownLowService on port 2628
2762UnknownLowService on port 2762
3001UnknownLowService on port 3001
3011UnknownLowService on port 3011
3058UnknownLowService on port 3058
3061UnknownLowService on port 3061
3065UnknownLowService on port 3065
3110UnknownLowService on port 3110
3134UnknownLowService on port 3134
3137UnknownLowService on port 3137
3144UnknownLowService on port 3144
3164UnknownLowService on port 3164
3174UnknownLowService on port 3174
3333UnknownLowService on port 3333
3352UnknownLowService on port 3352
3388UnknownLowService on port 3388
3524UnknownLowService on port 3524
3541UnknownLowService on port 3541
3551UnknownLowService on port 3551
3689UnknownLowService on port 3689
3749UnknownLowService on port 3749
3790UnknownLowService on port 3790
3792UnknownLowService on port 3792
4022UnknownLowService on port 4022
4042UnknownLowService on port 4042
4064UnknownLowService on port 4064
4104UnknownLowService on port 4104
4150UnknownLowService on port 4150
4157UnknownLowService on port 4157
4282UnknownLowService on port 4282
4369UnknownLowService on port 4369
4433UnknownLowService on port 4433
4435UnknownLowService on port 4435
4443UnknownLowService on port 4443
4444UnknownLowService on port 4444
4506UnknownLowService on port 4506
4524UnknownLowService on port 4524
4543UnknownLowService on port 4543
4786UnknownLowService on port 4786
4840UnknownLowService on port 4840
4886UnknownLowService on port 4886
4949UnknownLowService on port 4949
5001UnknownLowService on port 5001
5007UnknownLowService on port 5007
5010UnknownLowService on port 5010
5025UnknownLowService on port 5025
5070UnknownLowService on port 5070
5150UnknownLowService on port 5150
5224UnknownLowService on port 5224
5257UnknownLowService on port 5257
5269UnknownLowService on port 5269
5432PostgreSQLHighPostgreSQL database — direct database access risk
5542UnknownLowService on port 5542
5569UnknownLowService on port 5569
5601UnknownLowService on port 5601
5603UnknownLowService on port 5603
5609UnknownLowService on port 5609
5800UnknownLowService on port 5800
5801UnknownLowService on port 5801
5986UnknownLowService on port 5986
5987UnknownLowService on port 5987
5992UnknownLowService on port 5992
6008UnknownLowService on port 6008
6262UnknownLowService on port 6262
6379RedisCriticalRedis in-memory database — frequently misconfigured without auth
6556UnknownLowService on port 6556
6653UnknownLowService on port 6653
6666UnknownLowService on port 6666
7001UnknownLowService on port 7001
7071UnknownLowService on port 7071
7082UnknownLowService on port 7082
7415UnknownLowService on port 7415
7433UnknownLowService on port 7433
7443UnknownLowService on port 7443
7510UnknownLowService on port 7510
7548UnknownLowService on port 7548
7700UnknownLowService on port 7700
7775UnknownLowService on port 7775
7778UnknownLowService on port 7778
7782UnknownLowService on port 7782
7878UnknownLowService on port 7878
7980UnknownLowService on port 7980
8001UnknownLowService on port 8001
8018UnknownLowService on port 8018
8020UnknownLowService on port 8020
8025UnknownLowService on port 8025
8036UnknownLowService on port 8036
8049UnknownLowService on port 8049
8060UnknownLowService on port 8060
8069UnknownLowService on port 8069
8079UnknownLowService on port 8079
8083UnknownLowService on port 8083
8086UnknownLowService on port 8086
8090UnknownLowService on port 8090
8097UnknownLowService on port 8097
8098UnknownLowService on port 8098
8112UnknownLowService on port 8112
8133UnknownLowService on port 8133
8140UnknownLowService on port 8140
8181UnknownLowService on port 8181
8200UnknownLowService on port 8200
8238UnknownLowService on port 8238
8280UnknownLowService on port 8280
8291MikroTikHighMikroTik Winbox — router management, targeted by VPNFilter malware
8333UnknownLowService on port 8333
8385UnknownLowService on port 8385
8417UnknownLowService on port 8417
8421UnknownLowService on port 8421
8430UnknownLowService on port 8430
8443HTTPS-AltLowService on port 8443
8450UnknownLowService on port 8450
8563UnknownLowService on port 8563
8586UnknownLowService on port 8586
8587UnknownLowService on port 8587
8728UnknownLowService on port 8728
8771UnknownLowService on port 8771
8809UnknownLowService on port 8809
8835UnknownLowService on port 8835
8849UnknownLowService on port 8849
8857UnknownLowService on port 8857
8883UnknownLowService on port 8883
8888HTTP-AltLowService on port 8888
8916UnknownLowService on port 8916
9000UnknownLowService on port 9000
9001UnknownLowService on port 9001
9002UnknownLowService on port 9002
9042UnknownLowService on port 9042
9046UnknownLowService on port 9046
9068UnknownLowService on port 9068
9070UnknownLowService on port 9070
9082UnknownLowService on port 9082
9091UnknownLowService on port 9091
9092UnknownLowService on port 9092
9099UnknownLowService on port 9099
9148UnknownLowService on port 9148
9160UnknownLowService on port 9160
9190UnknownLowService on port 9190
9191UnknownLowService on port 9191
9200ElasticsearchHighElasticsearch — can leak sensitive data if unauthenticated
9203UnknownLowService on port 9203
9215UnknownLowService on port 9215
9218UnknownLowService on port 9218
9230UnknownLowService on port 9230
9251UnknownLowService on port 9251
9300UnknownLowService on port 9300
9306UnknownLowService on port 9306
9398UnknownLowService on port 9398
9400UnknownLowService on port 9400
9447UnknownLowService on port 9447
9505UnknownLowService on port 9505
9595UnknownLowService on port 9595
9770UnknownLowService on port 9770
9800UnknownLowService on port 9800
9898UnknownLowService on port 9898
9918UnknownLowService on port 9918
9944UnknownLowService on port 9944
9994UnknownLowService on port 9994
9999UnknownLowService on port 9999
10000UnknownLowService on port 10000
10003UnknownLowService on port 10003
10134UnknownLowService on port 10134
10283UnknownLowService on port 10283
10380UnknownLowService on port 10380
10480UnknownLowService on port 10480
10554UnknownLowService on port 10554
10909UnknownLowService on port 10909
11027UnknownLowService on port 11027
11084UnknownLowService on port 11084
11300UnknownLowService on port 11300
11434UnknownLowService on port 11434
12126UnknownLowService on port 12126
12129UnknownLowService on port 12129
12135UnknownLowService on port 12135
12153UnknownLowService on port 12153
12154UnknownLowService on port 12154
12163UnknownLowService on port 12163
12192UnknownLowService on port 12192
12194UnknownLowService on port 12194
12208UnknownLowService on port 12208
12223UnknownLowService on port 12223
12245UnknownLowService on port 12245
12253UnknownLowService on port 12253
12261UnknownLowService on port 12261
12262UnknownLowService on port 12262
12272UnknownLowService on port 12272
12277UnknownLowService on port 12277
12309UnknownLowService on port 12309
12312UnknownLowService on port 12312
12319UnknownLowService on port 12319
12327UnknownLowService on port 12327
12338UnknownLowService on port 12338
12345UnknownLowService on port 12345
12349UnknownLowService on port 12349
12377UnknownLowService on port 12377
12396UnknownLowService on port 12396
12414UnknownLowService on port 12414
12418UnknownLowService on port 12418
12423UnknownLowService on port 12423
12432UnknownLowService on port 12432
12460UnknownLowService on port 12460
12465UnknownLowService on port 12465
12507UnknownLowService on port 12507
12522UnknownLowService on port 12522
12587UnknownLowService on port 12587
13000UnknownLowService on port 13000
13333UnknownLowService on port 13333
14344UnknownLowService on port 14344
14403UnknownLowService on port 14403
14825UnknownLowService on port 14825
14875UnknownLowService on port 14875
15672UnknownLowService on port 15672
16023UnknownLowService on port 16023
16026UnknownLowService on port 16026
16035UnknownLowService on port 16035
16071UnknownLowService on port 16071
16094UnknownLowService on port 16094
16667UnknownLowService on port 16667
16992UnknownLowService on port 16992
16993UnknownLowService on port 16993
17775UnknownLowService on port 17775
18019UnknownLowService on port 18019
18022UnknownLowService on port 18022
18037UnknownLowService on port 18037
18039UnknownLowService on port 18039
18050UnknownLowService on port 18050
18067UnknownLowService on port 18067
18074UnknownLowService on port 18074
18245UnknownLowService on port 18245
19065UnknownLowService on port 19065
19091UnknownLowService on port 19091
19100UnknownLowService on port 19100
19222UnknownLowService on port 19222
21025UnknownLowService on port 21025
21100UnknownLowService on port 21100
21102UnknownLowService on port 21102
21239UnknownLowService on port 21239
21246UnknownLowService on port 21246
21309UnknownLowService on port 21309
21323UnknownLowService on port 21323
22222UnknownLowService on port 22222
23023UnknownLowService on port 23023
23424UnknownLowService on port 23424
25001UnknownLowService on port 25001
25006UnknownLowService on port 25006
25010UnknownLowService on port 25010
25105UnknownLowService on port 25105
26460UnknownLowService on port 26460
28015UnknownLowService on port 28015
28017UnknownLowService on port 28017
29840UnknownLowService on port 29840
30003UnknownLowService on port 30003
30007UnknownLowService on port 30007
30023UnknownLowService on port 30023
30104UnknownLowService on port 30104
31337UnknownLowService on port 31337
32400UnknownLowService on port 32400
35100UnknownLowService on port 35100
35250UnknownLowService on port 35250
35554UnknownLowService on port 35554
35975UnknownLowService on port 35975
39001UnknownLowService on port 39001
40001UnknownLowService on port 40001
41800UnknownLowService on port 41800
42420UnknownLowService on port 42420
44158UnknownLowService on port 44158
44302UnknownLowService on port 44302
44303UnknownLowService on port 44303
44510UnknownLowService on port 44510
45000UnknownLowService on port 45000
46000UnknownLowService on port 46000
46474UnknownLowService on port 46474
49153UnknownLowService on port 49153
49200UnknownLowService on port 49200
49688UnknownLowService on port 49688
50070UnknownLowService on port 50070
50073UnknownLowService on port 50073
50080UnknownLowService on port 50080
50105UnknownLowService on port 50105
50995UnknownLowService on port 50995
50996UnknownLowService on port 50996
51235UnknownLowService on port 51235
52140UnknownLowService on port 52140
54490UnknownLowService on port 54490
55000UnknownLowService on port 55000
55200UnknownLowService on port 55200
55481UnknownLowService on port 55481
55553UnknownLowService on port 55553
58532UnknownLowService on port 58532
60030UnknownLowService on port 60030
60129UnknownLowService on port 60129
61234UnknownLowService on port 61234
61613UnknownLowService on port 61613
61616UnknownLowService on port 61616
63811UnknownLowService on port 63811
64295UnknownLowService on port 64295
64894UnknownLowService on port 64894
65000UnknownLowService on port 65000

⚠️ 在176.241.66.87上检测到4个高风险端口。开放的数据库端口表明可能存在数据泄露风险。 这些服务在没有严格防火墙规则的情况下不应公开访问。

检测到的技术
microsoft:windowsmicrosoft:internet_information_services:10.0

数据来源:Shodan InternetDB。独立于abuse.mom进行扫描。

09

黑名单状态 (DNSBL)

该IP已通过全球邮件服务器和防火墙使用的主要DNS黑名单进行检查。

⛔ 已列入
zen.spamhaus.org
✓ 清洁
dnsbl.sorbs.net
✓ 清洁
ix.dnsbl.manitu.net
✓ 清洁
dnsbl-1.uceprotect.net
✓ 清洁
bl.spamcop.net
✓ 清洁
b.barracudacentral.org
✓ 清洁
truncate.gbudb.net
✓ 清洁
psbl.surriel.com

已检查:Spamhaus、SpamCop、Barracuda、SORBS、CBL、UCEProtect。

10

Threat Analysis

176.241.66.87 has been assigned a threat score of 103/100 (Critical). 凭借此评分,该IP属于严重威胁级别——是我们监控数据库中最危险的地址之一。

The following attack categories were identified:

Path Enumeration

📊 Threat Analysis

地址176.241.66.87来源于Amman, JO,运营在VTEL HOLDINGS LIMITED/JORDAN CO.的网络中。它是通过对受监控端点的入站网络流量进行自动分析而被识别的。 我们的传感器在11天内捕获了来自此地址的3次恶意请求,反映出每天约0.3次的持续攻击节奏。 从住宅网络运营,此IP可能代表一个被入侵的家庭网关或已被招募到更大攻击基础设施中的IoT设备。 该IP表现出目录枚举行为,系统地请求不存在的路径以发现隐藏文件和配置错误的资源。 我们的记录显示来自JO的78个恶意IP,使其成为全球威胁活动的值得注意的贡献者。 评分103/100将此地址置于最高严重性级别。应封锁并调查任何历史连接。

This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.

11

Related Threats

🇯🇴 Top threats from JO

91.186.252.91 (208)176.29.225.112 (198)91.186.255.110 (168)109.107.243.93 (128)176.28.170.254 (128)View all →

🏢 Same network: AS50670

81.21.11.168 (103)View all →
12

Security Intelligence

💡 SQL Injection Campaigns

SQL injection remains one of the most common web attack vectors. Attackers inject malicious SQL code through input fields to extract database contents, modify data, or gain administrative access. Automated scanners test for SQLi vulnerabilities at massive scale.

💡 Ransomware-as-a-Service Economy

The RaaS model allows technically unskilled criminals to deploy sophisticated ransomware through affiliate programs. Operators provide the malware, infrastructure, and negotiation services, taking a percentage of ransom payments from their affiliates.

🔍 Check Any IP Address

Share this report:
关于免责声明条款举报追踪
报告生成时间 27.05.2026 08:00
规矩点,否则你将被曝光