Elevated Risk
IP 187.108.1.130 is a high-risk address originating from Brazil, operated by LANTEC COMUNICACAO MULTIMIDIA LTDA (AS28267), that has generated 4,633 abuse reports across automated honeypot sensors with a dominant focus on web application probing and hacking activity, warranting immediate blocking for any exposed service.
The IP has been actively conducting malicious operations between November 2025 and May 2026, with an activity frequency rated 8 out of 10, indicating sustained and persistent threat behavior over approximately six months. Among the reported threat categories, Hacking activity accounts for the largest share with 15 recent reports, followed by Web App Attacks at 13 reports, VoIP Fraud at 3 reports, and Port Scanning at 2 reports. Detection has been sourced from 20 distinct automated honeypot sensors, providing a confidence score of 72 percent in the attribution. The attack-pattern telemetry reveals repeated web application probing events, Suricata alerts flagging protocol mismatches in both directions, and confirmed VoIP fraud connections, suggesting this address is involved in a multi-vector threat campaign targeting both web infrastructure and telephony systems.
Web application probing represents the primary attack vector, with honeypot sensors consistently documenting attempts to identify vulnerabilities through repeated probes that could facilitate exploitation of weaknesses such as those listed in the OWASP Top 10. The presence of Suricata protocol-mismatch alerts indicates that the hostile traffic is attempting to fingerprint or bypass application-layer defenses by sending malformed or unexpected protocol payloads. Simultaneously, the VoIP fraud component suggests this infrastructure may be leveraged to compromise telephony systems for unauthorized premium-rate calling, representing a direct financial risk to organizations operating voice infrastructure. The combination of probing, intrusion attempts, and fraud activity paints a picture of a compromised or intentionally malicious host engaged in opportunistic targeting.
Site operators should block this IP at the network perimeter firewall immediately given its high threat score and sustained activity profile. Deploying a web application firewall will help mitigate probing attempts and protocol-based evasion techniques. Implementing fail2ban or similar dynamic blocking tools can automate the identification and temporary suspension of repeated malicious connection patterns. For organizations operating VoIP systems, restricting international and premium-rate dialing, enforcing call authentication mechanisms such as STIR/SHAKEN, and actively monitoring call detail records for anomalous patterns will reduce exposure to telephony fraud originating from this address.
UA 
GB