IP Threat Report
14.224.170.240
ABUSE.MOM — BEHAVE OR GET EXPOSED
Geolocation & Classification
Detection Signatures
| Signature | Description | Points | Severity |
|---|---|---|---|
| Danger medium hits: 8 | Medium-risk: admin panels, config files | +60 | |
| 404 ratio 40-60% | Majority of requests returned 404 — enumeration | +15 | |
| Probe pattern 302->404 same path | Behavioral anomaly detected by automated analysis | +20 | |
| Foreign referer seen | Referer from unrelated external domain | +10 | |
| Danger medium hits: 6 | Medium-risk: admin panels, config files | +60 |
Observed Activity
Reconstructed HTTP requests from server access logs. Target domains redacted for security.
* Typical request patterns for detected signatures. Actual target domains are redacted.
Timeline
Network Provider
Recommendations
Actions taken & recommended
- IP 14.224.170.240 is blocked at application level (HTTP 403)
- Consider blocking at firewall level (iptables/CSF) to reduce server load
- Report abuse to the network provider via their abuse contact
- Ensure sensitive files (.env, .git, backups) are not accessible from the web
🔎 Directory Scan Defense
IP 14.224.170.240 is enumerating directories. Configure fail2ban apache-404 jail after 10+ 404 errors. Disable directory listings. Normalize all 404 responses.
Open Ports & Services
Network reconnaissance data from Shodan. Open ports may indicate running services, misconfigurations, or potential attack surfaces.
| Port | Service | Risk | Description |
|---|---|---|---|
| 2000 | Unknown | Low | Service on port 2000 |
| 18000 | Unknown | Low | Service on port 18000 |
| 18002 | Unknown | Low | Service on port 18002 |
| 18003 | Unknown | Low | Service on port 18003 |
| 18004 | Unknown | Low | Service on port 18004 |
| 18005 | Unknown | Low | Service on port 18005 |
| 18006 | Unknown | Low | Service on port 18006 |
| 18009 | Unknown | Low | Service on port 18009 |
| 18010 | Unknown | Low | Service on port 18010 |
| 18011 | Unknown | Low | Service on port 18011 |
| 18012 | Unknown | Low | Service on port 18012 |
| 18014 | Unknown | Low | Service on port 18014 |
| 18015 | Unknown | Low | Service on port 18015 |
| 18016 | Unknown | Low | Service on port 18016 |
| 18018 | Unknown | Low | Service on port 18018 |
| 18019 | Unknown | Low | Service on port 18019 |
| 18020 | Unknown | Low | Service on port 18020 |
| 18021 | Unknown | Low | Service on port 18021 |
| 18023 | Unknown | Low | Service on port 18023 |
| 18024 | Unknown | Low | Service on port 18024 |
| 18025 | Unknown | Low | Service on port 18025 |
| 18027 | Unknown | Low | Service on port 18027 |
| 18028 | Unknown | Low | Service on port 18028 |
| 18031 | Unknown | Low | Service on port 18031 |
| 18033 | Unknown | Low | Service on port 18033 |
| 18035 | Unknown | Low | Service on port 18035 |
| 18042 | Unknown | Low | Service on port 18042 |
| 18047 | Unknown | Low | Service on port 18047 |
| 18048 | Unknown | Low | Service on port 18048 |
| 18053 | Unknown | Low | Service on port 18053 |
| 18055 | Unknown | Low | Service on port 18055 |
| 18056 | Unknown | Low | Service on port 18056 |
| 18057 | Unknown | Low | Service on port 18057 |
| 18058 | Unknown | Low | Service on port 18058 |
| 18059 | Unknown | Low | Service on port 18059 |
| 18060 | Unknown | Low | Service on port 18060 |
| 18061 | Unknown | Low | Service on port 18061 |
| 18063 | Unknown | Low | Service on port 18063 |
| 18064 | Unknown | Low | Service on port 18064 |
| 18065 | Unknown | Low | Service on port 18065 |
| 18068 | Unknown | Low | Service on port 18068 |
| 18069 | Unknown | Low | Service on port 18069 |
| 18070 | Unknown | Low | Service on port 18070 |
| 18071 | Unknown | Low | Service on port 18071 |
| 18073 | Unknown | Low | Service on port 18073 |
| 18074 | Unknown | Low | Service on port 18074 |
| 18077 | Unknown | Low | Service on port 18077 |
| 18078 | Unknown | Low | Service on port 18078 |
| 18081 | Unknown | Low | Service on port 18081 |
| 18084 | Unknown | Low | Service on port 18084 |
| 18086 | Unknown | Low | Service on port 18086 |
| 18087 | Unknown | Low | Service on port 18087 |
| 18090 | Unknown | Low | Service on port 18090 |
| 18091 | Unknown | Low | Service on port 18091 |
| 18093 | Unknown | Low | Service on port 18093 |
| 18094 | Unknown | Low | Service on port 18094 |
| 18095 | Unknown | Low | Service on port 18095 |
| 18096 | Unknown | Low | Service on port 18096 |
| 18097 | Unknown | Low | Service on port 18097 |
| 18098 | Unknown | Low | Service on port 18098 |
| 18100 | Unknown | Low | Service on port 18100 |
| 18101 | Unknown | Low | Service on port 18101 |
| 18102 | Unknown | Low | Service on port 18102 |
| 18103 | Unknown | Low | Service on port 18103 |
| 18105 | Unknown | Low | Service on port 18105 |
| 18107 | Unknown | Low | Service on port 18107 |
| 18110 | Unknown | Low | Service on port 18110 |
| 18111 | Unknown | Low | Service on port 18111 |
| 18113 | Unknown | Low | Service on port 18113 |
| 18182 | Unknown | Low | Service on port 18182 |
| 18200 | Unknown | Low | Service on port 18200 |
| 18225 | Unknown | Low | Service on port 18225 |
| 18239 | Unknown | Low | Service on port 18239 |
| 18245 | Unknown | Low | Service on port 18245 |
| 18264 | Unknown | Low | Service on port 18264 |
| 18368 | Unknown | Low | Service on port 18368 |
| 18443 | Unknown | Low | Service on port 18443 |
| 18556 | Unknown | Low | Service on port 18556 |
| 18765 | Unknown | Low | Service on port 18765 |
| 18789 | Unknown | Low | Service on port 18789 |
| 18888 | Unknown | Low | Service on port 18888 |
| CVE ID | Link |
|---|---|
| CVE-2025-62168 | NVD → |
| CVE-2024-37894 | NVD → |
| CVE-2025-59362 | NVD → |
| CVE-2024-45802 | NVD → |
🔴 Security scanning identified 4 vulnerability entries on this host. Multiple vulnerabilities suggest gaps in patch management. Consult NVD advisories for details.
Data source: Shodan InternetDB. Scanned independently of abuse.mom.
Blacklist Status (DNSBL)
This IP was checked against major DNS-based blacklists used by mail servers and firewalls worldwide.
Checked: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect. Results may change over time.
Threat Analysis
14.224.170.240 has been assigned a threat score of 105/100 (Critical). This is a critical-level threat. Systems administrators should treat this IP as hostile and block all inbound connections without exception.
The following attack categories were identified:
📊 Threat Analysis
Our monitoring infrastructure has identified 14.224.170.240, geolocated to Ho Chi Minh City, Vietnam, operating on the network of VNPT, as a source of suspicious network activity. Over a period of 24 days, this IP generated 2 malicious requests, averaging approximately 0.1 requests per day. This residential IP is likely a compromised consumer device. Home routers and IoT equipment with default credentials are prime targets for botnet operators. Active path scanning has been detected — this IP probes for hundreds of common file and directory names. With 196 flagged addresses, Vietnam represents a significant presence in our threat database. A score of 105/100 places this address in the top tier of severity. Block and investigate any historical connections.
This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.
Related Threats
Security Intelligence
💡 Server-Side Request Forgery (SSRF)
SSRF attacks trick servers into making requests to internal resources that should not be publicly accessible. This can expose cloud metadata endpoints, internal APIs, and private network services, potentially leading to full infrastructure compromise.
💡 Bulletproof Hosting Ecosystem
Bulletproof hosting providers deliberately ignore abuse complaints, creating safe havens for malicious operations. These providers often operate in jurisdictions with weak cybercrime enforcement, offering services specifically marketed to criminal organizations.