Relatório de ameaça IP
14.224.170.240
ABUSE.MOM — COMPORTE-SE OU SERÁ EXPOSTO
Geolocalização e classificação
Assinaturas de detecção
| Assinatura | Descrição | Pontos | Gravidade |
|---|---|---|---|
| Danger medium hits: 8 | Risco médio: painéis admin, arquivos de configuração | +60 | |
| 404 ratio 40-60% | Maioria das solicitações retornou 404 — enumeração | +15 | |
| Probe pattern 302->404 same path | Anomalia comportamental detectada automaticamente | +20 | |
| Foreign referer seen | Referer de domínio externo não relacionado | +10 | |
| Danger medium hits: 6 | Risco médio: painéis admin, arquivos de configuração | +60 |
Atividade observada
Solicitações HTTP reconstruídas dos logs do servidor. Domínios alvo ocultados por segurança.
* Typical request patterns for detected signatures. Actual target domains are redacted.
Cronologia
Provedor de rede
Recomendações
Ações tomadas e recomendadas
- IP 14.224.170.240 está bloqueado no nível da aplicação (HTTP 403)
- Considere bloquear no nível do firewall (iptables/CSF)
- Reporte o abuso ao provedor de rede através do contato de abuso
- Garanta que arquivos sensíveis (.env, .git) não sejam acessíveis pela web
🔎 Defesa contra varredura de diretórios
IP 14.224.170.240 está enumerando diretórios. Configure fail2ban com jail apache-404 após 10+ erros 404.
Portas abertas e serviços
Dados de reconhecimento de rede do Shodan. Portas abertas podem indicar serviços em execução, configurações incorretas ou superfícies de ataque.
| Port | Service | Risk | Description |
|---|---|---|---|
| 2000 | Unknown | Low | Service on port 2000 |
| 18000 | Unknown | Low | Service on port 18000 |
| 18002 | Unknown | Low | Service on port 18002 |
| 18003 | Unknown | Low | Service on port 18003 |
| 18004 | Unknown | Low | Service on port 18004 |
| 18005 | Unknown | Low | Service on port 18005 |
| 18006 | Unknown | Low | Service on port 18006 |
| 18009 | Unknown | Low | Service on port 18009 |
| 18010 | Unknown | Low | Service on port 18010 |
| 18011 | Unknown | Low | Service on port 18011 |
| 18012 | Unknown | Low | Service on port 18012 |
| 18014 | Unknown | Low | Service on port 18014 |
| 18015 | Unknown | Low | Service on port 18015 |
| 18016 | Unknown | Low | Service on port 18016 |
| 18018 | Unknown | Low | Service on port 18018 |
| 18019 | Unknown | Low | Service on port 18019 |
| 18020 | Unknown | Low | Service on port 18020 |
| 18021 | Unknown | Low | Service on port 18021 |
| 18023 | Unknown | Low | Service on port 18023 |
| 18024 | Unknown | Low | Service on port 18024 |
| 18025 | Unknown | Low | Service on port 18025 |
| 18027 | Unknown | Low | Service on port 18027 |
| 18028 | Unknown | Low | Service on port 18028 |
| 18031 | Unknown | Low | Service on port 18031 |
| 18033 | Unknown | Low | Service on port 18033 |
| 18035 | Unknown | Low | Service on port 18035 |
| 18042 | Unknown | Low | Service on port 18042 |
| 18047 | Unknown | Low | Service on port 18047 |
| 18048 | Unknown | Low | Service on port 18048 |
| 18053 | Unknown | Low | Service on port 18053 |
| 18055 | Unknown | Low | Service on port 18055 |
| 18056 | Unknown | Low | Service on port 18056 |
| 18057 | Unknown | Low | Service on port 18057 |
| 18058 | Unknown | Low | Service on port 18058 |
| 18059 | Unknown | Low | Service on port 18059 |
| 18060 | Unknown | Low | Service on port 18060 |
| 18061 | Unknown | Low | Service on port 18061 |
| 18063 | Unknown | Low | Service on port 18063 |
| 18064 | Unknown | Low | Service on port 18064 |
| 18065 | Unknown | Low | Service on port 18065 |
| 18068 | Unknown | Low | Service on port 18068 |
| 18069 | Unknown | Low | Service on port 18069 |
| 18070 | Unknown | Low | Service on port 18070 |
| 18071 | Unknown | Low | Service on port 18071 |
| 18073 | Unknown | Low | Service on port 18073 |
| 18074 | Unknown | Low | Service on port 18074 |
| 18077 | Unknown | Low | Service on port 18077 |
| 18078 | Unknown | Low | Service on port 18078 |
| 18081 | Unknown | Low | Service on port 18081 |
| 18084 | Unknown | Low | Service on port 18084 |
| 18086 | Unknown | Low | Service on port 18086 |
| 18087 | Unknown | Low | Service on port 18087 |
| 18090 | Unknown | Low | Service on port 18090 |
| 18091 | Unknown | Low | Service on port 18091 |
| 18093 | Unknown | Low | Service on port 18093 |
| 18094 | Unknown | Low | Service on port 18094 |
| 18095 | Unknown | Low | Service on port 18095 |
| 18096 | Unknown | Low | Service on port 18096 |
| 18097 | Unknown | Low | Service on port 18097 |
| 18098 | Unknown | Low | Service on port 18098 |
| 18100 | Unknown | Low | Service on port 18100 |
| 18101 | Unknown | Low | Service on port 18101 |
| 18102 | Unknown | Low | Service on port 18102 |
| 18103 | Unknown | Low | Service on port 18103 |
| 18105 | Unknown | Low | Service on port 18105 |
| 18107 | Unknown | Low | Service on port 18107 |
| 18110 | Unknown | Low | Service on port 18110 |
| 18111 | Unknown | Low | Service on port 18111 |
| 18113 | Unknown | Low | Service on port 18113 |
| 18182 | Unknown | Low | Service on port 18182 |
| 18200 | Unknown | Low | Service on port 18200 |
| 18225 | Unknown | Low | Service on port 18225 |
| 18239 | Unknown | Low | Service on port 18239 |
| 18245 | Unknown | Low | Service on port 18245 |
| 18264 | Unknown | Low | Service on port 18264 |
| 18368 | Unknown | Low | Service on port 18368 |
| 18443 | Unknown | Low | Service on port 18443 |
| 18556 | Unknown | Low | Service on port 18556 |
| 18765 | Unknown | Low | Service on port 18765 |
| 18789 | Unknown | Low | Service on port 18789 |
| 18888 | Unknown | Low | Service on port 18888 |
| CVE ID | Link |
|---|---|
| CVE-2025-62168 | NVD → |
| CVE-2024-37894 | NVD → |
| CVE-2025-59362 | NVD → |
| CVE-2024-45802 | NVD → |
🔴 Este host possui 4 CVEs conhecidos associados aos seus serviços expostos. Múltiplas vulnerabilidades sugerem falhas no gerenciamento de patches. Revise cada CVE no banco de dados NVD.
Fonte: Shodan InternetDB. Escaneado independentemente do abuse.mom.
Status em listas negras (DNSBL)
Este IP foi verificado nas principais listas negras DNS usadas por servidores de e-mail e firewalls.
Verificado: Spamhaus, SpamCop, Barracuda, SORBS, CBL, UCEProtect.
Threat Analysis
14.224.170.240 has been assigned a threat score of 105/100 (Critical). Esta é uma ameaça de nível crítico. Administradores de sistemas devem tratar este IP como hostil e bloquear todas as conexões de entrada sem exceção.
The following attack categories were identified:
📊 Threat Analysis
Nossa infraestrutura de monitoramento identificou 14.224.170.240, geolocalizado em Ho Chi Minh City, Vietnam, operando na rede de VNPT, como fonte de atividade de rede suspeita. Ao longo de 24 dias, este IP gerou 2 requisições maliciosas, com média de aproximadamente 0.1 requisições por dia. O endereço é classificado como residencial. Atividade maliciosa de IPs residenciais tipicamente indica comprometimento de dispositivo ou participação em botnet. O IP exibe comportamento de enumeração de diretórios, solicitando sistematicamente caminhos inexistentes. Vietnam atualmente responde por 196 IPs bloqueados em nosso banco de dados, sendo uma fonte significativa de tráfego malicioso. Uma pontuação de 105/100 coloca este endereço no nível mais alto de severidade.
This IP is classified as residential, suggesting it may belong to a compromised home device, IoT botnet member, or an infected personal computer. Residential IPs involved in attacks often indicate malware infection without the owner's knowledge.
Related Threats
Security Intelligence
💡 Server-Side Request Forgery (SSRF)
SSRF attacks trick servers into making requests to internal resources that should not be publicly accessible. This can expose cloud metadata endpoints, internal APIs, and private network services, potentially leading to full infrastructure compromise.
💡 Bulletproof Hosting Ecosystem
Bulletproof hosting providers deliberately ignore abuse complaints, creating safe havens for malicious operations. These providers often operate in jurisdictions with weak cybercrime enforcement, offering services specifically marketed to criminal organizations.