JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 14.191.35.156

14.191.35.156 was found in our database!

This IP was reported 7 times. Confidence of Abuse is 2%: ?

ISP	Vietnam Posts and Telecommunications Group
Usage Type	Fixed Line ISP
ASN	AS45899
Domain Name	vnpt.com.vn
Country	🇻🇳 Viet Nam
City	Hanoi, Hanoi

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 14.191.35.156

Whois 14.191.35.156

IP Abuse Reports for 14.191.35.156:

This IP address has been reported a total of 7 times from 4 distinct sources. 14.191.35.156 was first reported on September 27th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 DrLex0	2026-06-06 20:17:33 (1 week ago)	BnL006: Obvious dumb distributed botnet crawler stepping into honeypot trap despite it clearly being ... show more BnL006: Obvious dumb distributed botnet crawler stepping into honeypot trap despite it clearly being a burning bag of dog poop. You suck. 14.191.35.156 443 - [06/Jun/2026:20:17:33 +0000] "GET [redacted] HTTP/1.1" 200 5537 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Gecko/20100101 Firefox/135.0" show less	Bad Web Bot Exploited Host
🇺🇸 kosada.com	2026-04-14 21:55:28 (2 months ago)	Web bot: DDoS	DDoS Attack Bad Web Bot
🇺🇸 TPI-Abuse	2026-02-21 17:54:39 (3 months ago)	(mod_security) mod_security (id:210730) triggered by 14.191.35.156 (static.vnpt.vn): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 14.191.35.156 (static.vnpt.vn): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 21 12:54:34.301957 2026] [security2:error] [pid 26851:tid 26851] [client 14.191.35.156:8666] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|borzois.com\|F\|2"] [data ".borzois.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "borzois.com"] [uri "/www.borzois.com"] [unique_id "aZnxWtCEu8VHB4rnIjQxXwAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-11 02:38:27 (6 months ago)	(mod_security) mod_security (id:210730) triggered by 14.191.35.156 (static.vnpt.vn): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 14.191.35.156 (static.vnpt.vn): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 10 21:38:20.209634 2025] [security2:error] [pid 26052:tid 26052] [client 14.191.35.156:18413] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|gundiahgazette.com.au\|F\|2"] [data ".munnacreekhall.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gundiahgazette.com.au"] [uri "/www.munnacreekhall.com"] [unique_id "aTounOTOpLlhwA44zt-ofAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-11-21 14:20:16 (6 months ago)	scanning http requests from known botnet	Web App Attack
Anonymous	2025-11-17 02:04:32 (6 months ago)	scanning http requests from known botnet	Web App Attack
🇺🇸 TPI-Abuse	2025-09-27 01:18:29 (8 months ago)	(mod_security) mod_security (id:210730) triggered by 14.191.35.156 (static.vnpt.vn): 1 in the last 3 ... show more (mod_security) mod_security (id:210730) triggered by 14.191.35.156 (static.vnpt.vn): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 26 21:18:23.131342 2025] [security2:error] [pid 18745:tid 18745] [client 14.191.35.156:25909] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.vangentholding.com\|F\|2"] [data ".yolasite.com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.vangentholding.com"] [uri "/tag/du-hoc-han-quoc-nganh-gi/cohoiduhoc.yolasite.com"] [unique_id "aNc7X6A4UB2qbuKxAPVBtAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 7 of 7 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇪 82.25.215.169

🇺🇸 66.249.73.132

🇺🇸 52.200.76.145

🇻🇳 42.96.20.16

🇬🇧 35.203.210.222

🇺🇸 209.85.219.72

🇷🇺 178.67.132.68

🇺🇸 135.119.96.214

🇨🇳 116.255.155.36

🇨🇬 102.141.40.138

🇨🇦 85.217.149.49

🇳🇱 85.11.167.11

🇨🇳 58.54.53.250

🇩🇪 45.135.193.193

🇭🇰 42.200.66.164

🇺🇸 17.241.219.53

🇺🇸 209.90.232.26

🇬🇧 193.163.125.170

🇳🇱 185.242.226.110

🇨🇭 185.211.94.76