JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 104.234.140.25

104.234.140.25 was found in our database!

This IP was reported 169 times. Confidence of Abuse is 43%: ?

43%

ISP	Latitude.sh
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396356
Domain Name	latitude.sh
Country	🇯🇵 Japan
City	Tokyo, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 104.234.140.25

Whois 104.234.140.25

IP Abuse Reports for 104.234.140.25:

This IP address has been reported a total of 169 times from 67 distinct sources. 104.234.140.25 was first reported on June 24th 2023, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-06-23 01:56:19 (1 day ago)	Blocked by UFW (TCP on 1) Source port: 31451 TTL: 110 Packet length: 52 TOS: 0x08 This report (for ... show more Blocked by UFW (TCP on 1) Source port: 31451 TTL: 110 Packet length: 52 TOS: 0x08 This report (for 104.234.140.25) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇬🇧 consul.to	2026-06-22 01:46:22 (2 days ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 consul.to	2026-06-21 00:02:34 (3 days ago)	Web attack/malicious scanning detected	Web App Attack
🇳🇱 Site.eu	2026-06-10 23:13:49 (1 week ago)	Excessive 404/403 errors	Brute-Force
🇫🇷 solution.it	2026-06-10 14:25:10 (1 week ago)	[Wed Jun 10 16:25:09.767467 2026] [php7:error] [pid 2652467:tid 2652467] [client 104.234.140.25:2508 ... show more [Wed Jun 10 16:25:09.767467 2026] [php7:error] [pid 2652467:tid 2652467] [client 104.234.140.25:25081] script '/var/www/html/system.php' not found or unable to stat show less	Web App Attack
🇺🇸 Hazael	2026-05-29 12:11:17 (3 weeks ago)	SNOOPING - intended to probe for or exploit website vulnerabilities. From: Tokyo, Japan - Latitude.s ... show more SNOOPING - intended to probe for or exploit website vulnerabilities. From: Tokyo, Japan - Latitude.sh (AS396356 Latitude.sh) - Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0 show less	Web App Attack
🇺🇸 mnsf	2026-05-28 23:05:50 (3 weeks ago)	Scanning/Probing (40)	Brute-Force Web App Attack
🇩🇪 paissangroup	2026-05-25 00:46:52 (4 weeks ago)	Multiple WAF Violations	Web App Attack
🇨🇭 backslash	2026-05-25 00:06:01 (4 weeks ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-24 21:05:35 (4 weeks ago)	(mod_security) mod_security (id:234930) triggered by 104.234.140.25 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:234930) triggered by 104.234.140.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 24 17:05:28.068264 2026] [security2:error] [pid 15099:tid 15197] [client 104.234.140.25:57433] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\/lib\\\\/php\\\\/connector\\\\.minimal\\\\.php$" at REQUEST_FILENAME. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/27_Apps_WPPlugin.conf"] [line "6778"] [id "234930"] [rev "2"] [msg "COMODO WAF: File upload vulnerability in the file manager plugin before 6.9 for WordPress (CVE-2020-25213)\|\|doorways.info\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WPPlugin"] [hostname "doorways.info"] [uri "/wp-content/plugins/wp-file-manager/lib/php/connector.minimal.php"] [unique_id "ahNoGGDu9YW2iNziSyIZ_wAAAU0"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 pengpeng	2026-05-05 00:56:52 (1 month ago)	monitor: on VM-0-7-ubuntu \| port: 28622 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporte ... show more monitor: on VM-0-7-ubuntu \| port: 28622 \| ttl: 251 script: github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇨🇳 ThreatBook.io	2026-04-14 22:44:18 (2 months ago)	ThreatBook Intelligence: Scanner more details on http://threatbook.io/ip/104.234.140.25 2026-04-14 0 ... show more ThreatBook Intelligence: Scanner more details on http://threatbook.io/ip/104.234.140.25 2026-04-14 00:31:03 /Login_files?../../../etc/passwd 2026-04-14 00:31:03 /login?../../../../../../etc/passwd 2026-04-14 00:31:03 /login?/etc/passwd 2026-04-14 00:31:03 /login?../../../etc/passwd 2026-04-14 00:31:03 /login?../../../../../../etc/passwd 2026-04-14 00:31:03 /Login_files?../../../../../../../../etc/passwd 2026-04-14 00:31:03 /Login_files?/etc/passwd 2026-04-14 00:31:03 /login?../../../../../../../../etc/passwd 2026-04-14 00:31:03 /Login_files?../../../../../../etc/passwd 2026-04-14 00:31:03 /login?/etc/passwd show less	Web App Attack
🇬🇧 consul.to	2026-04-07 14:25:45 (2 months ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 xmission.com	2026-03-31 08:43:48 (2 months ago)	Blocked by UFW (TCP on 14895) Source port: 62350 TTL: 118 Packet length: 52 TOS: 0x00 This report ( ... show more Blocked by UFW (TCP on 14895) Source port: 62350 TTL: 118 Packet length: 52 TOS: 0x00 This report (for 104.234.140.25) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇨🇳 ThreatBook.io	2026-03-26 23:58:50 (2 months ago)	ThreatBook Intelligence: Scanner more details on http://threatbook.io/ip/104.234.140.25 2026-03-26 1 ... show more ThreatBook Intelligence: Scanner more details on http://threatbook.io/ip/104.234.140.25 2026-03-26 14:43:54 /help/user/group/issues_analytics/actuator;%2f%2e%2e/env 2026-03-26 14:43:53 /help/user/group/contribution_analytics/index.md/env//// 2026-03-26 14:43:52 /help/user/group/contribution_analytics/actuato%72/healt%68/%2e%2e;/en%76 2026-03-26 14:43:49 /help/ci/quick_start/../env 2026-03-26 14:43:51 /help/user/group/contribution_analytics/actuato%72/en%76 2026-03-26 14:43:53 /help/user/group/issues_analytics/../../env show less	Web App Attack

Showing 1 to 15 of 169 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 85.217.140.26

🇳🇱 45.148.10.121

🇳🇱 212.8.242.38

🇩🇪 192.178.183.113

🇧🇷 181.174.208.247

🇺🇸 172.234.218.34

🇻🇳 171.231.181.52

🇺🇸 147.185.132.187

🇩🇪 142.250.154.132

🇧🇷 138.59.233.5

🇸🇬 101.32.244.206

🇮🇷 86.57.62.46

🇫🇷 51.83.10.237

🇺🇸 35.255.126.149

🇺🇸 20.55.118.120

🇰🇷 14.48.246.33

🇷🇴 193.46.255.86

🇧🇴 181.188.176.242

🇺🇸 147.185.132.20

🇬🇧 2a06:4880:c000::fd