JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 67.225.140.37

67.225.140.37 was found in our database!

This IP was reported 85 times. Confidence of Abuse is 100%: ?

100%

ISP	Liquid Web, L.L.C
Usage Type	Data Center/Web Hosting/Transit
ASN	AS32244
Hostname(s)	upl.uplms.com
Domain Name	liquidweb.com
Country	🇺🇸 United States of America
City	Lansing, Michigan

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 67.225.140.37

Whois 67.225.140.37

IP Abuse Reports for 67.225.140.37:

This IP address has been reported a total of 85 times from 67 distinct sources. 67.225.140.37 was first reported on November 6th 2024, and the most recent report was 23 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 mw	2026-06-28 01:12:52 (23 hours ago)	Web App Attack	Web App Attack
🇺🇸 mw	2026-06-27 01:12:33 (1 day ago)	Web App Attack	Web App Attack
🇨🇭 SOC [GOLINE SA]	2026-06-26 18:18:40 (2 days ago)	[RoutePulse \| 2026-06-26T18:18:40Z \| RTBH-INJECTED] ATTACK CLASS: noise SOURCE: 67.225.140.37 (upl.u ... show more [RoutePulse \| 2026-06-26T18:18:40Z \| RTBH-INJECTED] ATTACK CLASS: noise SOURCE: 67.225.140.37 (upl.uplms.com) · AS32244 Liquid Web, L.L.C · United States EVIDENCE: Auto-classified: threat score 17 is below AI analysis threshold (70). Monitoring under observation. INTEL: AbuseIPDB 100% \| feeds: Wazuh SIEM — Cisco ASA / Firepower (1) \| RoutePulse score 17/100 MITRE: T1595 Active Scanning DETECTION: Conviction Engine SPRT + 14-detector ML stack (6-model weighted ensemble) + 5-pillar threat scoring ACTION: BGP null route injected at RoutePulse network edge show less	Port Scan
🇧🇷 SOC-BR	2026-06-26 07:21:02 (2 days ago)	Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-25 2 ... show more Attack detected by Fortinet - applications3: Spring.Boot.Actuator.Unauthorized.Access - 2026-06-25 22:48:17 - Source Port 48670 show less	Port Scan Hacking
🇩🇪 edena	2026-06-26 06:34:26 (2 days ago)	67.225.140.37 - - [26/Jun/2026:08:34:25 +0200] "GET /.env HTTP/1.1" 403 322 "-" "Mozilla/5.0 (Window ... show more 67.225.140.37 - - [26/Jun/2026:08:34:25 +0200] "GET /.env HTTP/1.1" 403 322 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" 67.225.140.37 - - [26/Jun/2026:08:34:25 +0200] "GET /.env.local HTTP/1.1" 403 322 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 67.225.140.37 - - [26/Jun/2026:08:34:25 +0200] "GET /.env.production HTTP/1.1" 403 322 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36 Edg/124.0.0.0" ... show less	Web App Attack Bad Web Bot
🇫🇷 Petre 21_ip	2026-06-26 06:19:39 (2 days ago)	2026-06-26T08:19:38.939104+02:00 vmi2775508 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:5c:a7:cf:c ... show more 2026-06-26T08:19:38.939104+02:00 vmi2775508 kernel: [UFW BLOCK] IN=eth0 OUT= MAC=00:50:56:5c:a7:cf:c0:69:11:b3:85:db:08:00 SRC=67.225.140.37 DST=155.133.26.57 LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=57184 DF PROTO=TCP SPT=40172 DPT=2087 WINDOW=29200 RES=0x00 SYN URGP=0 ... show less	Port Scan
Anonymous	2026-06-26 05:55:02 (2 days ago)	Blocked by os-abuseipdb; 5 hits, proto=tcp, ports=2086,2087,443,80,8443	Port Scan Hacking
Anonymous	2026-06-26 05:52:03 (2 days ago)	Bot / scanning and/or hacking attempts: GET /.env.prod HTTP/1.1, GET /.env.development HTTP/1.1, GET ... show more Bot / scanning and/or hacking attempts: GET /.env.prod HTTP/1.1, GET /.env.development HTTP/1.1, GET /.git/config HTTP/1.1, GET /config.php HTTP/1.1, GET /.git/refs/heads/main HTTP/1.1, GET /wp-config.php.bak HTTP/1.1, GET /wp-config.php HTTP/1.1, GET /.git/refs/heads/master HTTP/1.1, GET /.aws/credentials HTTP/1.1, GET /config/database.yml HTTP/1.1, GET /.aws/config HTTP/1.1, GET /.git/logs/HEAD HTTP/1.1, GET /.git-credentials HTTP/1.1, GET /.env.production HTTP/1.1, GET /phpinfo.php HTTP/1.1, GET /.env.save HTTP/1.1, GET /.git/index HTTP/1.1, GET /.env_production HTTP/1.1, GET /.env.backup HTTP/1.1, GET /info.php HTTP/1.1, GET /.env.bak HTTP/1.1, GET /actuator/logfile HTTP/1.1, GET /.env.old HTTP/1.1, GET /.env.docker HTTP/1.1, GET /.git/HEAD HTTP/1.1, GET /.env HTTP/1.1, GET /.env.local HTTP/1.1, GET /actuator/env HTTP/1.1 show less	Hacking Web App Attack
Anonymous	2026-06-26 05:19:39 (2 days ago)	<jail> banned by fail2ban	Brute-Force Web App Attack
🇺🇸 RAP	2026-06-26 04:52:26 (2 days ago)	2026-06-26 04:52:26 UTC Unauthorized activity to TCP port 8443. Web App	Port Scan Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 04:19:55 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 67.225.140.37 (upl.uplms.com): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 67.225.140.37 (upl.uplms.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 26 00:19:49.871159 2026] [security2:error] [pid 25900:tid 25900] [client 67.225.140.37:45026] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.251"] [uri "/.git/HEAD"] [unique_id "aj395SxO97IO_A0NfgBr7QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 service Informatique	2026-06-26 04:00:37 (2 days ago)	/___proxy_subdomain_whm/login	Web App Attack
🇮🇳 Mr.Singh	2026-06-26 03:30:51 (2 days ago)	NFT blocked 67.225.140.37 after 3 rejections on 26-Jun-2026.	Port Scan Brute-Force
🇺🇸 CBJ	2026-06-26 03:16:21 (2 days ago)	fail2ban: apache-filepath-recon ...	Web App Attack
🇺🇸 TPI-Abuse	2026-06-26 03:14:52 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 67.225.140.37 (upl.uplms.com): 1 in the last 30 ... show more (mod_security) mod_security (id:210492) triggered by 67.225.140.37 (upl.uplms.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 23:14:46.040671 2026] [security2:error] [pid 20086:tid 20086] [client 67.225.140.37:40372] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.137"] [uri "/.git/HEAD"] [unique_id "aj3upm_eN5InuALMlNwW0wAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 85 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 176.65.148.84

🇸🇬 145.223.130.82

🇸🇬 145.223.130.64

🇬🇧 89.37.172.139

🇮🇷 85.198.19.251

🇺🇸 68.220.58.4

🇺🇸 216.25.89.95

🇭🇰 199.45.154.146

🇦🇱 185.204.34.195

🇺🇸 172.245.252.130

🇸🇬 145.223.130.50

🇸🇬 145.223.130.46

🇸🇬 145.223.130.39

🇸🇬 145.223.130.6

🇺🇸 135.119.73.164

🇨🇳 120.48.14.72

🇹🇼 101.13.5.63

🇫🇷 90.3.65.153

🇵🇱 85.128.143.142

🇹🇼 60.250.246.239