JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.224.138.102

185.224.138.102 was found in our database!

This IP was reported 84 times. Confidence of Abuse is 100%: ?

100%

ISP	Hostinger International Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS47583
Domain Name	hostinger.com
Country	🇳🇱 Netherlands
City	Meppel, Drenthe

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.224.138.102

Whois 185.224.138.102

IP Abuse Reports for 185.224.138.102:

This IP address has been reported a total of 84 times from 46 distinct sources. 185.224.138.102 was first reported on December 11th 2020, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-09 21:59:03 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-08. show less	Web App Attack SSH Hacking
🇨🇭 TheCoon	2026-06-08 20:45:01 (1 week ago)	Automated: Credential theft attempt - JSON bomb served	Web App Attack Hacking
🇺🇸 kosada.com	2026-06-08 13:50:38 (1 week ago)	Web vulnerability probing: /dev/.env	Web App Attack
Anonymous	2026-06-08 10:16:00 (1 week ago)	(caddyscan) Scanner path probe from 185.224.138.102 (NL/The Netherlands/-): 5 in the last 3600 secs; ... show more (caddyscan) Scanner path probe from 185.224.138.102 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 185.224.138.102 - - [08/Jun/2026:10:15:56 +0000] "GET /.env.save HTTP/1.1" [REDACTED] 200 2627 185.224.138.102 - - [08/Jun/2026:10:15:56 +0000] "GET /api/.env.save HTTP/1.1" [REDACTED] 200 2627 185.224.138.102 - - [08/Jun/2026:10:15:56 +0000] "GET /api/.env HTTP/1.1" [REDACTED] 200 2627 185.224.138.102 - - [08/Jun/2026:10:15:56 +0000] "GET /admin/.env HTTP/1.1" [REDACTED] 200 2627 185.224.138.102 - - [08/Jun/2026:10:15:56 +0000] "GET /dev/.env HTTP/1.1" show less	Port Scan
🇩🇪 Bedios GmbH	2026-06-08 09:05:49 (1 week ago)	Login credentials theft attempt	Hacking
🇺🇸 TPI-Abuse	2026-06-08 08:54:53 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 08 04:54:48.205104 2026] [security2:error] [pid 13463:tid 13463] [client 185.224.138.102:60424] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aico-sal.com"] [uri "/api/.env.save"] [unique_id "aiaDWLb9GC9nLmoIN3AG7QAAABc"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 BlueWire Hosting	2026-06-08 07:44:09 (1 week ago)	Probing websites for vulnerabilities	Web App Attack
🇫🇮 Kimmo Rieskaniemi	2026-06-08 04:46:54 (1 week ago)	CrowdSec triggered crowdsecurity/http-sensitive-files	Web App Attack Hacking
🇲🇽 octageeks.com	2026-06-08 04:17:26 (1 week ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 03:52:42 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 23:52:39.368702 2026] [security2:error] [pid 21262:tid 21262] [client 185.224.138.102:61598] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bonefrog.com"] [uri "/api/.env"] [unique_id "aiY8h3jCPybrTtcmfEy-KQAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-08 01:53:21 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 21:53:16.131895 2026] [security2:error] [pid 31264:tid 31264] [client 185.224.138.102:42120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "commonbridges.org"] [uri "/core/.env"] [unique_id "aiYgjGNzKaSIU6HjVX6y9AAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 23:48:40 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 19:48:32.557954 2026] [security2:error] [pid 5802:tid 5802] [client 185.224.138.102:52250] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "doorofhopechurch.org"] [uri "/core/.env"] [unique_id "aiYDUIFz0R29d8NVmPSZIAAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 22:40:45 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:40:38.820130 2026] [security2:error] [pid 13656:tid 13668] [client 185.224.138.102:45632] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "esgcommission.org"] [uri "/laravel/.env"] [unique_id "aiXzZl-zRjYD013NV9Pp1AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 22:25:14 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 18:25:06.932485 2026] [security2:error] [pid 19195:tid 19195] [client 185.224.138.102:61694] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thermalsoftware.com"] [uri "/api/.env"] [unique_id "aiXvwikR3O6f5gIGjxBXkQAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 21:09:12 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 185.224.138.102 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 17:09:07.877578 2026] [security2:error] [pid 21903:tid 21903] [client 185.224.138.102:43786] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crearcuestionarios.com"] [uri "/admin/.env"] [unique_id "aiXd82V84UBpqAs5fC7u2wAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 84 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.176.29.16

🇺🇸 162.216.149.195

🇨🇦 134.122.37.159

🇨🇳 121.40.35.205

🇮🇩 103.190.214.241

🇭🇰 101.36.108.191

🇰🇷 61.250.32.10

🇸🇬 2620:171:f4:f0:9999::233

🇺🇸 2604:a940:300:5b6:0:28::

🇫🇮 178.20.210.208

🇺🇸 167.99.151.1

🇳🇱 91.92.40.11

🇵🇹 88.157.30.249

🇸🇬 47.236.147.192

🇪🇪 37.157.91.62

🇧🇪 34.38.65.12

🇺🇸 20.163.14.140

🇩🇪 167.94.146.52

🇧🇷 129.121.50.86

🇺🇸 108.12.31.179