JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 8.138.232.54

8.138.232.54 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 79%: ?

79%

ISP	Aliyun Computing Co.LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS37963
Domain Name	alibabacloud.com
Country	🇨🇳 China
City	Guangzhou, Guangdong

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 8.138.232.54

Whois 8.138.232.54

IP Abuse Reports for 8.138.232.54:

This IP address has been reported a total of 23 times from 13 distinct sources. 8.138.232.54 was first reported on June 25th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-06-30 15:09:44 (1 hour ago)	(caddyscan) Scanner path probe from 8.138.232.54 (CN/China/-): 5 in the last 3600 secs; Ports: ; Di ... show more (caddyscan) Scanner path probe from 8.138.232.54 (CN/China/-): 5 in the last 3600 secs; Ports: ; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 8.138.232.54 - - [30/Jun/2026:15:09:34 +0000] "GET /wp-config.php.bak HTTP/1.1" [REDACTED] 200 2627 8.138.232.54 - - [30/Jun/2026:15:09:35 +0000] "GET /wp-config.php.old HTTP/1.1" [REDACTED] 200 2627 8.138.232.54 - - [30/Jun/2026:15:09:36 +0000] "GET /wp-config.php.save HTTP/1.1" [REDACTED] 200 2627 8.138.232.54 - - [30/Jun/2026:15:09:39 +0000] "GET /wp-config.php.txt HTTP/1.1" [REDACTED] 200 2627 8.138.232.54 - - [30/Jun/2026:15:09:41 +0000] "GET /wp-config.php~ HTTP/1.1" show less	Port Scan
🇫🇷 Octopuce	2026-06-30 14:24:02 (1 hour ago)	Aggressive web search of vulnerable pages: /.env /.env.local /.env.production /.env.development /.en ... show more Aggressive web search of vulnerable pages: /.env /.env.local /.env.production /.env.development /.env.dev /.env.prod /.env.test /.env.staging / ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-30 12:12:35 (4 hours ago)	(mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 08:12:28.627979 2026] [security2:error] [pid 14721:tid 14721] [client 8.138.232.54:52570] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.drillworkscr.com"] [uri "/public/.env"] [unique_id "akOyrMBlUOlRvHpmpIGcowAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-30 11:51:09 (4 hours ago)	(mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 07:51:00.648726 2026] [security2:error] [pid 13495:tid 13495] [client 8.138.232.54:54907] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.byles.net"] [uri "/api/.env"] [unique_id "akOtpB6Y4QBCkBbDkAreyAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-30 10:26:53 (5 hours ago)	(mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 06:26:48.008785 2026] [security2:error] [pid 13565:tid 13627] [client 8.138.232.54:59648] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.lbakkercpa.com"] [uri "/temp/.env"] [unique_id "akOZ6ACblgf8xXh_yMU3sgAAAcQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-30 09:16:52 (6 hours ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-193) show less	Hacking
🇩🇪 Bedios GmbH	2026-06-30 09:04:06 (7 hours ago)	Login credentials theft attempt	Hacking
🇺🇸 TPI-Abuse	2026-06-30 07:04:14 (9 hours ago)	(mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 03:04:08.401791 2026] [security2:error] [pid 12546:tid 12546] [client 8.138.232.54:53908] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "naturalpozzolanassociation.pozzolan.org"] [uri "/.env.sample"] [unique_id "akNqaO9L6jfstVztcUuL9wAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-30 06:45:52 (9 hours ago)	(mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 02:45:42.819402 2026] [security2:error] [pid 22280:tid 22280] [client 8.138.232.54:56657] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.landjudging.com.watongacommunitycats.org"] [uri "/.env~"] [unique_id "akNmFsWVe2RWBdR7ve_ZvgAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 DZBOT	2026-06-30 06:24:39 (9 hours ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-30 06:19:52 (9 hours ago)	(mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 30 02:19:47.820396 2026] [security2:error] [pid 16505:tid 16549] [client 8.138.232.54:64733] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "writeonce.org"] [uri "/backups/.env"] [unique_id "akNgA0Bt4UJBpYoLmI4V_AAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Axel	2026-06-30 05:52:02 (10 hours ago)	Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /server/.env ... show more Blocked by ModSecurity. Rule ID: 210492 Message: None Phase: 1 Severity: CRITICAL URI: /server/.env Server: UK-01 show less	Web App Attack Hacking SQL Injection
🇧🇾 lns.bz	2026-06-30 00:52:51 (15 hours ago)	.env scanning [BY]	Web App Attack
🇺🇸 TPI-Abuse	2026-06-29 20:43:08 (19 hours ago)	(mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 8.138.232.54 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 16:43:01.617018 2026] [security2:error] [pid 28477:tid 28526] [client 8.138.232.54:49538] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "besfixedwireless.com"] [uri "/old/.env"] [unique_id "akLY1TM6XN9CUU1K7EaHMgAAAUk"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 tekgnosis	2026-06-29 18:16:25 (21 hours ago)	This IP was detected by CrowdSec triggering crowdsecurity/http-sensitive-files	Web App Attack Hacking

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 2a00:23cc:ff39:b01:d8ea:90cb:7bd0:a904

🇮🇩 223.25.108.2

🇺🇸 216.25.89.101

🇻🇳 125.212.235.194

🇫🇷 90.63.199.41

🇱🇹 81.30.98.49

🇱🇹 45.227.254.170

🇧🇷 45.70.131.21

🇧🇦 31.223.131.5

🇱🇻 31.56.204.231

🇺🇸 2607:f8b0:4001:c1c::128

🇨🇳 218.59.201.12

🇺🇸 158.94.187.145

🇮🇳 125.19.158.2

🇧🇬 91.92.199.36

🇳🇱 91.92.40.231

🇫🇷 51.15.224.134

🇺🇸 47.251.127.130

🇳🇱 45.148.10.141

🇮🇩 43.133.148.170