JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 149.143.128.186

149.143.128.186 was found in our database!

This IP was reported 50 times. Confidence of Abuse is 41%: ?

41%

ISP	WiredISP Inc.
Usage Type	Fixed Line ISP
ASN	AS7029
Domain Name	wiredisp.com
Country	🇺🇸 United States of America
City	Simi Valley, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 149.143.128.186

Whois 149.143.128.186

IP Abuse Reports for 149.143.128.186:

This IP address has been reported a total of 50 times from 20 distinct sources. 149.143.128.186 was first reported on April 19th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-18 14:36:17 (3 weeks ago)	(caddyscan) Scanner path probe from 149.143.128.186 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 149.143.128.186 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.128.186 - - [18/May/2026:14:36:10 +0000] "GET /.env.staging.local HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [18/May/2026:14:36:10 +0000] "GET /.env.testing HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [18/May/2026:14:36:10 +0000] "GET /.env.dist HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [18/May/2026:14:36:10 +0000] "GET /.env.demo HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [18/May/2026:14:36:10 +0000] "GET /.env.old HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-15 08:57:35 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:57:25.959683 2026] [security2:error] [pid 886:tid 886] [client 149.143.128.186:42455] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "accordionclub.org"] [uri "/.env.local"] [unique_id "agbf9bOEONDea5Fe76CokgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:24:48 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:23:35.769227 2026] [security2:error] [pid 16292:tid 16292] [client 149.143.128.186:44325] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rememberingjohnhanson.com"] [uri "/api/.env"] [unique_id "agbYB8ku1vGRkWfVDjjUiAAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:04:07 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:03:02.782525 2026] [security2:error] [pid 11082:tid 11082] [client 149.143.128.186:52623] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "amazinghydraulics.com"] [uri "/.env.staging"] [unique_id "agbTNlETFmlMSycwoYDqyAAAADU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 07:31:06 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 03:30:56.328553 2026] [security2:error] [pid 27672:tid 27672] [client 149.143.128.186:47389] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alexsource.com"] [uri "/.env.production"] [unique_id "agbLsFgqcJskmwYsm0e3uAAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 06:38:30 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 02:38:19.629058 2026] [security2:error] [pid 12705:tid 12705] [client 149.143.128.186:40163] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "texasfurnitureinc.com"] [uri "/.env.testing"] [unique_id "aga_W6PRND1DFhlzIX5GcAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 15:44:45 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 11:44:22.876738 2026] [security2:error] [pid 5849:tid 5903] [client 149.143.128.186:52073] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "promo.heworeblack.com"] [uri "/.env.local"] [unique_id "agXt1jrd5eOBpjcDQ4OKDwAAAZc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 23:32:07 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 19:31:56.020384 2026] [security2:error] [pid 30134:tid 30134] [client 149.143.128.186:34055] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.levaraluxe.com.artizandecor.com"] [uri "/.env.local.php"] [unique_id "agUJ7PvqsKVA95mHVuKnrwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 13:18:01 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 09:17:45.362125 2026] [security2:error] [pid 18359:tid 18487] [client 149.143.128.186:43637] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "viasatsales.com"] [uri "/app/.env"] [unique_id "agR5-eg4YQyYKNHtMg5gqwAAAkw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-13 02:36:16 (4 weeks ago)	(caddyscan) Scanner path probe from 149.143.128.186 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 149.143.128.186 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 0 149.143.128.186 - - [13/May/2026:02:36:09 +0000] "HEAD /app/.env HTTP/1.1" [REDACTED] 200 0 149.143.128.186 - - [13/May/2026:02:36:09 +0000] "HEAD /wp-config.php.bak HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [13/May/2026:02:36:10 +0000] "GET /wp-config.php.bak HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [13/May/2026:02:36:10 +0000] "GET /.env.bak HTTP/1.1" [REDACTED] 200 0 149.143.128.186 - - [13/May/2026:02:36:13 +0000] "HEAD /.env.production HTTP/1.1" show less	Port Scan
Anonymous	2026-05-13 00:59:32 (4 weeks ago)	(caddyscan) Scanner path probe from 149.143.128.186 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 149.143.128.186 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 0 149.143.128.186 - - [13/May/2026:00:58:20 +0000] "HEAD /.aws/credentials HTTP/1.1" [REDACTED] 200 0 149.143.128.186 - - [13/May/2026:00:59:23 +0000] "HEAD /.env.save HTTP/1.1" [REDACTED] 200 0 149.143.128.186 - - [13/May/2026:00:59:23 +0000] "HEAD /.env.swp HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [13/May/2026:00:59:25 +0000] "GET /.env.bak HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [13/May/2026:00:59:28 +0000] "GET /.env.save HTTP/1.1" show less	Port Scan
🇫🇷 masterguru	2026-05-11 13:13:01 (1 month ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 149.143.128.186 (US/United States/-): 1 in the ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 149.143.128.186 (US/United States/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇺🇸 TPI-Abuse	2026-05-10 18:13:08 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.128.186 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 14:12:37.664196 2026] [security2:error] [pid 22655:tid 22655] [client 149.143.128.186:56441] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.jamelrobinson.com"] [uri "/.git/objects/"] [unique_id "agDKlWc4QzQxSLan_eoxigAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-10 08:41:33 (1 month ago)	(caddyscan) Scanner path probe from 149.143.128.186 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 149.143.128.186 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.128.186 - - [10/May/2026:08:31:27 +0000] "GET /phpmyadmin/index.php HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [10/May/2026:08:31:27 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 0 149.143.128.186 - - [10/May/2026:08:37:25 +0000] "HEAD /wp-config.php HTTP/1.1" [REDACTED] 200 0 149.143.128.186 - - [10/May/2026:08:38:05 +0000] "HEAD /app/.env HTTP/1.1" [REDACTED] 200 0 149.143.128.186 - - [10/May/2026:08:41:27 +0000] "HEAD /app/.env HTTP/1.1" show less	Port Scan
Anonymous	2026-05-10 02:24:53 (1 month ago)	(caddyscan) Scanner path probe from 149.143.128.186 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 149.143.128.186 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.128.186 - - [10/May/2026:01:30:18 +0000] "GET /.env.dist HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [10/May/2026:01:51:26 +0000] "GET /.env.local HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [10/May/2026:01:51:27 +0000] "GET /admin/.DS_Store HTTP/1.1" [REDACTED] 200 0 149.143.128.186 - - [10/May/2026:02:24:48 +0000] "HEAD /.env.staging HTTP/1.1" [REDACTED] 200 2627 149.143.128.186 - - [10/May/2026:02:24:52 +0000] "GET /owa/auth/logon.aspx HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 50 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 170.106.84.136

🇺🇸 170.106.8.38

🇺🇸 162.217.165.13

🇺🇸 162.216.150.100

🇹🇼 128.14.236.41

🇭🇰 103.226.124.223

🇺🇸 91.230.168.213

🇰🇷 59.15.58.148

🇨🇳 47.97.38.226

🇭🇰 47.75.99.54

🇫🇷 46.105.28.235

🇺🇸 194.195.208.25

🇺🇸 194.195.208.6

🇨🇳 180.184.38.93

🇺🇸 170.106.82.209

🇺🇸 170.106.74.215

🇪🇬 156.213.46.6

🇺🇸 134.199.238.115

🇧🇩 103.183.62.0

🇳🇱 213.176.16.100