JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 149.143.130.90

149.143.130.90 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 39%: ?

39%

ISP	WiredISP Inc.
Usage Type	Fixed Line ISP
ASN	AS7029
Domain Name	wiredisp.com
Country	🇺🇸 United States of America
City	Leesburg, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 149.143.130.90

Whois 149.143.130.90

IP Abuse Reports for 149.143.130.90:

This IP address has been reported a total of 45 times from 18 distinct sources. 149.143.130.90 was first reported on April 20th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Bedios GmbH	2026-05-20 21:37:50 (3 weeks ago)	Login credentials theft attempt	Hacking
🇺🇸 TPI-Abuse	2026-05-19 07:05:53 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 03:05:49.258055 2026] [security2:error] [pid 21762:tid 21762] [client 149.143.130.90:59031] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stats.cmabiblequizzing.org"] [uri "/.env.production"] [unique_id "agwLzVTfAiYsCSLnYuj1uAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:59:55 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:59:09.556508 2026] [security2:error] [pid 11977:tid 11977] [client 149.143.130.90:50013] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|brookspowell.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "brookspowell.com"] [uri "/config/master.key"] [unique_id "agbgXVoSFu8yP3itmrp9pgAAACY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:26:39 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:26:25.648333 2026] [security2:error] [pid 31446:tid 31446] [client 149.143.130.90:48837] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kirbysheetmetalworks.kirbysmw.com"] [uri "/.env.save"] [unique_id "agbYsYHrGCcked-eS4SfHwAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:01:41 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:01:27.637739 2026] [security2:error] [pid 26321:tid 26321] [client 149.143.130.90:37813] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "macro-astrology.com"] [uri "/.env.development.local"] [unique_id "agbS1z9AVNSv14ytYEcCVAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-13 08:07:52 (1 month ago)	(caddyscan) Scanner path probe from 149.143.130.90 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.130.90 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.130.90 - - [13/May/2026:08:07:46 +0000] "GET /.env.testing HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [13/May/2026:08:07:46 +0000] "GET /.env.php HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [13/May/2026:08:07:46 +0000] "GET /.env.staging.local HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [13/May/2026:08:07:50 +0000] "GET /.env.save HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [13/May/2026:08:07:50 +0000] "GET /.env.sample HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-12 20:35:25 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 16:35:08.566390 2026] [security2:error] [pid 9050:tid 9050] [client 149.143.130.90:60609] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "atelier92.com"] [uri "/.env.orig"] [unique_id "agOO_CBl4moOMVA_00CLpgAAAD0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 19:38:36 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 15:38:25.593500 2026] [security2:error] [pid 16690:tid 16690] [client 149.143.130.90:35343] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "scottcampbellconstruction.com"] [uri "/.env.demo"] [unique_id "agOBsWdc6N1K2CVlZRiVjgAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 13:53:11 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 09:52:37.721475 2026] [security2:error] [pid 12771:tid 12771] [client 149.143.130.90:47321] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "keepaustinnuts.com"] [uri "/.env.staging"] [unique_id "agMwpfThBSGeN1XJDehnsQAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-11 07:31:26 (1 month ago)	(caddyscan) Scanner path probe from 149.143.130.90 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.130.90 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.130.90 - - [11/May/2026:07:31:19 +0000] "GET /actuator/env HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [11/May/2026:07:31:19 +0000] "GET /api/actuator/heapdump HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [11/May/2026:07:31:19 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [11/May/2026:07:31:21 +0000] "GET /.env.docker HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [11/May/2026:07:31:21 +0000] "GET /wp-config.php.bak HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-11 04:52:32 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 00:52:07.805142 2026] [security2:error] [pid 20083:tid 20083] [client 149.143.130.90:53105] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "pizzadata.com"] [uri "/.env~"] [unique_id "agFgd96o-752gj3wuJmEmQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-11 00:34:03 (1 month ago)	(caddyscan) Scanner path probe from 149.143.130.90 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.130.90 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 0 149.143.130.90 - - [11/May/2026:00:33:59 +0000] "HEAD /.env.production HTTP/1.1" [REDACTED] 200 0 149.143.130.90 - - [11/May/2026:00:33:59 +0000] "HEAD /.env HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [11/May/2026:00:33:59 +0000] "GET /.git/objects/ HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [11/May/2026:00:34:01 +0000] "GET /backend/.env HTTP/1.1" [REDACTED] 200 0 149.143.130.90 - - [11/May/2026:00:34:01 +0000] "HEAD /wp-config.php.bak HTTP/1.1" show less	Port Scan
🇺🇸 Bruce5051	2026-05-09 19:09:20 (1 month ago)	149.143.130.90 - - [09/May/2026:12:09:17 -0700] "GET /.gitconfig HTTP/1.1" 301 162 "-" "Mozilla/5.0 ... show more 149.143.130.90 - - [09/May/2026:12:09:17 -0700] "GET /.gitconfig HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Hacking Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-09 17:37:15 (1 month ago)	(caddyscan) Scanner path probe from 149.143.130.90 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.130.90 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.130.90 - - [09/May/2026:17:36:53 +0000] "GET /api/actuator/heapdump HTTP/1.1" [REDACTED] 200 0 149.143.130.90 - - [09/May/2026:17:37:03 +0000] "HEAD /.env.prod HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [09/May/2026:17:37:08 +0000] "GET /.env.release HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [09/May/2026:17:37:09 +0000] "GET /.env.yml HTTP/1.1" [REDACTED] 200 2627 149.143.130.90 - - [09/May/2026:17:37:10 +0000] "GET /.env-backup HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-09 11:26:52 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.130.90 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 09 07:26:35.921759 2026] [security2:error] [pid 28083:tid 28083] [client 149.143.130.90:49007] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.albertmassaad.com.easternimport.com"] [uri "/.env.uat"] [unique_id "af8Z69zNFoxuekE4VfmQ6AAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇳 182.95.51.166

🇺🇸 147.182.180.119

🇺🇸 66.45.144.201

🇲🇦 41.251.225.196

🇺🇸 194.62.107.141

🇨🇴 181.54.0.58

🇮🇩 150.107.136.45

🇬🇧 147.148.205.252

🇺🇸 136.175.193.222

🇲🇲 103.59.163.135

🇺🇸 64.62.197.170

🇸🇬 43.160.249.98

🇺🇸 34.162.212.190

🇩🇪 31.76.27.231

🇺🇸 184.56.169.255

🇮🇳 182.78.67.22

🇱🇰 124.43.10.224

🇺🇸 64.227.97.8

🇸🇬 47.128.22.122

🇨🇳 47.95.199.109