JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 149.143.131.29

149.143.131.29 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 38%: ?

38%

ISP	WiredISP Inc.
Usage Type	Fixed Line ISP
ASN	AS7029
Domain Name	wiredisp.com
Country	🇺🇸 United States of America
City	Leesburg, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 149.143.131.29

Whois 149.143.131.29

IP Abuse Reports for 149.143.131.29:

This IP address has been reported a total of 43 times from 18 distinct sources. 149.143.131.29 was first reported on April 20th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-20 22:00:27 (3 weeks ago)	(caddyscan) Scanner path probe from 149.143.131.29 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.131.29 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 0 149.143.131.29 - - [20/May/2026:21:11:13 +0000] "HEAD /wp-config.php HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [20/May/2026:21:11:13 +0000] "GET /.env.old HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [20/May/2026:21:15:28 +0000] "GET /.aws/config HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [20/May/2026:21:23:52 +0000] "GET /wp-config.php.save HTTP/1.1" [REDACTED] 200 0 149.143.131.29 - - [20/May/2026:22:00:25 +0000] "HEAD /web/.env HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-16 11:19:01 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 07:18:50.224623 2026] [security2:error] [pid 3598:tid 3598] [client 149.143.131.29:41317] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.nodepotgroup.nodepot.com"] [uri "/.env.orig"] [unique_id "aghSmvj95UaIq72YsCQtEQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:25:49 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:25:31.575527 2026] [security2:error] [pid 25294:tid 25294] [client 149.143.131.29:42387] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "wilsonclassof81.org"] [uri "/app/.env"] [unique_id "agbYe4rEPtj0YUUxf7xrzAAAACY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:06:55 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:06:35.356722 2026] [security2:error] [pid 6629:tid 6629] [client 149.143.131.29:33809] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.uhfcfoundation.org.victorvictor.biz"] [uri "/.env"] [unique_id "agbUC_XEvU45p8IYGwciXAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 07:32:05 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 03:31:34.123995 2026] [security2:error] [pid 28341:tid 28341] [client 149.143.131.29:43221] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.sympalais.com"] [uri "/.env"] [unique_id "agbL1ssCoOI6U0NsGqG9bQAAADU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 06:19:20 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 02:18:53.730795 2026] [security2:error] [pid 25886:tid 25886] [client 149.143.131.29:39623] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blanchebb.com"] [uri "/.env.local"] [unique_id "aga6zRq8n4eD2bbkKXqE8QAAAD4"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 SpaceHost-Server	2026-05-13 22:27:09 (1 month ago)		Brute-Force Web App Attack
Anonymous	2026-05-13 08:50:06 (1 month ago)	(caddyscan) Scanner path probe from 149.143.131.29 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.131.29 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.131.29 - - [13/May/2026:07:56:41 +0000] "GET /.env.stage HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [13/May/2026:07:56:41 +0000] "GET /.env.ci HTTP/1.1" [REDACTED] 200 0 149.143.131.29 - - [13/May/2026:08:14:37 +0000] "HEAD /.env.production HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [13/May/2026:08:16:59 +0000] "GET /api/.DS_Store HTTP/1.1" [REDACTED] 200 0 149.143.131.29 - - [13/May/2026:08:50:03 +0000] "HEAD /.aws/credentials HTTP/1.1" show less	Port Scan
🇩🇪 macrob	2026-05-13 06:50:53 (1 month ago)	2026/05/13 06:50:51 [error] 1193862#1193862: 223450958 access forbidden by rule, client: 149.143.13 ... show more 2026/05/13 06:50:51 [error] 1193862#1193862: 223450958 access forbidden by rule, client: 149.143.131.29, server: binixo.ph, request: "GET /phpmyadmin/index.php HTTP/2.0", host: "binixo.ph" 2026/05/13 06:50:51 [error] 1193862#1193862: 223450958 access forbidden by rule, client: 149.143.131.29, server: binixo.ph, request: "GET /.git/objects/ HTTP/2.0", host: "binixo.ph" 2026/05/13 06:50:52 [error] 1193862#1193862: 223450958 access forbidden by rule, client: 149.143.131.29, server: binixo.ph, request: "HEAD /backend/.env HTTP/2.0", host: "binixo.ph" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 19:29:37 (1 month ago)	(mod_security) mod_security (id:949110) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:949110) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 15:29:19.750547 2026] [security2:error] [pid 14540:tid 14540] [client 149.143.131.29:56625] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "www.tgt.cescfoundation.org"] [uri "/database.sql"] [unique_id "agN_j2E0_Sa62zVC4DC5AQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 13:53:44 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.131.29 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 09:52:43.899239 2026] [security2:error] [pid 13219:tid 13219] [client 149.143.131.29:57097] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "peanutcarvings.com"] [uri "/.env.local.php"] [unique_id "agMwq74Et7AqEpooMDNzrgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-10 16:36:57 (1 month ago)	(caddyscan) Scanner path probe from 149.143.131.29 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.131.29 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.131.29 - - [10/May/2026:16:36:55 +0000] "GET /app/.DS_Store HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [10/May/2026:16:36:55 +0000] "GET /.aws/config HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [10/May/2026:16:36:55 +0000] "GET /root/.aws/config HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [10/May/2026:16:36:55 +0000] "GET /.env.yaml HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [10/May/2026:16:36:56 +0000] "GET /.env.cfg HTTP/1.1" show less	Port Scan
🇩🇪 big-cloud.nl	2026-05-10 16:04:26 (1 month ago)	Try to access /.git/config	Web App Attack
Anonymous	2026-05-10 05:15:43 (1 month ago)	(caddyscan) Scanner path probe from 149.143.131.29 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.131.29 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.131.29 - - [10/May/2026:05:15:40 +0000] "GET /.git/config HTTP/1.1" [REDACTED] 200 0 149.143.131.29 - - [10/May/2026:05:15:41 +0000] "HEAD /.env HTTP/1.1" [REDACTED] 200 0 149.143.131.29 - - [10/May/2026:05:15:41 +0000] "HEAD /.env~ HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [10/May/2026:05:15:41 +0000] "GET /actuator/configprops HTTP/1.1" [REDACTED] 200 0 149.143.131.29 - - [10/May/2026:05:15:41 +0000] "HEAD /.env.production HTTP/1.1" show less	Port Scan
Anonymous	2026-05-10 03:57:25 (1 month ago)	(caddyscan) Scanner path probe from 149.143.131.29 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.131.29 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.131.29 - - [10/May/2026:03:03:15 +0000] "GET /actuator/configprops HTTP/1.1" [REDACTED] 200 0 149.143.131.29 - - [10/May/2026:03:03:26 +0000] "HEAD /root/.aws/config HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [10/May/2026:03:57:22 +0000] "GET /.env.bak HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [10/May/2026:03:57:22 +0000] "GET /.env.old HTTP/1.1" [REDACTED] 200 2627 149.143.131.29 - - [10/May/2026:03:57:22 +0000] "GET /.env.backup HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 165.22.203.23

🇩🇪 34.107.105.118

🇮🇩 34.101.122.76

🇮🇷 2.180.200.100

🇬🇧 217.146.80.115

🇺🇸 216.73.216.115

🇲🇽 201.103.24.211

🇧🇬 193.24.211.107

🇭🇰 156.239.224.79

🇺🇸 155.94.145.131

🇮🇩 124.40.249.211

🇨🇳 110.154.223.33

🇺🇸 107.175.75.32

🇮🇳 103.230.220.148

🇿🇦 102.64.43.84

🇯🇵 64.176.35.238

🇧🇪 35.240.66.144

🇭🇰 199.45.155.83

🇩🇪 193.124.20.228

🇸🇾 191.44.126.68