JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 149.143.134.86

149.143.134.86 was found in our database!

This IP was reported 49 times. Confidence of Abuse is 39%: ?

39%

ISP	WiredISP Inc.
Usage Type	Fixed Line ISP
ASN	AS7029
Domain Name	wiredisp.com
Country	🇺🇸 United States of America
City	Simi Valley, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 149.143.134.86

Whois 149.143.134.86

IP Abuse Reports for 149.143.134.86:

This IP address has been reported a total of 49 times from 21 distinct sources. 149.143.134.86 was first reported on April 19th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-20 20:39:54 (3 weeks ago)	(caddyscan) Scanner path probe from 149.143.134.86 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.134.86 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 0 149.143.134.86 - - [20/May/2026:20:39:51 +0000] "HEAD /.env~ HTTP/1.1" [REDACTED] 200 0 149.143.134.86 - - [20/May/2026:20:39:51 +0000] "HEAD /.aws/config HTTP/1.1" [REDACTED] 200 0 149.143.134.86 - - [20/May/2026:20:39:51 +0000] "HEAD /app/.env HTTP/1.1" [REDACTED] 200 0 149.143.134.86 - - [20/May/2026:20:39:51 +0000] "HEAD /api/.env HTTP/1.1" [REDACTED] 200 0 149.143.134.86 - - [20/May/2026:20:39:51 +0000] "HEAD /.env.backup HTTP/1.1" show less	Port Scan
Anonymous	2026-05-20 09:50:59 (3 weeks ago)	(caddyscan) Scanner path probe from 149.143.134.86 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.134.86 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 0 149.143.134.86 - - [20/May/2026:09:44:59 +0000] "HEAD /wp-config.php HTTP/1.1" [REDACTED] 200 2627 149.143.134.86 - - [20/May/2026:09:50:54 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 149.143.134.86 - - [20/May/2026:09:50:54 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 149.143.134.86 - - [20/May/2026:09:50:54 +0000] "GET /app/.env HTTP/1.1" [REDACTED] 200 2627 149.143.134.86 - - [20/May/2026:09:50:54 +0000] "GET /mautic/.env HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-19 17:14:07 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 19 13:14:01.818087 2026] [security2:error] [pid 16985:tid 16985] [client 149.143.134.86:51217] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ratbird.com"] [uri "/.env.live"] [unique_id "agyaWa8VRWMM9WOjvPYReQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-17 13:12:04 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 09:11:51.660907 2026] [security2:error] [pid 28262:tid 28262] [client 149.143.134.86:53281] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.island.cleanhorizons.org"] [uri "/.htpasswd"] [unique_id "agm-lywp7d2MKaT0-3N8jQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Blexyel	2026-05-16 04:27:51 (1 month ago)	149.143.134.86 - - [16/May/2026:06:27:41 +0200] "HEAD /.git/config HTTP/1.1" 200 0 "-" "Mozilla/5.0 ... show more 149.143.134.86 - - [16/May/2026:06:27:41 +0200] "HEAD /.git/config HTTP/1.1" 200 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36" ... show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:59:48 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:59:14.641056 2026] [security2:error] [pid 10344:tid 10344] [client 149.143.134.86:43323] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "spores101.com"] [uri "/.htpasswd"] [unique_id "agbgYutCulyuze_YHt6a4QAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:42:13 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:41:45.132112 2026] [security2:error] [pid 20655:tid 20672] [client 149.143.134.86:39005] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thebiglies.org"] [uri "/.env.staging"] [unique_id "agbcSQS8NqowuojCS1O8VgAAAU8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:24:42 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:24:32.310414 2026] [security2:error] [pid 24398:tid 24398] [client 149.143.134.86:34245] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "crestrong.com"] [uri "/api/.env"] [unique_id "agbYQMDmOCDYeQyM_s4hHgAAACg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:01:00 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:00:26.863799 2026] [security2:error] [pid 24428:tid 24428] [client 149.143.134.86:44509] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.scc1.us"] [uri "/backend/.env"] [unique_id "agbSmmuHGV13kbCI1o8WVwAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 07:49:04 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 03:48:49.276942 2026] [security2:error] [pid 21226:tid 21226] [client 149.143.134.86:51035] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mdp-interiors.com"] [uri "/.env.azure"] [unique_id "agV-YXwTGT8EEoOFGkaApwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-13 08:15:24 (1 month ago)	(caddyscan) Scanner path probe from 149.143.134.86 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.134.86 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.134.86 - - [13/May/2026:08:00:11 +0000] "GET /.DS_Store HTTP/1.1" [REDACTED] 200 0 149.143.134.86 - - [13/May/2026:08:00:12 +0000] "HEAD /.aws/config HTTP/1.1" [REDACTED] 200 2627 149.143.134.86 - - [13/May/2026:08:00:15 +0000] "GET /.git/objects/ HTTP/1.1" [REDACTED] 200 2627 149.143.134.86 - - [13/May/2026:08:15:16 +0000] "GET /phpMyAdmin/ HTTP/1.1" [REDACTED] 200 2627 149.143.134.86 - - [13/May/2026:08:15:19 +0000] "GET /.env.preview HTTP/1.1" show less	Port Scan
Anonymous	2026-05-11 07:31:42 (1 month ago)	(caddyscan) Scanner path probe from 149.143.134.86 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.134.86 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 0 149.143.134.86 - - [11/May/2026:07:31:19 +0000] "HEAD /wp-config.php HTTP/1.1" [REDACTED] 200 2627 149.143.134.86 - - [11/May/2026:07:31:30 +0000] "GET /.DS_Store HTTP/1.1" [REDACTED] 200 2627 149.143.134.86 - - [11/May/2026:07:31:36 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 149.143.134.86 - - [11/May/2026:07:31:39 +0000] "GET /.env.cfg HTTP/1.1" [REDACTED] 200 2627 149.143.134.86 - - [11/May/2026:07:31:41 +0000] "GET /.env-backup HTTP/1.1" show less	Port Scan
🇺🇸 Bruce5051	2026-05-09 19:09:22 (1 month ago)	149.143.134.86 - - [09/May/2026:12:09:21 -0700] "GET /.env.test HTTP/1.1" 301 162 "-" "Mozilla/5.0 ( ... show more 149.143.134.86 - - [09/May/2026:12:09:21 -0700] "GET /.env.test HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" ... show less	Hacking Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-08 20:22:43 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 149.143.134.86 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 08 16:22:38.737861 2026] [security2:error] [pid 20431:tid 20431] [client 149.143.134.86:42701] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|abecasis.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "abecasis.com"] [uri "/backup.sql"] [unique_id "af5GDruqXjnnKe5Y9XFkLQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 as211431.net	2026-05-08 06:08:01 (1 month ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/2 (GET method) ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: BLOCK Protocol: HTTP/2 (GET method) Endpoint: /.env.dev UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 15 of 49 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 165.227.159.13

🇸🇬 152.42.219.80

🇵🇱 151.115.91.7

🇹🇭 113.53.251.101

🇷🇺 91.219.196.17

🇷🇴 80.94.92.165

🇬🇧 45.82.76.122

🇨🇲 41.204.82.238

🇸🇬 35.240.254.119

🇬🇧 35.203.210.253

🇬🇧 5.226.140.40

🇺🇸 209.172.2.130

🇷🇺 178.178.222.55

🇺🇸 162.243.138.30

🇸🇬 103.187.147.214

🇻🇳 103.186.101.237

🇨🇦 85.217.149.36

🇩🇪 69.5.169.246

🇺🇸 34.66.129.83

🇺🇸 2607:f8b0:4001:c34::12d