JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 149.143.136.220

149.143.136.220 was found in our database!

This IP was reported 45 times. Confidence of Abuse is 41%: ?

41%

ISP	WiredISP Inc.
Usage Type	Fixed Line ISP
ASN	AS7029
Domain Name	wiredisp.com
Country	🇺🇸 United States of America
City	Leesburg, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 149.143.136.220

Whois 149.143.136.220

IP Abuse Reports for 149.143.136.220:

This IP address has been reported a total of 45 times from 19 distinct sources. 149.143.136.220 was first reported on April 20th 2026, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-20 10:08:25 (3 weeks ago)	(caddyscan) Scanner path probe from 149.143.136.220 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 149.143.136.220 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 0 149.143.136.220 - - [20/May/2026:09:46:38 +0000] "HEAD /.env.old HTTP/1.1" [REDACTED] 200 2627 149.143.136.220 - - [20/May/2026:10:08:22 +0000] "GET /app/.env HTTP/1.1" [REDACTED] 200 2627 149.143.136.220 - - [20/May/2026:10:08:22 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 149.143.136.220 - - [20/May/2026:10:08:23 +0000] "GET /dokan/.env HTTP/1.1" [REDACTED] 200 2627 149.143.136.220 - - [20/May/2026:10:08:23 +0000] "GET /mautic/.env HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-17 13:12:27 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 09:12:16.657518 2026] [security2:error] [pid 1201:tid 1201] [client 149.143.136.220:46967] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bewdleypizza.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bewdleypizza.com"] [uri "/wp-content/mysql.sql"] [unique_id "agm-sBOsRg-08pvTQOkPNQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 06:27:28 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 02:27:20.814108 2026] [security2:error] [pid 12949:tid 12949] [client 149.143.136.220:53361] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alextra.org"] [uri "/.env.development.local"] [unique_id "aggOSGm0GqNxtV-gbGmI5QAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:57:39 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:57:26.883716 2026] [security2:error] [pid 10362:tid 10362] [client 149.143.136.220:36221] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "accordionclub.org"] [uri "/.env.orig"] [unique_id "agbf9kZj2RWRxMoInw-k1QAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:24:54 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:23:37.752092 2026] [security2:error] [pid 18000:tid 18000] [client 149.143.136.220:33155] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rememberingjohnhanson.com"] [uri "/.env.example"] [unique_id "agbYCcDglU5Z_2KjgXeGMQAAACU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:06:50 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:06:36.729636 2026] [security2:error] [pid 7360:tid 7360] [client 149.143.136.220:48605] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.hg/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.uhfcfoundation.org.victorvictor.biz"] [uri "/.hg/store"] [unique_id "agbUDDlyXUmyjGFcyCHPSwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 06:44:15 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 02:43:52.037124 2026] [security2:error] [pid 12856:tid 12856] [client 149.143.136.220:34515] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "marykaydesign.net"] [uri "/.env.local"] [unique_id "agbAqPAzRygvnZ67SaMXsgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-14 15:44:38 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 14 11:44:24.442272 2026] [security2:error] [pid 2492:tid 2506] [client 149.143.136.220:44061] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.promo.heworeblack.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "promo.heworeblack.com"] [uri "/wp-content/mysql.sql"] [unique_id "agXt2Aghx9jRijTA8ce6BwAAAEw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 19:29:31 (4 weeks ago)	(mod_security) mod_security (id:949110) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:949110) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 15:29:16.577917 2026] [security2:error] [pid 13474:tid 13474] [client 149.143.136.220:34835] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "30"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "tgt.cescfoundation.org"] [uri "/.env.production"] [unique_id "agN_jKGJzaElTbIhfDD7kAAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 13:31:47 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 09:31:00.613854 2026] [security2:error] [pid 9318:tid 9318] [client 149.143.136.220:34759] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lawrencehale.com"] [uri "/.env.ci"] [unique_id "agMrlHS3J5SYMHxYlke8KAAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-11 10:57:21 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210730) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 06:57:09.414548 2026] [security2:error] [pid 5525:tid 5529] [client 149.143.136.220:33989] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.realitybytes.us.mailporte.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.realitybytes.us.mailporte.com"] [uri "/s3.key"] [unique_id "agG2Bdtcma20ptefJmaeNAAAAME"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-05-11 10:05:43 (1 month ago)	Too many Status 40X (11)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-10 21:13:27 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 149.143.136.220 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 10 17:13:10.700621 2026] [security2:error] [pid 6731:tid 6731] [client 149.143.136.220:47331] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "thedieselgroupllc.com"] [uri "/.env.ci"] [unique_id "agD05nyz4LW6DxqDAiizXQAAADU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Bruce5051	2026-05-09 19:09:21 (1 month ago)	149.143.136.220 - - [09/May/2026:12:09:21 -0700] "GET /.env.qa HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X ... show more 149.143.136.220 - - [09/May/2026:12:09:21 -0700] "GET /.env.qa HTTP/1.1" 301 162 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Hacking Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-09 14:47:31 (1 month ago)	(caddyscan) Scanner path probe from 149.143.136.220 (US/United States/-): 5 in the last 3600 secs; P ... show more (caddyscan) Scanner path probe from 149.143.136.220 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.136.220 - - [09/May/2026:14:44:06 +0000] "GET /.env.dist HTTP/1.1" [REDACTED] 200 2627 149.143.136.220 - - [09/May/2026:14:44:06 +0000] "GET /.env.staging.local HTTP/1.1" [REDACTED] 200 2627 149.143.136.220 - - [09/May/2026:14:44:06 +0000] "GET /.env.backup HTTP/1.1" [REDACTED] 200 2627 149.143.136.220 - - [09/May/2026:14:44:07 +0000] "GET /.env.bkp HTTP/1.1" [REDACTED] 200 0 149.143.136.220 - - [09/May/2026:14:47:29 +0000] "HEAD /wp-config.php.bak HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 45 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇩 102.216.240.61

🇳🇱 81.19.216.98

🇺🇸 35.174.62.12

🇰🇷 211.104.137.55

🇺🇸 185.88.102.248

🇺🇸 172.58.121.28

🇺🇸 138.68.53.50

🇳🇱 85.11.167.232

🇹🇷 78.177.143.17

🇺🇸 75.176.132.37

🇺🇸 57.154.26.25

🇺🇸 34.162.119.195

🇺🇸 20.172.23.104

🇺🇸 20.127.202.120

🇺🇸 20.106.124.22

🇺🇸 15.253.33.237

🇷🇴 2.57.121.112

🇺🇸 164.92.97.123

🇩🇪 144.31.80.14

🇯🇵 136.110.77.61