JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 149.143.137.22

149.143.137.22 was found in our database!

This IP was reported 40 times. Confidence of Abuse is 31%: ?

31%

ISP	WiredISP Inc.
Usage Type	Fixed Line ISP
ASN	AS7029
Domain Name	wiredisp.com
Country	🇺🇸 United States of America
City	Leesburg, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 149.143.137.22

Whois 149.143.137.22

IP Abuse Reports for 149.143.137.22:

This IP address has been reported a total of 40 times from 17 distinct sources. 149.143.137.22 was first reported on April 19th 2026, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-05-18 15:40:15 (1 month ago)	(caddyscan) Scanner path probe from 149.143.137.22 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.137.22 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.137.22 - - [18/May/2026:15:40:13 +0000] "GET /.env.example HTTP/1.1" [REDACTED] 200 0 149.143.137.22 - - [18/May/2026:15:40:13 +0000] "HEAD /.git/config HTTP/1.1" [REDACTED] 200 2627 149.143.137.22 - - [18/May/2026:15:40:13 +0000] "GET /.env.prod HTTP/1.1" [REDACTED] 200 2627 149.143.137.22 - - [18/May/2026:15:40:13 +0000] "GET /.env.default HTTP/1.1" [REDACTED] 200 2627 149.143.137.22 - - [18/May/2026:15:40:13 +0000] "GET /.env.old HTTP/1.1" show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-17 04:10:46 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 00:10:42.066438 2026] [security2:error] [pid 13102:tid 13102] [client 149.143.137.22:48503] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.michaelwakim.teamwakimphotography.com"] [uri "/app/.env"] [unique_id "agk_wo0ch7OIjzs5moUSmAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 05:19:20 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 01:19:07.171972 2026] [security2:error] [pid 10905:tid 10905] [client 149.143.137.22:58407] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|daviddenotaris.com\|F\|2"] [data ".key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "daviddenotaris.com"] [uri "/s3.key"] [unique_id "agf-S-5Fl5X4JhBJ6LTQfQAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:42:14 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:41:43.365601 2026] [security2:error] [pid 20655:tid 20662] [client 149.143.137.22:60045] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "marinkovich.org"] [uri "/wp-config.php.bak"] [unique_id "agbcRwS8NqowuojCS1O72wAAAUU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:24:19 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:23:35.879435 2026] [security2:error] [pid 17814:tid 17814] [client 149.143.137.22:57363] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|johnhansonmemorial.org.coolingsprings.org\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "johnhansonmemorial.org.coolingsprings.org"] [uri "/db.sql"] [unique_id "agbYB4T-V5zorIEG56GtxQAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 08:04:04 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 04:03:15.936219 2026] [security2:error] [pid 13127:tid 13127] [client 149.143.137.22:58655] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "amazinghydraulics.com"] [uri "/.env~"] [unique_id "agbTQywQTMxnIwhrWKJT_AAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 07:31:54 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 03:31:31.871986 2026] [security2:error] [pid 28335:tid 28335] [client 149.143.137.22:47029] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.sympalais.com"] [uri "/wp-config.php.bak"] [unique_id "agbL09F3L2V69N9NLN8b0gAAADA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 06:42:35 (1 month ago)	(mod_security) mod_security (id:210730) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 02:41:16.583745 2026] [security2:error] [pid 23207:tid 23207] [client 149.143.137.22:50523] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|gods-law.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gods-law.com"] [uri "/backup.sql"] [unique_id "agbADPxIsV04lRbOZnB7XwAAAEU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 06:19:57 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 02:19:16.174511 2026] [security2:error] [pid 25891:tid 25891] [client 149.143.137.22:56101] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blanchebb.com"] [uri "/.env.production.local"] [unique_id "aga65GAVtxKVfMad-gdCOAAAAEU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 13:31:38 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 09:31:00.611091 2026] [security2:error] [pid 6796:tid 6796] [client 149.143.137.22:60409] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "lawrencehale.com"] [uri "/.env"] [unique_id "agMrlBYwrIJ8dG8QMvzCGQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 11:10:11 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 149.143.137.22 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 07:09:51.756162 2026] [security2:error] [pid 14462:tid 14462] [client 149.143.137.22:40843] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "r-390.com"] [uri "/.env.preview"] [unique_id "agMKfxfIBIO7KNj2vbVCQAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-10 08:41:33 (1 month ago)	(caddyscan) Scanner path probe from 149.143.137.22 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.137.22 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.137.22 - - [10/May/2026:08:34:05 +0000] "GET /.env.uat HTTP/1.1" [REDACTED] 200 2627 149.143.137.22 - - [10/May/2026:08:34:05 +0000] "GET /.env.development.local HTTP/1.1" [REDACTED] 200 2627 149.143.137.22 - - [10/May/2026:08:37:37 +0000] "GET /phpMyAdmin/ HTTP/1.1" [REDACTED] 200 0 149.143.137.22 - - [10/May/2026:08:37:39 +0000] "HEAD /.env.save HTTP/1.1" [REDACTED] 200 2627 149.143.137.22 - - [10/May/2026:08:41:27 +0000] "GET /.env~ HTTP/1.1" show less	Port Scan
🇬🇧 consul.to	2026-05-10 00:16:34 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 Bruce5051	2026-05-09 19:09:21 (1 month ago)	149.143.137.22 - - [09/May/2026:12:09:20 -0700] "GET /.env.txt HTTP/1.1" 301 162 "-" "Mozilla/5.0 (M ... show more 149.143.137.22 - - [09/May/2026:12:09:20 -0700] "GET /.env.txt HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:125.0) Gecko/20100101 Firefox/125.0" ... show less	Hacking Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-09 07:54:58 (1 month ago)	(caddyscan) Scanner path probe from 149.143.137.22 (US/United States/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 149.143.137.22 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 149.143.137.22 - - [09/May/2026:07:54:35 +0000] "GET /.DS_Store HTTP/1.1" [REDACTED] 200 2627 149.143.137.22 - - [09/May/2026:07:54:39 +0000] "GET /.env.yaml HTTP/1.1" [REDACTED] 200 2627 149.143.137.22 - - [09/May/2026:07:54:46 +0000] "GET /phpmyadmin/ HTTP/1.1" [REDACTED] 200 2627 149.143.137.22 - - [09/May/2026:07:54:54 +0000] "GET /.env.copy HTTP/1.1" [REDACTED] 200 2627 149.143.137.22 - - [09/May/2026:07:54:55 +0000] "GET /.env~ HTTP/1.1" show less	Port Scan

Showing 1 to 15 of 40 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇭 203.154.158.195

🇧🇷 179.83.134.101

🇮🇳 103.148.206.98

🇷🇴 80.94.92.168

🇺🇸 20.65.194.81

🇺🇸 2a04:c300:400::1ad

🇰🇷 182.210.76.170

🇸🇬 172.253.236.212

🇹🇼 165.154.227.158

🇷🇴 92.118.39.62

🇺🇸 15.204.211.98

🇺🇸 2607:f8b0:400c:c05::122

🇭🇰 199.45.154.178

🇦🇱 188.93.112.20

🇸🇬 173.239.247.35

🇺🇾 167.62.210.24

🇺🇸 77.91.118.18

🇺🇸 47.251.77.17

🇨🇳 192.140.185.8

🇫🇷 185.177.72.12