JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 207.58.140.149

207.58.140.149 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 100%: ?

100%

ISP	Leaseweb USA, Inc.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS30633
Hostname(s)	vps.hostingsupply.com
Domain Name	leaseweb.com
Country	🇺🇸 United States of America
City	Centreville, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 207.58.140.149

Whois 207.58.140.149

IP Abuse Reports for 207.58.140.149:

This IP address has been reported a total of 32 times from 28 distinct sources. 207.58.140.149 was first reported on June 3rd 2026, and the most recent report was 5 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇹🇷 Threat.live	2026-06-09 01:15:02 (5 minutes ago)	Suspicious Connection Attempts	Brute-Force
🇩🇪 maxpower	2026-06-08 22:49:31 (2 hours ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 207.58.140.149 (US/United States/vps.hos ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 207.58.140.149 (US/United States/vps.hostingsupply.com): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 207.58.140.149 - - [09/Jun/2026:00:49:22 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 146 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-" host=51.89.2.98 207.58.140.149 - - [09/Jun/2026:00:49:22 +0200] "GET /.aws/credentials HTTP/1.1" 404 10386 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" "-" host=51.89.2.98 show less	Port Scan
🇩🇪 cloudmax	2026-06-08 21:28:02 (3 hours ago)	Cloudmax IPS Block - Suspicious activity. Possible port scanning, service reconnaissance, or vulnera ... show more Cloudmax IPS Block - Suspicious activity. Possible port scanning, service reconnaissance, or vulnerability probing show less	Port Scan
🇩🇪 bescared	2026-06-08 21:18:26 (4 hours ago)	F2B - Malicious activity detected. URL Probing. -c0423ad6-	Hacking Web App Attack
Anonymous	2026-06-08 20:22:20 (4 hours ago)	Bot detected scanning for vulnerable pages	Port Scan
🇸🇰 iplusv	2026-06-08 19:00:05 (6 hours ago)	Automatic report from IV firewall log.	Port Scan Hacking Brute-Force
🇵🇱 sefinek.net	2026-06-08 16:08:35 (9 hours ago)	Honeypot hit: Empty payload (likely service probe); 2087 [4] TCP Reported by: https://github.com/sef ... show more Honeypot hit: Empty payload (likely service probe); 2087 [4] TCP Reported by: https://github.com/sefinek/T-Pot-To-AbuseIPDB show less	Port Scan
🇦🇺 aranguren.org	2026-06-08 06:26:00 (18 hours ago)	207.58.140.149 - - [08/Jun/2026:16:25:38 +1000] "GET /.env HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windo ... show more 207.58.140.149 - - [08/Jun/2026:16:25:38 +1000] "GET /.env HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" 207.58.140.149 - - [08/Jun/2026:16:25:40 +1000] "GET /.env.local HTTP/1.1" 404 986 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 207.58.140.149 - - [08/Jun/2026:16:25:44 +1000] "GET /.env.backup HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.4 Safari/605.1.15" 207.58.140.149 - - [08/Jun/2026:16:25:47 +1000] "GET /wp-config.php HTTP/1.1" 404 16 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" 207.58.140.149 - - [08/Jun/2026:16:25:56 +1000] "GET /server-status HTTP/1.1" 403 976 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" 207.58.140.149 - - [08/Jun/2026:16:26:00 +1000] "GET /.DS_Store HTTP/1.1" 404 986 "-" "Mozilla/5.0 (Windows N ... show less	Bad Web Bot
🇩🇪 _ArminS_	2026-06-08 04:17:25 (21 hours ago)	WEB-Scan 59674:80 detected 2026.06.08 06:17:25 blocked until 2026.07.27 23:20:12	Port Scan
🇺🇸 MPL	2026-06-08 01:33:31 (23 hours ago)	tcp port scan (6 or more attempts)	Port Scan
🇺🇸 xmission.com	2026-06-07 23:48:20 (1 day ago)	Blocked by UFW (TCP on 2087) Source port: 58188 TTL: 51 Packet length: 60 TOS: 0x08 This report (fo ... show more Blocked by UFW (TCP on 2087) Source port: 58188 TTL: 51 Packet length: 60 TOS: 0x08 This report (for 207.58.140.149) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 sumnone	2026-06-07 23:41:52 (1 day ago)	Port probing on unauthorized port 2087	Port Scan Hacking Exploited Host
🇩🇪 psauxit	2026-06-07 19:39:41 (1 day ago)	Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrp ... show more Fail2Ban - NGINX bad requests 400-401-403-404-444, high level vulnerability scanning, commonly xmlrpc_attack, wp-login brute force, excessive crawling/scraping show less	Web App Attack Hacking
🇮🇩 Burayot	2026-06-07 18:40:40 (1 day ago)	LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 207.58.140.149 (US/United States/vp ... show more LF_MODSEC: (mod_security) mod_security (id:1000001) triggered by 207.58.140.149 (US/United States/vps.hostingsupply.com): 1 in the last 3600 secs show less	Web App Attack
Anonymous	2026-06-07 16:46:24 (1 day ago)	Brute-Force reported by Fail2Ban	Brute-Force Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇮🇪 168.63.79.147

🇺🇸 216.25.89.113

🇨🇴 190.0.63.226

🇸🇪 185.213.24.249

🇺🇸 152.32.151.39

🇨🇳 123.159.100.189

🇨🇳 121.61.191.13

🇨🇳 112.18.182.218

🇫🇷 92.205.184.118

🇫🇷 85.217.140.24

🇱🇹 81.30.98.62

🇩🇪 69.5.169.195

🇺🇸 66.132.172.97

🇺🇸 45.79.192.145

🇹🇼 198.235.24.46

🇷🇴 193.32.162.82

🇺🇸 172.202.118.41

🇺🇸 135.233.112.94

🇮🇳 113.193.234.210

🇨🇳 106.13.174.45