JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 185.116.172.240

185.116.172.240 was found in our database!

This IP was reported 5 times. Confidence of Abuse is 2%: ?

ISP	NGS
Usage Type	Fixed Line ISP
ASN	AS25335
Domain Name	ngsuk.com
Country	🇬🇧 United Kingdom of Great Britain and Northern Ireland
City	London, England

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 185.116.172.240

Whois 185.116.172.240

IP Abuse Reports for 185.116.172.240:

This IP address has been reported a total of 5 times from 1 distinct source. 185.116.172.240 was first reported on May 25th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 hermawan	2026-06-09 09:31:29 (2 weeks ago)	[Tue Jun 09 16:31:26.448137 2026] [security2:error] [pid 397350:tid 139738896914112] [client 185.116 ... show more [Tue Jun 09 16:31:26.448137 2026] [security2:error] [pid 397350:tid 139738896914112] [client 185.116.172.240:6120] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.google.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.google.go.id found within REQUEST_HEADERS:Referer: https://www.google.go.id/ request_line = GET /index.php/analisis-iklim/analisis-musim/perbandingan-musim-kemarau/perbandingan-awal-musim-kemarau-dengan-normalnya HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/analisis-iklim/analisis-musim/perbandingan-musim-kemarau/perbandingan-awal-musim-kemarau-dengan-normalnya"] [unique_id "aifdbsuCcoffsQ5szKNwCwABSQE"], referer https://www.google.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[397359] [IV2Cyg6GuZ0] [aifdbsuCcoffsQ5szKNwCwABSQE] keep_alive=[1] ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-07 14:51:46 (2 weeks ago)	[Sun Jun 07 21:51:41.802187 2026] [security2:error] [pid 100822:tid 140410113476288] [client 185.116 ... show more [Sun Jun 07 21:51:41.802187 2026] [security2:error] [pid 100822:tid 140410113476288] [client 185.116.172.240:36454] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.bmkg.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.bmkg.go.id found within REQUEST_HEADERS:Referer: https://www.bmkg.go.id/ request_line = GET /index.php/profil/meteorologi/list-all-categories HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/profil/meteorologi/list-all-categories"] [unique_id "aiWFfTgOA_844LYkTddHDgAAWAM"], referer https://www.bmkg.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[100873] [TaomCCuSsd4] [aiWFfTgOA_844LYkTddHDgAAWAM] keep_alive=[1] [2026-06-07 21:51:41.802192] [R:aiWFfTgOA_844LYkTddHDgAAWAM] UA:'Mozilla/5.0 (Linux; Android 8.0.0; SM-J330G) AppleWebKit/537.36 (KHTML, like ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-06-05 05:02:16 (2 weeks ago)	[Fri Jun 05 12:02:12.101483 2026] [security2:error] [pid 743010:tid 140063108212416] [client 185.116 ... show more [Fri Jun 05 12:02:12.101483 2026] [security2:error] [pid 743010:tid 140063108212416] [client 185.116.172.240:59882] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.bmkg.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.bmkg.go.id found within REQUEST_HEADERS:Referer: https://www.bmkg.go.id/ request_line = GET /index.php/informasi-iklim/infografis-iklim/infografis-tahunan HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php/informasi-iklim/infografis-iklim/infografis-tahunan"] [unique_id "aiJYVEX8xbzFcPwWerG-rgABCwU"], referer https://www.bmkg.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[743016] [oQpBkDq1LRs] [aiJYVEX8xbzFcPwWerG-rgABCwU] keep_alive=[1] [2026-06-05 12:02:12.101487] [R:aiJYVEX8xbzFcPwWerG-rgABCwU] UA:'Mozilla/5.0 (iPhone; CPU iPhone OS 17_6 like Mac O ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-05-30 00:45:35 (3 weeks ago)	[Sat May 30 07:45:17.989943 2026] [security2:error] [pid 405768:tid 140229963896512] [client 185.116 ... show more [Sat May 30 07:45:17.989943 2026] [security2:error] [pid 405768:tid 140229963896512] [client 185.116.172.240:50566] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "www.yandex.go.id" at REQUEST_HEADERS:Referer. [file "/etc/modsecurity/coreruleset-4.26.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "582"] [id "440068"] [msg "BAD Referer"] [data "Matched Data: www.yandex.go.id found within REQUEST_HEADERS:Referer: https://www.yandex.go.id/ request_line = GET /index.php HTTP/2.0"] [severity "NOTICE"] [hostname "staklim-jatim.bmkg.go.id"] [uri "/index.php"] [unique_id "ahozHWtp-zBogIMbvbx--gAAkgk"], referer https://www.yandex.go.id/ [staklim-jatim.bmkg.go.id] [staklim-jatim.bmkg.go.id] top=[405779] [wSB4Rv5sKvQ] [ahozHWtp-zBogIMbvbx--gAAkgk] keep_alive=[1] [2026-05-30 07:45:17.989947] [R:ahozHWtp-zBogIMbvbx--gAAkgk] UA:'Mozilla/5.0 (Linux, Android 15, SM-S911U Build/AP3A.240905.015.A2, ) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/139.0.7258.158 Mobi ... show less	Email Spam Hacking
🇮🇩 hermawan	2026-05-25 11:28:46 (4 weeks ago)	05/25/2026-18:28:42.394687 [Drop] [] [1:2100001898:0] Suricata match TLS ja4 scan Uniq Zeek no 18 ... show more 05/25/2026-18:28:42.394687 [Drop] [] [1:2100001898:0] Suricata match TLS ja4 scan Uniq Zeek no 1898 with hash_t13d1812h1_85036bcba153_d41ae481755e [**] [Classification: (null)] [Priority: 3] {TCP} 185.116.172.240:43476 -> 103.166.156.58:443 ... show less	Email Spam Hacking

Showing 1 to 5 of 5 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇪🇸 217.72.207.220

🇮🇩 119.47.90.19

🇧🇬 81.177.213.250

🇭🇰 46.247.61.98

🇺🇸 20.106.48.199

🇺🇸 20.64.106.117

🇧🇷 4.228.83.28

🇨🇳 203.56.198.45

🇧🇪 198.235.24.137

🇧🇴 181.188.176.242

🇺🇸 82.40.121.102

🇧🇬 79.124.56.246

🇺🇸 8.229.140.7

🇪🇸 5.182.83.231

🇺🇸 206.220.175.5

🇨🇳 59.52.102.197

🇧🇷 45.165.14.197

🇺🇸 43.130.174.37

🇺🇸 15.204.187.180

🇩🇪 213.209.159.228