AbuseIPDB » 185.117.149.91
185.117.149.91 was found in our database!
This IP was reported 7 times. Confidence of
Abuse
is 4% : ?
ISP
NUR Telecom LLC
Usage Type
Mobile ISP
ASN
AS47237
Hostname(s)
Pool-4-185.117.149.91.o.kg
Domain Name
nurtelecom.kg
Country
π°π¬
Kyrgyzstan
City
Bishkek, Bishkek
IP info including ISP, Usage Type, and Location provided
by IPInfo . Updated weekly.
IP Abuse Reports for 185.117.149.91 :
This IP address has been reported a total of
7
times from
6 distinct
sources.
185.117.149.91 was first reported on
June 12th 2025 , and the most recent report was
3 days ago .
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
πΊπΈ
TPI-Abuse
2026-06-29 14:01:07
(3 days ago)
(mod_security) mod_security (id:210492) triggered by 185.117.149.91 (Pool-4-185.117.149.91.o.kg): 1 ...
show more
(mod_security) mod_security (id:210492) triggered by 185.117.149.91 (Pool-4-185.117.149.91.o.kg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 29 10:01:00.353835 2026] [security2:error] [pid 29558:tid 29558] [client 185.117.149.91:29305] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "sweak.com"] [uri "/.env.dev"] [unique_id "akJ6nCiTCS9Js7tELvljkAAAAB8"]
show less
Brute-Force
Bad Web Bot
Web App Attack
πΊπΈ
TPI-Abuse
2026-04-29 08:40:49
(2 months ago)
(mod_security) mod_security (id:210730) triggered by 185.117.149.91 (Pool-4-185.117.149.91.o.kg): 1 ...
show more
(mod_security) mod_security (id:210730) triggered by 185.117.149.91 (Pool-4-185.117.149.91.o.kg): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 29 04:40:43.029026 2026] [security2:error] [pid 27338:tid 27338] [client 185.117.149.91:15352] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||banis-associates.com|F|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "banis-associates.com"] [uri "/daterapebooks.com"] [unique_id "afHEC8B6kEuisiGDDa0eJwAAABM"], referer: http://banis-associates.com/
show less
Brute-Force
Bad Web Bot
Web App Attack
π³π±
maxxsense
2026-04-07 08:01:04
(2 months ago)
185.117.149.91 (KG/Kyrgyzstan/Pool-4-185.117.149.91.o.kg), 12 distributed imapd attacks on account [ ...
show more
185.117.149.91 (KG/Kyrgyzstan/Pool-4-185.117.149.91.o.kg), 12 distributed imapd attacks on account [redacted]
show less
Brute-Force
Anonymous
2025-11-21 13:03:18
(7 months ago)
scanning http requests from known botnet
Web App Attack
π©πͺ
london2038.com
2025-10-31 13:23:22
(8 months ago)
Connection atttempts against closed TCP ports
Oct 31 14:23:21 BLOCK SRC=185.117.149.91 LEN=52 TOS=0x ...
show more
Connection atttempts against closed TCP ports
Oct 31 14:23:21 BLOCK SRC=185.117.149.91 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=10272 DF PROTO=TCP SPT=60087 DPT=443 WINDOW=32044 RES=0x00 ACK FIN
Oct 31 14:23:21 BLOCK SRC=185.117.149.91 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=10273 DF PROTO=TCP SPT=60087 DPT=443 WINDOW=32044 RES=0x00 ACK FIN
Oct 31 14:23:22 BLOCK SRC=185.117.149.91 LEN=52 TOS=0x00 PREC=0x00 TTL=50 ID=10274 DF PROTO=TCP SPT=60087 DPT=443 WINDOW=32044 RES=0x00 ACK FIN
show less
Port Scan
π³π±
exxos
2025-09-01 04:03:01
(10 months ago)
Attacks with Bad user agents
Hacking
πΊπΈ
octageeks.com
2025-06-12 04:08:29
(1 year ago)
Wordpress malicious attack:[octablocked]
Web App Attack
Showing 1 to
7
of 7 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown π©
Recently Reported IPs: