AbuseIPDB » 205.185.117.149

205.185.117.149 was found in our database!

This IP was reported 10,494 times. Confidence of Abuse is 60%: ?

60%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	FranTech Solutions
Usage Type	Data Center/Web Hosting/Transit
ASN	AS53667
Hostname(s)	tor-exit.greektor.com
Domain Name	frantech.ca
Country	United States of America
City	Las Vegas, Nevada

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 205.185.117.149

Whois 205.185.117.149

IP Abuse Reports for 205.185.117.149:

This IP address has been reported a total of 10,494 times from 1,030 distinct sources. 205.185.117.149 was first reported on November 22nd 2020, and the most recent report was 18 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
TPI-Abuse	2025-03-26 03:31:22 (18 hours ago)	(mod_security) mod_security (id:210492) triggered by 205.185.117.149 (tor-exit.greektor.com): 1 in t ... show more(mod_security) mod_security (id:210492) triggered by 205.185.117.149 (tor-exit.greektor.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 25 23:31:18.021785 2025] [security2:error] [pid 14916:tid 14916] [client 205.185.117.149:57429] [client 205.185.117.149] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "louisvillecustomkitchens.com"] [uri "/wp-config.phpc"] [unique_id "Z-N1BlFxRe6E0rsjck-FngAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
sms.ru	2025-03-24 10:25:37 (2 days ago)	/wp-admin/	Web App Attack
Anonymous	2025-03-23 16:40:50 (3 days ago)	Fail2ban block	Brute-Force
MAGIC	2025-03-20 16:02:26 (6 days ago)	VM5 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
Anonymous	2025-03-19 07:25:34 (1 week ago)	Action: Block, Reason: DDOS attack detected	DDoS Attack
Packets-Decreaser.NET	2025-03-18 09:56:18 (1 week ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
marzzzello	2025-03-09 13:12:47 (2 weeks ago)	Ports: 9x 29323	Port Scan
ipblock.com	2025-03-09 00:00:00 (2 weeks ago)	IPBlock protected site ID [4055-d][s=08]. Major crawler impostor. Mozilla/5.0 (compati ... show moreIPBlock protected site ID [4055-d][s=08]. Major crawler impostor. Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) show less	Bad Web Bot
TPI-Abuse	2025-03-06 08:38:04 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 205.185.117.149 (tor-exit.greektor.com): 1 in t ... show more(mod_security) mod_security (id:210492) triggered by 205.185.117.149 (tor-exit.greektor.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Mar 06 03:37:56.404289 2025] [security2:error] [pid 30823:tid 30823] [client 205.185.117.149:10831] [client 205.185.117.149] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "balloonworldohio.com"] [uri "/wp-config.php_old2020"] [unique_id "Z8le5LuI_oZHxa64D0USZgAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
subnetprotocol	2025-03-06 03:50:45 (2 weeks ago)	06/Mar/2025:04:50:41.467991 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client ... show more06/Mar/2025:04:50:41.467991 +0100Apache-Error: [file "apache2_util.c"] [line 275] [level 3] [client 205.185.117.149] ModSecurity: Warning. Pattern match "(?:(?:\\\\\\\\(|\\\\\\\\[)[a-zA-Z0-9_.$\\\\"'\\\\\\\\[\\\\\\\\](){}/*\\\\\\\\s]+(?:\\\\\\\\)|\\\\\\\\])[0-9_.$\\\\"'\\\\\\\\[\\\\\\\\](){}/*\\\\\\\\s]*\\\\\\\\([a-zA-Z0-9_.$\\\\"'\\\\\\\\[\\\\\\\\](){}/*\\\\\\\\s].*\\\\\\\\)|\\\\\\\\([\\\\\\\\s]*string[\\\\\\\\s]*\\\\\\\\)[\\\\\\\\s]*(?:\\\\"|'))" at ARGS:yeux. [file "/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-933-APPLICATION-ATTACK-PHP.conf"] [line "503"] [id "933210"] [msg "PHP Injection Attack: Variable Function Call Found"] [data "Matched Data: (SELECT (CHAR(113) CHAR(122) CHAR(107) CHAR(122) CHAR(113) (SELECT (CASE WHEN (1097=1097) THEN CHAR(49) ELSE CHAR(48) END)) CHAR(113) CHAR(106) CHAR(112) CHAR(107) CHAR(113))) found within ARGS:yeux: ') AND 1097 IN (SELECT (CHAR(113) CHAR(122) CHAR(107) CHAR(122) CHAR(113) (SELECT (CASE WHEN (1097=1097) THEN CHAR(49) ELS ... show less	Hacking Web App Attack
NetworkOperationsTeam	2025-03-06 03:03:04 (2 weeks ago)	SMS Bombing. Trying to authenticate. API Abuse rate limit exceeded	Hacking Brute-Force Web App Attack
MAGIC	2025-03-06 01:03:09 (2 weeks ago)	VM5 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
ipblock.com	2025-03-02 06:35:00 (3 weeks ago)	IPBlock protected site ID [4055-d][s=07]. Major crawler impostor. Mozilla/5.0 (compati ... show moreIPBlock protected site ID [4055-d][s=07]. Major crawler impostor. Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) show less	Bad Web Bot
Anonymous	2025-02-28 11:22:18 (3 weeks ago)	Action: Block, Reason: DDOS attack detected	DDoS Attack
onkeltom	2025-02-26 10:45:50 (1 month ago)	Multiple unauthorized connection attempts	Hacking Brute-Force

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩