JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.104.203

191.96.104.203 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396190
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.104.203

Whois 191.96.104.203

IP Abuse Reports for 191.96.104.203:

This IP address has been reported a total of 10 times from 4 distinct sources. 191.96.104.203 was first reported on May 28th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 filstal.org	2026-05-13 07:22:45 (1 month ago)	Unauthorized web crawling by known aggressive crawler or data harvesting bot detected by Fail2Ban	Bad Web Bot
🇺🇸 TPI-Abuse	2025-12-02 22:43:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:42:59.073728 2025] [security2:error] [pid 26403:tid 26403] [client 191.96.104.203:48177] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.farmers123.com"] [uri "/.env.old"] [unique_id "aS9rcz8PkwBi-36AcGjKOAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 06:17:53 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 01:17:50.607749 2025] [security2:error] [pid 12297:tid 12297] [client 191.96.104.203:34427] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.prod"] [unique_id "aRQmjjAZSQn0ZgCXMMTGtQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 sailor	2025-10-18 17:24:00 (8 months ago)	blocked by firewall for SQL Injection in query string: id=1'%20AND%20(SELECT%201%20FROM%20(SELECT(SL ... show more blocked by firewall for SQL Injection in query string: id=1'%20AND%20(SELECT%201%20FROM%20(SELECT(SLEEP(10)))a)--%20- show less	Hacking Brute-Force Web App Attack
Anonymous	2025-10-02 13:20:04 (8 months ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 14:41:33 (8 months ago)	(mod_security) mod_security (id:212620) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212620) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 10:41:16.466969 2025] [security2:error] [pid 17241:tid 17252] [client 191.96.104.203:60835] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /wp-login.php?action=register&redirect_to=x\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kettlehill.com"] [uri "/wp-login.php"] [unique_id "aN09jKh4GLz6vZLSqByoyAAAAIU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-05 18:26:35 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 05 14:26:32.407890 2025] [security2:error] [pid 21870:tid 21870] [client 191.96.104.203:60279] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".nbcnewsradio.com.key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/mail.nbcnewsradio.com.key"] [unique_id "aJJM2NOjTrnyDnUiBfO4iQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:39:11 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:38:56.691430 2025] [security2:error] [pid 3331447:tid 3331461] [client 191.96.104.203:34741] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/wp-config.php"] [unique_id "aIxhAFSZjg6lcpTf51ZT_QAAAYo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 05:37:36 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:37:19.868395 2025] [security2:error] [pid 2256137:tid 2256238] [client 191.96.104.203:34493] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.com"] [uri "/wp-config.php.bak"] [unique_id "aDvnD2Q8Dui5hvebpq9vdQAAAMc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 20:12:38 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.104.203 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 16:12:30.248935 2025] [security2:error] [pid 1843445:tid 1843445] [client 191.96.104.203:42959] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.farmers123.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.farmers123.com"] [uri "/admin/log/error.log"] [unique_id "aDduLrV-JksLR_A_EStyagAAABE"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 192.241.179.235

🇩🇪 185.242.3.226

🇿🇦 185.203.122.35

🇧🇼 168.167.72.132

🇸🇬 152.42.231.127

🇩🇪 64.89.163.146

🇹🇷 62.76.230.115

🇯🇵 8.216.46.16

🇸🇬 2406:da18:aa8:7e00:8ea4:56e6:2d9c:bfed

🇨🇳 223.85.102.138

🇹🇳 197.5.145.102

🇹🇷 194.62.118.226

🇮🇩 103.190.214.241

🇵🇱 95.214.53.196

🇹🇷 78.135.111.16

🇺🇸 66.132.195.111

🇯🇵 56.155.90.27

🇯🇵 52.193.210.193

🇮🇪 34.253.204.212

🇩🇪 31.76.29.132