JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.104.246

191.96.104.246 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396190
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.104.246

Whois 191.96.104.246

IP Abuse Reports for 191.96.104.246:

This IP address has been reported a total of 8 times from 3 distinct sources. 191.96.104.246 was first reported on May 27th 2025, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 raspi4	2025-12-31 19:23:36 (5 months ago)	Fail2Ban Ban Triggered	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 02:52:47 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 22:52:43.100495 2025] [security2:error] [pid 32223:tid 32223] [client 191.96.104.246:46887] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.nbcnewsradio.com"] [uri "/.htaccess"] [unique_id "aQGBe4dosRF2u1Tr9mUakwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 14:58:05 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 10:57:58.915152 2025] [security2:error] [pid 12475:tid 12487] [client 191.96.104.246:53487] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.com"] [uri "/sftp-config.json"] [unique_id "aN1BdmCKjmgjI9kURFKJhAAAAUg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-22 20:15:21 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Sep 22 16:15:15.667824 2025] [security2:error] [pid 2298:tid 2298] [client 191.96.104.246:59537] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.deandobkin.com"] [uri "/.git/config"] [unique_id "aNGuU1lULwr5ihD0ZIpiGAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 07:04:23 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 03:04:14.707104 2025] [security2:error] [pid 3712160:tid 3712187] [client 191.96.104.246:54797] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.com"] [uri "/sample.htaccess"] [unique_id "aIxm7tc_-1Eg368SpPhugQAAAIo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 15:48:14 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 11:48:11.073944 2025] [security2:error] [pid 2988917:tid 2988917] [client 191.96.104.246:43669] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".nbcnewsradio.com.key"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/ssl/mail.nbcnewsradio.com.key"] [unique_id "aDx2O11G63UQKoXaZN_2RwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 05:35:46 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.104.246 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:33:40.396005 2025] [security2:error] [pid 2256136:tid 2256218] [client 191.96.104.246:42631] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.net\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.net"] [uri "/logs/error.log"] [unique_id "aDvmNLVUnYIqO9hNDIS50gAAAI4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-27 05:10:02 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 45.33.65.239

🇬🇧 185.65.165.61

🇺🇸 173.239.249.3

🇨🇳 171.36.7.183

🇫🇮 147.185.133.68

🇺🇸 147.185.132.129

🇺🇸 147.185.132.116

🇵🇭 136.158.57.53

🇨🇳 103.217.186.86

🇨🇳 58.48.170.235

🇻🇳 27.79.2.165

🇮🇳 182.77.79.16

🇰🇷 175.198.18.3

🇩🇪 165.227.170.113

🇺🇸 147.185.132.149

🇨🇳 116.178.130.198

🇨🇳 116.167.7.173

🇮🇩 110.232.84.181

🇺🇸 104.243.35.104

🇮🇳 103.180.212.135