JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.106.135

191.96.106.135 was found in our database!

This IP was reported 29 times. Confidence of Abuse is 24%: ?

24%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Fixed Line ISP
ASN	AS174
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.106.135

Whois 191.96.106.135

IP Abuse Reports for 191.96.106.135:

This IP address has been reported a total of 29 times from 21 distinct sources. 191.96.106.135 was first reported on January 6th 2024, and the most recent report was 3 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 3 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇪 cmbplf	2026-05-28 11:32:20 (3 weeks ago)	257 requests with url.path */wp-includes/wlwmanifest.xml	Brute-Force Bad Web Bot
🇺🇸 kosada.com	2026-05-28 10:23:44 (3 weeks ago)	Web vulnerability probing: //wordpress/wp-includes/wlwmanifest.xml	Web App Attack
🇮🇹 VHosting	2026-05-28 08:30:03 (3 weeks ago)	Detected WordPress attack from 4 different servers	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 08:08:55 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 191.96.106.135 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 191.96.106.135 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 04:08:51.233894 2026] [security2:error] [pid 24280:tid 24280] [client 191.96.106.135:29514] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|bernsteinip.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bernsteinip.com"] [uri "/wp-includes/id3/license.txt/blog/wp-json/wp/v2/users/"] [unique_id "ahf4E4SLimLSGxHtewZi0gAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-18 05:02:14 (1 month ago)	Attack Signature Blocked: /wishlist/index/add/product/11178/form_key/Qq4xdd6gPGwcPueF/ (Magento Site ... show more Attack Signature Blocked: /wishlist/index/add/product/11178/form_key/Qq4xdd6gPGwcPueF/ (Magento Site) (Botnet activity attributed to: Angara Technologies Group / mikhail-smirnov-79830322) show less	Web App Attack Bad Web Bot
🇸🇪 vaia.cloud	2025-11-21 12:23:03 (6 months ago)	trying wp-login.php/xmlrpc.php 48 times in 1 minutes	Brute-Force Web App Attack
🇳🇱 maxxsense	2025-11-08 08:31:04 (7 months ago)	(smtpauth) Failed SMTP AUTH login from 191.96.106.135 (US/United States/-)	Brute-Force
🇺🇸 www.winos.me	2025-09-25 01:11:37 (8 months ago)	stream fail	Web App Attack
🇺🇸 xmission.com	2025-07-13 11:27:51 (11 months ago)	Blocked by UFW (TCP on 30001) Source port: 51663 TTL: 119 Packet length: 52 TOS: 0x08 This report ( ... show more Blocked by UFW (TCP on 30001) Source port: 51663 TTL: 119 Packet length: 52 TOS: 0x08 This report (for 191.96.106.135) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 creations.works	2025-07-12 02:48:48 (11 months ago)	Blocked by UFW on vds [6681/tcp] Source port: 18061 TTL: 53 Packet length: 60 TOS: 0x00 This report ... show more Blocked by UFW on vds [6681/tcp] Source port: 18061 TTL: 53 Packet length: 60 TOS: 0x00 This report was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇦🇺 oncord	2025-06-13 11:30:28 (1 year ago)	Form spam	Web Spam
🇺🇸 oncord	2025-06-12 00:05:09 (1 year ago)	Form spam	Web Spam
🇦🇺 oncord	2025-05-14 17:12:53 (1 year ago)	Form spam	Web Spam
🇦🇺 MAGIC	2025-05-14 17:00:41 (1 year ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇺🇸 bigscoots.com	2025-04-12 01:40:01 (1 year ago)	(smtpauth) Failed SMTP AUTH login from 191.96.106.135 (US/United States/-): 5 in the last 3600 secs; ... show more (smtpauth) Failed SMTP AUTH login from 191.96.106.135 (US/United States/-): 5 in the last 3600 secs; Ports: 25,465,587; Direction: 0; Trigger: LF_SMTPAUTH; Logs: 2025-04-11 21:30:37 dovecot_login authenticator failed for (ADMIN) [191.96.106.135]:50050: 535 Incorrect authentication data ([email protected]) 2025-04-11 21:34:40 dovecot_login authenticator failed for (ADMIN) [191.96.106.135]:47478: 535 Incorrect authentication data ([email protected]) 2025-04-11 21:35:14 dovecot_login authenticator failed for (ADMIN) [191.96.106.135]:48926: 535 Incorrect authentication data ([email protected]) 2025-04-11 21:38:44 dovecot_login authenticator failed for (ADMIN) [191.96.106.135]:51648: 535 Incorrect authentication data ([email protected]) 2025-04-11 21:39:57 dovecot_login authenticator failed for (ADMIN) [191.96.106.135]:54286: 535 Incorrect authentication data ([email protected]) show less	Brute-Force SSH

Showing 1 to 15 of 29 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 120.48.54.225

🇮🇳 165.22.214.22

🇩🇪 155.102.161.2

🇮🇳 117.196.84.84

🇮🇳 115.244.208.246

🇧🇩 103.4.145.50

🇩🇪 79.133.57.29

🇺🇸 45.156.129.96

🇮🇳 2403:a080:84f:368b:a9c0:73a6:85be:119b

🇪🇪 213.168.12.254

🇩🇪 194.164.192.228

🇲🇽 170.81.143.53

🇵🇰 154.208.47.195

🇺🇸 147.182.202.179

🇮🇳 103.95.164.165

🇸🇬 101.47.15.119

🇦🇪 94.59.244.223

🇱🇹 81.30.98.44

🇰🇷 61.72.145.38

🇺🇸 54.224.194.92