JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.106.42

191.96.106.42 was found in our database!

This IP was reported 312 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Fixed Line ISP
ASN	AS174
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.106.42

Whois 191.96.106.42

IP Abuse Reports for 191.96.106.42:

This IP address has been reported a total of 312 times from 162 distinct sources. 191.96.106.42 was first reported on August 10th 2021, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 Peregrine	2026-05-18 03:09:37 (1 month ago)	Fail2Ban Jail: tomcat-honeypot \| Evidence: 191.96.106.42 172.70.214.68 - - [14/May/2026:18:27:11 -03 ... show more Fail2Ban Jail: tomcat-honeypot \| Evidence: 191.96.106.42 172.70.214.68 - - [14/May/2026:18:27:11 -0300] "GET /.env HTTP/1.1" 404 414 show less	Bad Web Bot
Anonymous	2026-05-17 09:20:11 (1 month ago)	FortiWeb WAF: 12 attacks detected. Threat Score: 18200. Types: Client Management(6), Block IP List(6 ... show more FortiWeb WAF: 12 attacks detected. Threat Score: 18200. Types: Client Management(6), Block IP List(6). Origin: United States. show less	Web App Attack
🇩🇪 FeG Deutschland	2026-05-17 04:29:06 (1 month ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇳🇱 BlueWire Hosting	2026-05-17 00:24:49 (1 month ago)	Probing websites for vulnerabilities	Web App Attack
Anonymous	2026-05-16 22:12:39 (1 month ago)	Sensitive file access attempt	Hacking
🇺🇦 URAN Publishing Service	2026-05-16 21:07:59 (1 month ago)	191.96.106.42 - - [17/May/2026:00:07:59 +0300] "GET /.env HTTP/1.1" 404 765 "-" "Mozilla/5.0 (Macint ... show more 191.96.106.42 - - [17/May/2026:00:07:59 +0300] "GET /.env HTTP/1.1" 404 765 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" ... show less	Web App Attack
Anonymous	2026-05-16 19:39:36 (1 month ago)	"GET /.env HTTP/1.1"	Hacking Web App Attack
Anonymous	2026-05-16 19:12:42 (1 month ago)	Web App Attack	Brute-Force Exploited Host Web App Attack
🇺🇦 URAN Publishing Service	2026-05-16 19:07:38 (1 month ago)	191.96.106.42 - - [16/May/2026:22:07:37 +0300] "GET /.env HTTP/1.1" 404 760 "-" "Mozilla/5.0 (Macint ... show more 191.96.106.42 - - [16/May/2026:22:07:37 +0300] "GET /.env HTTP/1.1" 404 760 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" ... show less	Web App Attack
🇩🇪 ut-addicted.com	2026-05-16 18:50:19 (1 month ago)	\[Sat May 16 20:50:17.137273 2026\] \[:error\] \[pid 2461:tid 139785800742656\] \[client 191.96.106. ... show more \[Sat May 16 20:50:17.137273 2026\] \[:error\] \[pid 2461:tid 139785800742656\] \[client 191.96.106.42:57065\] \[client 191.96.106.42\] ModSecurity: Access denied with code 403 \(phase 2\). Operator GE matched 5 at TX:anomaly_score. \[file "/usr/local/apache/modsecurity-owasp-latest/rules/REQUEST-949-BLOCKING-EVALUATION.conf"\] \[line "57"\] \[id "949110"\] \[msg "Inbound Anomaly Score Exceeded \(Total Score: 5\)"\] \[severity "CRITICAL"\] \[tag "application-multi"\] \[tag "language-multi"\] \[tag "platform-multi"\] \[tag "attack-generic"\] \[hostname "crx.it"\] \[uri "/.env"\] \[unique_id "agi8aS33lSQaoQs-@iDhigAAAEo"\] show less	Brute-Force Web App Attack
🇨🇭 lufi	2026-05-16 18:19:51 (1 month ago)	2026-05-16 20:19:50 191.96.106.42: blacklistedPath: /.env ...	Web Spam Brute-Force Hacking Web App Attack
🇺🇦 URAN Publishing Service	2026-05-16 18:03:44 (1 month ago)	191.96.106.42 - - [16/May/2026:21:02:49 +0300] "GET /.env HTTP/1.1" 404 764 "-" "Mozilla/5.0 (Macint ... show more 191.96.106.42 - - [16/May/2026:21:02:49 +0300] "GET /.env HTTP/1.1" 404 764 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" 191.96.106.42 - - [16/May/2026:21:03:43 +0300] "GET /.env HTTP/1.1" 404 765 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" ... show less	Web App Attack
🇫🇷 Baking333	2026-05-16 15:21:00 (1 month ago)	[redacted] 191.96.106.42 - - [16/May/2026:16:20:58 +0100] "GET /.env HTTP/2.0" 301 286 "-" "Mozilla/ ... show more [redacted] 191.96.106.42 - - [16/May/2026:16:20:58 +0100] "GET /.env HTTP/2.0" 301 286 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" [redacted] 191.96.106.42 - - [16/May/2026:16:20:58 +0100] "GET /fr/.env/ HTTP/2.0" 404 24616 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" show less	Bad Web Bot Web App Attack
Anonymous	2026-05-16 14:58:01 (1 month ago)	(caddyscan) Scanner path probe from 191.96.106.42 (US/United States/-): 5 in the last 3600 secs; Por ... show more (caddyscan) Scanner path probe from 191.96.106.42 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 404 224 191.96.106.42 - - [16/May/2026:14:57:31 +0000] "GET /.env HTTP/1.1" [REDACTED] 404 215 191.96.106.42 - - [16/May/2026:14:57:32 +0000] "GET /.env HTTP/1.1" [REDACTED] 404 210 191.96.106.42 - - [16/May/2026:14:57:43 +0000] "GET /.env HTTP/1.1" [REDACTED] 404 212 191.96.106.42 - - [16/May/2026:14:57:43 +0000] "GET /.env HTTP/1.1" [REDACTED] 200 2627 191.96.106.42 - - [16/May/2026:14:57:56 +0000] "GET /.env HTTP/1.1" show less	Port Scan
🇫🇷 dwmp	2026-05-16 14:36:09 (1 month ago)	[16/May/2026:16:36:06.819917 +0200] agiA1i0qmFoO4dWLbF@gIQAAAEc 191.96.106.42 42460 38.242.227.117 7 ... show more [16/May/2026:16:36:06.819917 +0200] agiA1i0qmFoO4dWLbF@gIQAAAEc 191.96.106.42 42460 38.242.227.117 7081 [16/May/2026:16:36:08.076531 +0200] agiA2C0qmFoO4dWLbF@gIgAAAEU 191.96.106.42 42464 38.242.227.117 7081 [16/May/2026:16:36:09.276939 +0200] agiA2YetQPGQjbSjJ8DfpwAAAIA 191.96.106.42 42466 38.242.227.117 7081 ... show less	Brute-Force SSH

Showing 1 to 15 of 312 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇱 217.70.48.92

🇺🇸 208.109.38.143

🇭🇰 199.45.154.180

🇨🇱 186.11.118.119

🇺🇸 172.239.62.109

🇩🇪 172.217.33.147

🇸🇬 167.172.93.203

🇰🇷 118.33.113.4

🇰🇷 115.140.161.61

🇫🇷 84.247.175.181

🇳🇱 45.148.10.121

🇨🇳 14.103.107.229

🇨🇳 14.29.240.154

🇧🇷 2800:1e0:1701:104:9999::197

🇫🇷 185.177.72.58

🇺🇸 184.168.21.211

🇺🇸 162.216.150.61

🇨🇳 117.14.103.229

🇨🇳 112.29.109.205

🇺🇸 69.74.29.21