JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.117.165

191.96.117.165 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 3%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS395954
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.117.165

Whois 191.96.117.165

IP Abuse Reports for 191.96.117.165:

This IP address has been reported a total of 8 times from 3 distinct sources. 191.96.117.165 was first reported on October 1st 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:27:23 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:27:15.231948 2026] [security2:error] [pid 7732:tid 7749] [client 191.96.117.165:43871] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.kettlehill.com"] [uri "/sample.htaccess"] [unique_id "ahzuAyKq_i-FrRbJEDIEsAAAAUM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-21 08:30:04 (3 months ago)	\| A web attack returned code 200 (success).	Web App Attack Hacking SQL Injection
🇺🇸 TPI-Abuse	2026-02-01 11:44:19 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 06:44:13.006647 2026] [security2:error] [pid 483:tid 662] [client 191.96.117.165:36439] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/wp-config.php-backup"] [unique_id "aX88jQMxl-cQ0UzvOvSIdAAAAFA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 07:29:40 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 02:29:33.342998 2026] [security2:error] [pid 12126:tid 12126] [client 191.96.117.165:34535] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/.git/config"] [unique_id "aWno3fRDqLzXevjeQOMxVAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Kurtbaby	2025-12-30 16:51:00 (5 months ago)	Part of a coordinated attack from many different source IPs that targeted our company's VPN Christma ... show more Part of a coordinated attack from many different source IPs that targeted our company's VPN Christmas Eve through the end of the 26th. show less	Hacking
🇺🇸 TPI-Abuse	2025-12-01 06:10:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:10:53.435976 2025] [security2:error] [pid 8488:tid 8559] [client 191.96.117.165:44635] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "whm.kettlehill.net"] [uri "/_.htaccess"] [unique_id "aS0xbdZHHfu_5jcVG6pjGAAAAYQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 16:02:50 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 11:02:45.802269 2025] [security2:error] [pid 31117:tid 31117] [client 191.96.117.165:36057] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.nbcnewsradio.com"] [uri "/.htpasswd"] [unique_id "aRSvpeYFlZtbgnfH9p6h8gAAACI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 16:30:48 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.117.165 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 12:30:40.409751 2025] [security2:error] [pid 30111:tid 30189] [client 191.96.117.165:57893] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.com"] [uri "/.env.live"] [unique_id "aN1XMBH4YjaIRtXIcLCXIgAAAhM"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 221.193.232.168

🇱🇰 220.247.224.226

🇵🇰 203.135.42.52

🇺🇸 66.164.163.120

🇨🇳 61.145.181.7

🇺🇸 34.168.167.248

🇮🇳 182.95.178.206

🇺🇸 173.239.240.162

🇺🇸 162.216.149.223

🇧🇩 161.248.189.72

🇨🇳 120.224.15.67

🇨🇳 115.194.37.91

🇨🇳 111.26.106.117

🇺🇸 45.156.129.57

🇧🇪 34.156.86.83

🇬🇧 2.126.141.56

🇭🇳 2620:171:3f:f001:9999::240

🇻🇳 210.245.95.11

🇮🇱 185.162.127.214

🇳🇱 178.16.54.226