JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.130.216

191.96.130.216 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 11%: ?

11%

ISP	ISP Network Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS7203
Domain Name	ispnetwork.co.il
Country	🇺🇸 United States of America
City	San Jose, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.130.216

Whois 191.96.130.216

IP Abuse Reports for 191.96.130.216:

This IP address has been reported a total of 12 times from 3 distinct sources. 191.96.130.216 was first reported on May 28th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-01 02:27:47 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:27:41.443947 2026] [security2:error] [pid 7571:tid 7609] [client 191.96.130.216:57481] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.kettlehill.com"] [uri "/a.htaccess"] [unique_id "ahzuHQB9GwiQ72im4TctLwAAAE4"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-22 13:59:50 (2 weeks ago)	LH-Watcher: FAKE_ID [Fake Googlebot]	Bad Web Bot
🇺🇸 TPI-Abuse	2026-04-08 21:04:58 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 08 17:04:54.253980 2026] [security2:error] [pid 127416:tid 127416] [client 191.96.130.216:40633] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autodiscover.nbcnewsradio.com"] [uri "/_.htaccess"] [unique_id "adbC9sVu8Vm4pHuKGvLDRAAAADk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-16 06:22:04 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 01:21:58.157877 2026] [security2:error] [pid 20399:tid 20399] [client 191.96.130.216:35491] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/errors.log"] [unique_id "aWnZBiCToKtKnahl7W4SjwAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 22:10:58 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:10:49.229916 2025] [security2:error] [pid 15711:tid 15711] [client 191.96.130.216:50017] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/sftp-config.json" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.farmers123.com"] [uri "/sftp-config.json"] [unique_id "aS9j6R561aIhXIh1cBwevwAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 06:38:27 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 01:38:21.596078 2025] [security2:error] [pid 30768:tid 30781] [client 191.96.130.216:34759] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.kettlehill.com"] [uri "/.svn/wc.db"] [unique_id "aS033f5kVQ-rlVW6wYR0wgAAAUk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 22:46:38 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 18:46:34.201165 2025] [security2:error] [pid 27726:tid 27726] [client 191.96.130.216:54377] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.nbcnewsradio.com"] [uri "/.htpasswd"] [unique_id "aQFHyqERaj8NAeGapFFuwgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:41:27 (8 months ago)	(mod_security) mod_security (id:212340) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212340) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:41:21.897975 2025] [security2:error] [pid 30110:tid 30165] [client 191.96.130.216:36039] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "-->" at ARGS:mapid. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "56"] [id "212340"] [rev "5"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|mail.kettlehill.com\|F\|2"] [data "Matched Data: --> found within ARGS:mapid: --><img src onerror=alert(document.domain)>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "mail.kettlehill.com"] [uri "/"] [unique_id "aN1LockWrLLgoGKIU58hxwAAAdQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:37:10 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:37:03.236659 2025] [security2:error] [pid 3332372:tid 3332394] [client 191.96.130.216:44069] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kettlehill.net"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aIxgjx33aKcnOojmIbhPIQAAApQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 05:41:17 (1 year ago)	(mod_security) mod_security (id:212620) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212620) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:40:03.679626 2025] [security2:error] [pid 2256136:tid 2256215] [client 191.96.130.216:44907] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/i18n/arabic/examples/query.php?keyword=\\x22><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.kettlehill.net"] [uri "/wp-content/plugins/pdf-generator-for-wp/package/lib/dompdf/vendor/dompdf/dompdf/I18N/Arabic/Examples/Query.php"] [unique_id "aDvns7VUnYIqO9hNDITBaAAAAIs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 20:37:03 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.130.216 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 16:36:56.078801 2025] [security2:error] [pid 1865612:tid 1865612] [client 191.96.130.216:33773] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.farmers123.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.farmers123.com"] [uri "/log/errors.log"] [unique_id "aDdz6H53NrafXlW7hH4JggAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-28 04:50:14 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇦🇱 141.98.142.173

🇫🇮 204.168.191.223

🇵🇦 186.188.133.243

🇺🇸 165.154.163.29

🇺🇸 162.216.150.77

🇵🇰 154.208.55.108

🇧🇩 103.159.254.227

🇱🇻 45.145.6.60

🇸🇳 41.83.244.87

🇺🇸 20.168.124.5

🇳🇱 5.61.209.96

🇩🇪 213.209.159.56

🇸🇦 188.54.156.79

🇺🇸 162.216.149.23

🇻🇳 103.69.193.110

🇹🇷 88.235.212.104

🇺🇸 67.220.180.90

🇳🇱 45.148.10.157

🇺🇸 45.63.58.116

🇩🇪 212.227.78.81