JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.168.43

191.96.168.43 was found in our database!

This IP was reported 125 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Fixed Line ISP
ASN	AS174
Domain Name	netutils.io
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.168.43

Whois 191.96.168.43

IP Abuse Reports for 191.96.168.43:

This IP address has been reported a total of 125 times from 66 distinct sources. 191.96.168.43 was first reported on November 5th 2021, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇦🇺 oncord	2026-01-19 01:23:37 (5 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-01-18 18:14:45 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 191.96.168.43 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 191.96.168.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jan 18 13:14:39.890192 2026] [security2:error] [pid 370:tid 370] [client 191.96.168.43:35511] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|rcrgalicia.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "rcrgalicia.com"] [uri "/mailto:[email protected]"] [unique_id "aW0jDz1GZbI2ifUtdl7nKQAAAAA"], referer: http://rcrgalicia.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2026-01-18 01:18:38 (5 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-01-18 00:16:55 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 191.96.168.43 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 191.96.168.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 19:16:48.843242 2026] [security2:error] [pid 29575:tid 29575] [client 191.96.168.43:42275] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|turnedthepagemusic.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "turnedthepagemusic.com"] [uri "/mailto:[email protected]"] [unique_id "aWwmcMl096-J2kG75BH30gAAAAo"], referer: http://turnedthepagemusic.com/ContactMe.html show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Tech Roomforday	2026-01-17 22:58:02 (5 months ago)	Spam contact form	Phishing Web Spam
🇫🇷 conseilgouz	2026-01-17 22:48:35 (5 months ago)	saw-(visforms) : try to access forms...	Hacking
🇺🇸 TPI-Abuse	2026-01-17 16:51:40 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 191.96.168.43 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 191.96.168.43 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 11:51:33.253126 2026] [security2:error] [pid 8524:tid 8524] [client 191.96.168.43:43361] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|contentaicreator.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "contentaicreator.com"] [uri "/mailto:[email protected]"] [unique_id "aWu-FUbXIAa-EYwCDtOhNQAAABM"], referer: http://contentaicreator.com/ show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 HandyTreff.de	2026-01-17 08:19:05 (5 months ago)	Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -48.994 (Bad < -10 / Very Bad < -20 ... show more Bot/Spam/Scrapper attack detected on www.handytreff.de - Score: -48.994 (Bad < -10 / Very Bad < -20 / Extreme < -35) \| UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Sa show less	Bad Web Bot Web App Attack
Anonymous	2026-01-17 04:13:00 (5 months ago)	WP Probing and/or Hacking	Port Scan Web App Attack
🇪🇸 librebit	2026-01-17 04:11:18 (5 months ago)	Brute force	Brute-Force
🇱🇻 garmtech.com	2026-01-16 22:45:17 (5 months ago)	IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-45.191.96.168.43.web-spamme ... show more IM360 WAF: Block IP which is in the web-spammers RBL MV:RBL lookup of 00-45.191.96.168.43.web-spammers.v2.rbl.imunify.com._v4 succeeded. show less	Web App Attack
🇺🇸 OceanTreasure	2025-11-30 00:30:15 (6 months ago)	tcp/49152; Multiple SYN connections to closed port (≥10 in 10 min) (R18) @ 2025-11-30T00:27:14Z	Brute-Force
🇩🇪 iNetWorker	2025-07-20 20:00:30 (11 months ago)	trying to access non-authorized port	Port Scan
🇪🇸 el-brujo	2025-07-20 19:31:45 (11 months ago)	Cloudflare WAF: Request Path: / Request Query: Host: warzone.elhacker.net userAgent: Mozilla/5.0 (X ... show more Cloudflare WAF: Request Path: / Request Query: Host: warzone.elhacker.net userAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36 Action: block Source: firewallManaged ASN Description: COGENT-174 Country: NL Method: GET Timestamp: 2025-07-20T19:31:45Z ruleId: 8e361ee4328f4a3caf6caf3e664ed6fe. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB). show less	Hacking SQL Injection Web App Attack
🇩🇪 BestFans.com	2025-07-14 20:06:24 (11 months ago)	Credential brute-force attacks on webpage logins	Brute-Force

Showing 1 to 15 of 125 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇷🇺 178.178.222.61

🇺🇸 147.185.132.57

🇵🇹 81.193.216.17

🇺🇸 40.124.175.188

🇺🇸 178.93.52.195

🇧🇷 177.104.171.149

🇫🇮 147.185.133.48

🇰🇷 121.131.220.156

🇨🇳 117.32.132.170

🇺🇸 107.180.88.176

🇨🇳 101.37.117.27

🇬🇧 89.37.172.148

🇺🇸 66.132.195.22

🇨🇳 60.166.82.67

🇨🇳 1.24.16.26

🇬🇧 213.166.84.56

🇧🇷 201.93.161.154

🇵🇦 181.197.138.112

🇺🇸 173.0.84.4

🇮🇩 163.7.11.155