JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.168.72

191.96.168.72 was found in our database!

This IP was reported 20 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Fixed Line ISP
ASN	AS174
Domain Name	netutils.io
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.168.72

Whois 191.96.168.72

IP Abuse Reports for 191.96.168.72:

This IP address has been reported a total of 20 times from 13 distinct sources. 191.96.168.72 was first reported on April 16th 2021, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-12-10 14:52:11 (6 months ago)	"Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized ac ... show more "Participant in large-scale DDoS Attack in which data injection was attmpted to gain unauthorized access" show less	DDoS Attack SQL Injection Exploited Host
🇩🇪 marzzzello	2025-12-04 03:26:33 (6 months ago)	Ports: 25x 37018	Port Scan
🇺🇸 octageeks.com	2025-08-06 04:08:40 (10 months ago)	Wordpress malicious attack:[octawp]	Web App Attack
🇨🇭 backslash	2025-07-08 23:25:05 (11 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2024-12-16 11:51:17 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.96.168.72 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 191.96.168.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 16 06:51:11.419359 2024] [security2:error] [pid 20987:tid 20987] [client 191.96.168.72:54035] [client 191.96.168.72] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|hennessymillworks.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hennessymillworks.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Z2AULxNvAdTIWd8lBlLYcgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-12-16 05:59:39 (1 year ago)	Ports: *; Direction: 0; Trigger: CT_LIMIT	Brute-Force SSH
🇺🇸 TPI-Abuse	2024-12-16 05:34:32 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.96.168.72 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 191.96.168.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 16 00:34:27.654861 2024] [security2:error] [pid 3883161:tid 3883161] [client 191.96.168.72:58927] [client 191.96.168.72] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|comicvolumes.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "comicvolumes.com"] [uri "/site/default/settings.php.BAK"] [unique_id "Z1-748AToIk2tk_UYBsX5AAAAFk"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 dzpk	2024-02-28 08:54:22 (2 years ago)	[28/Feb/2024:09:54:21 +0100] 170911046190.765707 191.96.168.72 60099 HOST 443 [28/Feb/2024:09:54:21 ... show more [28/Feb/2024:09:54:21 +0100] 170911046190.765707 191.96.168.72 60099 HOST 443 [28/Feb/2024:09:54:21 +0100] 170911046129.818603 191.96.168.72 55137 HOST 443 [28/Feb/2024:09:54:22 +0100] 170911046216.528087 191.96.168.72 52231 HOST 443 show less	Web App Attack
🇩🇪 Vegascosmetics	2024-01-12 22:50:03 (2 years ago)	Multiple Formhack Abuse	Bad Web Bot
🇦🇪 abusiveIntelligence	2022-04-01 14:00:00 (4 years ago)	RDP Local Account Slowly Brute-force Attempt	Brute-Force
🇦🇪 abusiveIntelligence	2022-04-01 05:10:00 (4 years ago)	RDP Local Account Slowly Brute-force Attempt	Brute-Force
🇺🇸 trentwiles.com	2022-04-01 00:46:15 (4 years ago)	Unauthorized connection attempt detected from IP address 191.96.168.72 to port 3389 [V]	Port Scan Hacking
🇳🇱 EGP Abuse Dept	2022-04-01 00:44:38 (4 years ago)	Unauthorized connection to RDP port 3389	Port Scan Hacking
🇩🇪 sandrzejewskipl	2022-04-01 00:36:08 (4 years ago)	Unauthorized connection attempt detected to port 3389 (hetzner-nbg1-1)	Port Scan Hacking
🇺🇸 MortimerCat	2021-09-03 06:03:01 (4 years ago)	Attempting to access Wordpress login on a honeypot or private system.	Web App Attack

Showing 1 to 15 of 20 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 2602:80d:1008::5c

🇻🇳 123.58.198.35

🇫🇷 51.68.34.131

🇺🇸 20.163.5.58

🇨🇦 209.42.25.22

🇧🇷 177.36.187.87

🇨🇳 121.229.156.104

🇬🇧 81.19.219.227

🇮🇳 65.2.30.243

🇬🇧 35.203.211.198

🇧🇷 20.226.94.24

🇮🇪 3.253.40.238

🇷🇴 2.57.121.25

🇨🇦 216.26.250.154

🇪🇬 213.131.85.27

🇨🇳 203.56.46.78

🇩🇴 190.167.237.29

🇮🇳 180.149.246.86

🇺🇸 162.216.149.10

🇺🇸 147.185.132.188