JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.168.93

191.96.168.93 was found in our database!

This IP was reported 150 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Fixed Line ISP
ASN	AS174
Domain Name	netutils.io
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.168.93

Whois 191.96.168.93

IP Abuse Reports for 191.96.168.93:

This IP address has been reported a total of 150 times from 64 distinct sources. 191.96.168.93 was first reported on November 16th 2021, and the most recent report was 3 months ago.

Old Reports: The most recent abuse report for this IP address is from 3 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-03-05 13:35:12 (3 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2026-02-25 08:05:19 (3 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
🇺🇸 bigscoots.com	2026-02-15 13:08:47 (3 months ago)	(smtpauth) Failed SMTP AUTH login from 191.96.168.93 (NL/The Netherlands/-): 5 in the last 3600 secs ... show more (smtpauth) Failed SMTP AUTH login from 191.96.168.93 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: 25,465,587; Direction: 0; Trigger: LF_SMTPAUTH; Logs: 2026-02-15 08:08:19 dovecot_plain authenticator failed for H=([10.36.18.106]) [191.96.168.93]:56217: 535 Incorrect authentication data ([email protected]) 2026-02-15 08:08:25 dovecot_login authenticator failed for H=([10.36.18.106]) [191.96.168.93]:56217: 535 Incorrect authentication data ([email protected]) 2026-02-15 08:08:32 dovecot_plain authenticator failed for H=([10.36.18.106]) [191.96.168.93]:55227: 535 Incorrect authentication data ([email protected]) 2026-02-15 08:08:34 dovecot_login authenticator failed for H=([10.36.18.106]) [191.96.168.93]:55227: 535 Incorrect authentication data ([email protected]) 2026-02-15 08:08:46 dovecot_plain authenticator failed for H=([10.36.18.106]) [191.96.168.93]:40286: 535 Incorrect authentication data ([email protected]) show less	Brute-Force SSH
🇵🇱 IT RDC	2026-02-15 13:08:39 (3 months ago)	Feb 15 14:08:38 rdcmail postfix/submission/smtpd[917181]: warning: unknown[191.96.168.93]: SASL PLAI ... show more Feb 15 14:08:38 rdcmail postfix/submission/smtpd[917181]: warning: unknown[191.96.168.93]: SASL PLAIN authentication failed: authentication failure, [email protected] Feb 15 14:08:38 rdcmail postfix/submission/smtpd[917181]: warning: unknown[191.96.168.93]: SASL LOGIN authentication failed: authentication failure, [email protected] Feb 15 14:08:39 rdcmail postfix/smtps/smtpd[917482]: warning: unknown[191.96.168.93]: SASL PLAIN authentication failed: authentication failure, [email protected] ... show less	Brute-Force
Anonymous	2025-10-30 08:18:17 (7 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2025-08-04 15:36:48 (10 months ago)	Botnet - login attempts with leaked random user/pass lists	Hacking Brute-Force Web App Attack
Anonymous	2025-04-23 09:05:31 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 hostseries	2025-04-15 11:58:35 (1 year ago)	Brute-force cPanel Services	Brute-Force
Anonymous	2025-04-06 13:57:55 (1 year ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2024-07-13 13:00:17 (1 year ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2024-07-09 02:00:54 (1 year ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
🇳🇱 Linuxmalwarehuntingnl	2024-07-03 08:57:47 (1 year ago)	Unauthorized connection attempt	Brute-Force
Anonymous	2024-06-19 10:21:00 (1 year ago)	191.96.168.93 (NL/The Netherlands/-) blocked with too many connections	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-06-18 23:58:42 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.96.168.93 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 191.96.168.93 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 18 19:58:35.977814 2024] [security2:error] [pid 19176] [client 191.96.168.93:62437] [client 191.96.168.93] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|venegas.info\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "venegas.info"] [uri "/site/default/settings.php.BAK"] [unique_id "ZnIfK4DFxj9VjQE-jpqPawAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2024-06-18 14:43:14 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.96.168.93 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 191.96.168.93 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 18 10:43:08.219634 2024] [security2:error] [pid 8881] [client 191.96.168.93:63046] [client 191.96.168.93] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|qualiabookings.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "qualiabookings.com"] [uri "/site/default/settings.php.BAK"] [unique_id "ZnGc_DEWNrgc2rb98gN16gAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 150 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 193.124.20.236

🇧🇷 191.0.123.102

🇦🇹 185.4.120.198

🇻🇳 171.231.186.156

🇺🇸 135.237.126.195

🇹🇼 104.199.176.250

🇫🇷 37.66.233.141

🇨🇦 15.222.107.106

🇮🇳 14.139.85.3

🇷🇺 5.129.200.27

🇮🇳 203.193.147.75

🇰🇷 152.69.232.121

🇺🇸 151.205.104.128

🇫🇷 92.138.18.192

🇳🇱 88.151.32.194

🇨🇳 60.205.191.58

🇰🇷 59.21.37.60

🇵🇱 54.38.52.18

🇳🇱 34.13.151.240

🇮🇳 20.244.20.183