JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.168.95

191.96.168.95 was found in our database!

This IP was reported 35 times. Confidence of Abuse is 2%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Fixed Line ISP
ASN	AS174
Domain Name	netutils.io
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.168.95

Whois 191.96.168.95

IP Abuse Reports for 191.96.168.95:

This IP address has been reported a total of 35 times from 26 distinct sources. 191.96.168.95 was first reported on July 5th 2021, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 matthieul.dev	2026-06-15 02:35:22 (1 week ago)	Blocked by os-abuseipdb; 6 hits, proto=tcp,udp, ports=33340	Port Scan Brute-Force
🇱🇻 garmtech.com	2026-03-08 12:18:36 (3 months ago)	IM360 WAF: Old style account creation and modification in Joomla! MV:registration	Web App Attack
Anonymous	2026-02-11 06:39:44 (4 months ago)	(smtpauth) Failed SMTP AUTH login from 191.96.168.95 (NL/The Netherlands/-)	Brute-Force
🇫🇷 vtchost.com	2026-01-15 00:24:44 (5 months ago)	HTTP honeypot triggered - ignoring robots.txt \\| potential virus infected client or botnet ...	Bad Web Bot Exploited Host
🇺🇸 xmission.com	2026-01-09 22:11:38 (5 months ago)	Blocked by UFW (TCP on 55328) Source port: 15434 TTL: 50 Packet length: 60 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 55328) Source port: 15434 TTL: 50 Packet length: 60 TOS: 0x08 This report (for 191.96.168.95) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇸🇪 Johan Finn	2025-12-11 01:09:15 (6 months ago)	malicious activity	Web App Attack
🇺🇸 TPI-Abuse	2025-08-25 03:30:53 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 24 23:30:45.992013 2025] [security2:error] [pid 8246:tid 8246] [client 191.96.168.95:53374] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jamesmorris.net"] [uri "/.env"] [unique_id "aKvY5eXKRZGuWHkDPByOUQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-25 02:49:20 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 24 22:49:17.422868 2025] [security2:error] [pid 6104:tid 6104] [client 191.96.168.95:64023] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "trilliantsolutions.com"] [uri "/.env"] [unique_id "aKvPLTUfK6QbG3lsrU1A-QAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-25 01:30:07 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 24 21:29:58.824651 2025] [security2:error] [pid 31061:tid 31061] [client 191.96.168.95:61083] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bright-enterprise.com"] [uri "/.env"] [unique_id "aKu8ll76fj8tAyoMcq9dbgAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 hbrks	2025-08-24 22:32:13 (10 months ago)	3 attack(s) detected since 2025-08-24T22:18:10 00:00, such as these: {"event":"nginx_block","host":" ... show more 3 attack(s) detected since 2025-08-24T22:18:10 00:00, such as these: {"event":"nginx_block","host":"p4u.xyz","request":"GET /.env HTTP/1.1","user_agent":"","reason":"uri:env_file","timestamp":"2025-08-24T22:18:10 00:00"} show less	Web Spam Hacking Bad Web Bot
🇺🇸 TPI-Abuse	2025-08-24 19:12:23 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 24 15:12:18.857931 2025] [security2:error] [pid 10742:tid 10742] [client 191.96.168.95:57641] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "blackweddingfavors.com"] [uri "/.env"] [unique_id "aKtkEs4zNWbfQVxxjSkatgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-08-24 14:37:33 (10 months ago)	Legion Credential Harvester / SMTP Hijacker: /.env	Hacking Web App Attack
🇺🇸 mnsf	2025-08-24 14:05:09 (10 months ago)	Too many Status 40X (11)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-08-24 13:13:41 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 24 09:13:34.459498 2025] [security2:error] [pid 29281:tid 29281] [client 191.96.168.95:52845] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jussetcotradinglimited.co"] [uri "/.env"] [unique_id "aKsP_kkFZV4lZEP6lxxg4QAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-24 12:40:15 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 191.96.168.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Aug 24 08:40:10.059872 2025] [security2:error] [pid 28818:tid 28818] [client 191.96.168.95:65520] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "buddhas.net"] [uri "/tw/index.html/.env"] [unique_id "aKsIKgKRFEdjdytmNmOgtQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 35 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 91.231.89.155

🇫🇷 209.242.192.217

🇺🇸 207.46.13.54

🇨🇷 186.177.88.23

🇺🇸 162.216.149.184

🇸🇪 141.138.212.9

🇨🇳 111.113.89.88

🇺🇦 93.170.68.197

🇫🇷 91.196.152.89

🇩🇪 91.137.18.0

🇳🇱 91.92.40.6

🇺🇸 74.114.29.220

🇩🇪 64.89.163.168

🇨🇳 58.19.106.58

🇧🇴 190.181.4.12

🇺🇸 162.216.149.161

🇸🇬 152.32.218.30

🇨🇳 115.191.7.28

🇨🇳 112.87.222.138

🇷🇴 92.118.39.71