JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.202.140

191.96.202.140 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396190
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.202.140

Whois 191.96.202.140

IP Abuse Reports for 191.96.202.140:

This IP address has been reported a total of 8 times from 3 distinct sources. 191.96.202.140 was first reported on May 25th 2025, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-12-03 02:36:42 (6 months ago)	(mod_security) mod_security (id:211190) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:211190) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 21:36:38.576057 2025] [security2:error] [pid 24250:tid 24250] [client 191.96.202.140:56083] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|192.64.150.229:80\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /poc.jsp?cmd=cat+%2Fetc%2Fpasswd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.229"] [uri "/poc.jsp"] [unique_id "aS-iNg7eFEDHs1eRS8UbqgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-01 07:17:19 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 01 02:17:13.438637 2025] [security2:error] [pid 27471:tid 27492] [client 191.96.202.140:53261] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.com"] [uri "/.env.prod.local"] [unique_id "aS1A-XLXOKC0tXS7y0k-6wAAAIQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 16:34:58 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 12:34:54.727670 2025] [security2:error] [pid 30111:tid 30179] [client 191.96.202.140:43333] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.kettlehill.com"] [uri "/.env.old"] [unique_id "aN1YLhH4YjaIRtXIcLCYkwAAAgk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-26 02:40:50 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Sep 25 22:40:46.900617 2025] [security2:error] [pid 30260:tid 30260] [client 191.96.202.140:41599] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.deandobkin.com"] [uri "/.svn/entries"] [unique_id "aNX9Lk5nfXlRInEKylBRMgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇬 raramos	2025-08-07 19:00:07 (10 months ago)	[SMB remote code execution attempt: port tcp/445] in blocklist.de:'listed [pop3]' in SpamCop:'listed ... show more [SMB remote code execution attempt: port tcp/445] in blocklist.de:'listed [pop3]' in SpamCop:'listed' in sorbs:'listed [web], [spam]' in Unsubscore:'listed' *(RWIN=8192)(04:10) show less	Web Spam Email Spam Port Scan Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 08:29:36 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 04:29:34.156607 2025] [security2:error] [pid 3712160:tid 3712183] [client 191.96.202.140:60175] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.kettlehill.net"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aIx67tc_-1Eg368SpPiP-wAAAIY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 13:52:00 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.202.140 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 09:51:54.937929 2025] [security2:error] [pid 2866903:tid 2866903] [client 191.96.202.140:44651] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".ini"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/windows/win.ini"] [unique_id "aDxa-pWDWBgmLzhGFO8kRAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-25 09:40:02 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 159.65.57.254

🇩🇪 144.31.16.121

🇻🇳 116.98.248.79

🇪🇬 102.45.180.29

🇸🇪 82.196.106.164

🇬🇧 81.19.219.217

🇮🇩 36.95.194.52

🇧🇪 198.235.24.204

🇺🇸 195.184.76.141

🇩🇪 185.242.3.173

🇽🇰 185.222.138.237

🇨🇳 171.213.174.228

🇺🇸 162.243.147.237

🇺🇸 140.177.215.209

🇬🇧 138.68.165.188

🇺🇸 136.115.195.239

🇮🇳 117.255.159.68

🇨🇦 85.217.149.13

🇷🇴 80.94.95.116

🇨🇳 58.243.47.219