JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.202.180

191.96.202.180 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396190
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.202.180

Whois 191.96.202.180

IP Abuse Reports for 191.96.202.180:

This IP address has been reported a total of 10 times from 3 distinct sources. 191.96.202.180 was first reported on May 28th 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-16 19:40:48 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 14:40:43.107012 2026] [security2:error] [pid 14744:tid 14744] [client 191.96.202.180:42041] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".com.db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/nbcnewsradio.com.db"] [unique_id "aWqUO6FucP9S7v8e9Y54awAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 raspi4	2025-12-31 07:55:59 (5 months ago)	Fail2Ban Ban Triggered	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-12-02 22:29:10 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 17:29:02.379763 2025] [security2:error] [pid 6911:tid 6911] [client 191.96.202.180:59719] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.farmers123.com"] [uri "/example.htaccess"] [unique_id "aS9oLlFcllV4vmYqkfxfpgAAABs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-01 23:40:04 (6 months ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 05:06:41 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 00:06:37.967789 2025] [security2:error] [pid 18647:tid 18647] [client 191.96.202.180:51019] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htpasswd" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.htpasswd"] [unique_id "aRQV3bw716sL-n3zX0csFgAAAB4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-01 14:35:26 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 01 10:35:16.581894 2025] [security2:error] [pid 16199:tid 16223] [client 191.96.202.180:55541] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.com"] [uri "/.env.bak"] [unique_id "aQYapI48O1Di385V0mCPHwAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-05 18:15:09 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 05 14:14:56.867810 2025] [security2:error] [pid 2984:tid 2984] [client 191.96.202.180:47175] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mail.nbcnewsradio.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mail.nbcnewsradio.com"] [uri "/default.php.bak"] [unique_id "aJJKIKE4l3BnxjRXL1ZxlQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 07:50:02 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 03:49:57.387103 2025] [security2:error] [pid 3332372:tid 3332391] [client 191.96.202.180:47837] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.net"] [uri "/a.htaccess"] [unique_id "aIxxpR33aKcnOojmIbhsNgAAApE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 06:35:46 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 02:35:42.931900 2025] [security2:error] [pid 2636838:tid 2636918] [client 191.96.202.180:56017] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.com"] [uri "/sql.sql"] [unique_id "aDv0vjvwu3ccjH5oiKEP3gAAAIk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-28 19:24:42 (1 year ago)	(mod_security) mod_security (id:218420) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:218420) triggered by 191.96.202.180 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 28 15:24:36.658037 2025] [security2:error] [pid 1779121:tid 1779121] [client 191.96.202.180:34931] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|ftp.farmers123.com\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "ftp.farmers123.com"] [uri "/index.php"] [unique_id "aDdi9LypfTSwFUD5ht2JrgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.57.78.222

🇨🇳 203.76.241.18

🇺🇸 198.211.108.182

🇺🇸 47.253.213.12

🇧🇪 35.195.115.36

🇺🇸 2607:f8b0:4001:c10::12b

🇰🇷 211.253.31.30

🇺🇸 207.173.40.79

🇺🇸 195.184.76.113

🇫🇷 146.70.194.238

🇰🇷 118.193.69.67

🇮🇳 103.250.149.148

🇺🇿 95.46.211.142

🇬🇧 82.28.80.167

🇧🇬 79.124.58.142

🇺🇸 76.79.213.70

🇰🇷 58.236.158.41

🇳🇱 45.148.10.147

🇺🇸 162.216.149.192

🇸🇬 149.28.134.248