JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.254.106

191.96.254.106 was found in our database!

This IP was reported 5 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396190
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.254.106

Whois 191.96.254.106

IP Abuse Reports for 191.96.254.106:

This IP address has been reported a total of 5 times from 2 distinct sources. 191.96.254.106 was first reported on January 26th 2025, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2025-11-13 11:15:06 (6 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.254.106 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.254.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 06:14:59.191292 2025] [security2:error] [pid 9695:tid 9695] [client 191.96.254.106:53051] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/wp-config.php-backup"] [unique_id "aRW9s2uM_Urk_GMuy9LX9wAAACc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-26 23:38:35 (10 months ago)	(mod_security) mod_security (id:221260) triggered by 191.96.254.106 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:221260) triggered by 191.96.254.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 19:36:44.057413 2025] [security2:error] [pid 26228:tid 26525] [client 191.96.254.106:39259] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpanel.kettlehill.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpanel.kettlehill.net"] [uri "/"] [unique_id "aIVmjFo7USZqEn78mkOy8gAAAQY"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 17:20:20 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 191.96.254.106 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.254.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 13:20:01.862455 2025] [security2:error] [pid 3052364:tid 3052364] [client 191.96.254.106:36185] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|ftp.farmers123.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "ftp.farmers123.com"] [uri "/errors/errors.log"] [unique_id "aDiXQVu9CupJp4hflGOSNgAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-28 21:43:37 (1 year ago)	(mod_security) mod_security (id:212620) triggered by 191.96.254.106 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212620) triggered by 191.96.254.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Feb 28 16:42:47.214327 2025] [security2:error] [pid 14501:tid 14590] [client 191.96.254.106:33381] [client 191.96.254.106] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|www.kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /?rsd=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "www.kettlehill.kettlehill.com"] [uri "/"] [unique_id "Z8It1wZqYgTzvDxsPkhjyAAAAgA"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-01-26 03:10:22 (1 year ago)	\| Shellshock attack detected	Hacking SQL Injection Web App Attack

Showing 1 to 5 of 5 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.149.67

🇭🇰 118.26.37.26

🇹🇼 106.1.188.238

🇮🇳 103.25.47.94

🇧🇬 79.124.40.126

🇪🇸 79.117.246.166

🇫🇮 74.125.112.28

🇩🇪 69.5.169.251

🇧🇷 45.189.96.158

🇺🇸 20.84.153.206

🇨🇳 14.103.112.5

🇺🇸 2600:3c02::2000:8aff:fe49:e335

🇵🇦 190.32.246.14

🇷🇺 188.254.102.55

🇸🇬 185.200.116.75

🇨🇳 120.229.69.96

🇹🇼 111.70.43.168

🇬🇧 95.154.200.52

🇱🇹 77.90.185.16

🇺🇸 45.79.207.110