JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.254.240

191.96.254.240 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 33%: ?

33%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396190
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Seattle, Washington

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.254.240

Whois 191.96.254.240

IP Abuse Reports for 191.96.254.240:

This IP address has been reported a total of 12 times from 7 distinct sources. 191.96.254.240 was first reported on February 23rd 2025, and the most recent report was 6 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 4server	2026-05-29 11:20:24 (6 days ago)	[FriMay2913:20:18.6120412026][security2:error][pid2133194:tid2133249][client191.96.254.240:0]ModSecu ... show more [FriMay2913:20:18.6120412026][security2:error][pid2133194:tid2133249][client191.96.254.240:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"www.test.pytag.ch\"][uri\"/.env.php\"][unique_id\"ahl2crUrSivnn-NbBtVOLwAAAEA\"] show less	Port Scan Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2026-05-28 22:00:08 (1 week ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-05-27. show less	Web App Attack SSH Hacking
🇺🇸 TPI-Abuse	2026-05-28 16:41:07 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 12:40:57.472113 2026] [security2:error] [pid 25170:tid 25170] [client 191.96.254.240:45871] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.sydat.abramczuk.me"] [uri "/.env"] [unique_id "ahhwGeyMPCu5oHRydizGXQAAAA0"], referer: https://www.google.com/search?q=www.sydat.abramczuk.me show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 21:51:48 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 17:51:40.108433 2026] [security2:error] [pid 19854:tid 19854] [client 191.96.254.240:42115] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/config/parameters.yml" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "badwaterclaims.helpkccare.org"] [uri "/app/config/parameters.yml"] [unique_id "ahdnbNNUwTWrLclXrExerAAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Roper123	2026-05-27 18:03:09 (1 week ago)	Web exploits	Web App Attack
🇨🇭 backslash	2026-05-27 14:42:00 (1 week ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-27 00:57:30 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:57:23.805077 2026] [security2:error] [pid 6284:tid 6368] [client 191.96.254.240:43693] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.lisabee.mailporte.com\|F\|2"] [data ".tfstate.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.lisabee.mailporte.com"] [uri "/terraform.tfstate.backup"] [unique_id "ahZBcxqPLoJGvukaiQ-szgAAAMw"], referer: https://www.google.com/search?q=www.lisabee.mailporte.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 00:33:21 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 20:33:11.582792 2026] [security2:error] [pid 20644:tid 20644] [client 191.96.254.240:44943] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.old" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "duhcathlon.com"] [uri "/wp-config.old"] [unique_id "ahY7x7CKxpTO6fADAPTOwAAAAHg"], referer: https://www.google.com/search?q=duhcathlon.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 18:20:30 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 14:20:24.724506 2026] [security2:error] [pid 5212:tid 5212] [client 191.96.254.240:43831] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "seizetheseason.com"] [uri "/.env.save"] [unique_id "ahXkaM642JFE_TciHVQ1aQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 18:43:41 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 191.96.254.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 14:36:04.328988 2025] [security2:error] [pid 3157157:tid 3157157] [client 191.96.254.240:55207] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.farmers123.com"] [uri "/.env.old"] [unique_id "aDipFK8u0UjHPGWo1oBHiAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 CR Honey Pot	2025-04-19 19:16:30 (1 year ago)	BruteForce IMAP	Brute-Force
Anonymous	2025-02-23 09:10:14 (1 year ago)	\| SQL injection attempt.	Hacking SQL Injection Web App Attack

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 208.84.100.207

🇲🇦 196.75.145.67

🇺🇸 162.216.149.194

🇷🇺 128.14.231.118

🇭🇰 199.45.155.82

🇳🇱 185.223.235.9

🇫🇷 185.177.72.24

🇳🇱 178.18.147.91

🇺🇸 66.132.186.194

🇺🇸 64.62.156.216

🇺🇸 64.62.156.212

🇺🇸 195.184.76.141

🇺🇸 195.184.76.139

🇭🇰 194.187.178.190

🇮🇶 185.24.61.162

🇷🇺 170.168.72.153

🇺🇸 162.216.150.190

🇱🇹 37.0.160.62

🇫🇮 147.185.133.6

🇻🇳 27.79.45.129