JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.56.164

191.96.56.164 was found in our database!

This IP was reported 37 times. Confidence of Abuse is 100%: ?

100%

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS47583
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Phoenix, Arizona

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.56.164

Whois 191.96.56.164

IP Abuse Reports for 191.96.56.164:

This IP address has been reported a total of 37 times from 26 distinct sources. 191.96.56.164 was first reported on June 6th 2026, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 poundawebsiteltd	2026-06-08 08:51:05 (1 hour ago)	Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 191.96.56.164 - - [08/Jun/2026:0 ... show more Web App Attack (ModSecurity Block). Evidence: [REDACTED_DOMAIN]:443 191.96.56.164 - - [08/Jun/2026:09:51:03 +0100] GET /member/.env HTTP/1.1 403 2792 - Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36 show less	Web App Attack
🇮🇩 Burayot	2026-06-08 06:02:48 (4 hours ago)	LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 191.96.56.164 (US/United States/-): ... show more LF_MODSEC: (mod_security) mod_security (id:949110) triggered by 191.96.56.164 (US/United States/-): 1 in the last 3600 secs show less	Web App Attack
🇩🇪 EGP Abuse Dept	2026-06-08 05:31:24 (4 hours ago)	Scanning for web/db/file exploits on www.swtechniek.nl	SQL Injection Bad Web Bot Web App Attack
🇨🇭 4server	2026-06-08 01:42:26 (8 hours ago)	[MonJun0803:42:12.0271712026][security2:error][pid1774167:tid1774396][client191.96.56.164:0]ModSecur ... show more [MonJun0803:42:12.0271712026][security2:error][pid1774167:tid1774396][client191.96.56.164:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"364\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"stmconsulenze.ch\"][uri\"/laravel/.env\"][unique_id\"aiYd9HNbPkcsWdA1sIktSgAAANQ\"] show less	Hacking Web App Attack
Anonymous	2026-06-07 22:35:10 (11 hours ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇲🇾 Rizzy	2026-06-07 16:31:34 (17 hours ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇷🇺 DZBOT	2026-06-07 15:34:20 (18 hours ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇬🇧 WebNiraj	2026-06-07 11:35:06 (22 hours ago)	(mod_security) mod_security (id:949110) triggered by 191.96.56.164 (US/United States/-): 5 in the la ... show more (mod_security) mod_security (id:949110) triggered by 191.96.56.164 (US/United States/-): 5 in the last 3600 secs [SIGMA] show less	Brute-Force
🇺🇸 TPI-Abuse	2026-06-07 10:00:26 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 191.96.56.164 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 191.96.56.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 06:00:11.971239 2026] [security2:error] [pid 17999:tid 17999] [client 191.96.56.164:56148] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "jimgrenier.com"] [uri "/dev/.env"] [unique_id "aiVBK3GwUxYnjodt_d-lLAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 08:54:50 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 191.96.56.164 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 191.96.56.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 04:54:33.220194 2026] [security2:error] [pid 6504:tid 6504] [client 191.96.56.164:22386] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rejuvenationresources.com"] [uri "/api/.env"] [unique_id "aiUxyUzGsJb89vdlLuYiDwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Matthew Ping	2026-06-07 08:30:01 (1 day ago)	ModSecurity rule 949110 triggered on dedicated4785. Web application attack blocked by CSF/LFD.	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-06-07 07:34:54 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 191.96.56.164 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 191.96.56.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 03:34:37.300892 2026] [security2:error] [pid 30280:tid 30305] [client 191.96.56.164:38992] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "markatosphoto.com"] [uri "/laravel/.env"] [unique_id "aiUfDW3ptCvwVL1UIKrlOgAAAEA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Bedios GmbH	2026-06-07 07:22:58 (1 day ago)	Login credentials theft attempt	Hacking
🇺🇸 TPI-Abuse	2026-06-07 04:02:18 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 191.96.56.164 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 191.96.56.164 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 00:02:02.263392 2026] [security2:error] [pid 16209:tid 16209] [client 191.96.56.164:53212] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "meshbagsandmore.com"] [uri "/backend/.env"] [unique_id "aiTtOoxIv6Vg3-buY--6MQAAACE"] show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 wlt-blocker	2026-06-07 03:53:39 (1 day ago)	Unauthorized access to webpage admin	Web App Attack

Showing 1 to 15 of 37 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇪 155.4.244.107

🇰🇷 222.104.76.94

🇬🇧 198.244.179.239

🇸🇬 194.5.82.103

🇨🇳 180.167.128.203

🇳🇱 176.65.149.30

🇮🇳 103.190.7.203

🇳🇱 89.21.67.145

🇳🇱 86.54.31.32

🇬🇧 82.29.188.70

🇨🇱 34.176.213.11

🇧🇪 34.53.148.138

🇨🇳 27.43.205.232

🇺🇸 165.154.254.11

🇨🇳 157.156.79.224

🇨🇳 103.193.189.177

🇮🇩 103.164.57.37

🇬🇧 87.236.176.93

🇨🇦 85.217.149.24

🇺🇸 35.245.93.61