JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.67.108

191.96.67.108 was found in our database!

This IP was reported 74 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Houston, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.67.108

Whois 191.96.67.108

IP Abuse Reports for 191.96.67.108:

This IP address has been reported a total of 74 times from 25 distinct sources. 191.96.67.108 was first reported on September 14th 2023, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇭 backslash	2026-05-08 12:12:01 (1 month ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇯🇵 mkaraki	2025-12-18 08:02:48 (5 months ago)	1766044957 # Service_probe # SIGNATURE_SEND # source_ip:191.96.67.108 # dst_port:7 ...	Port Scan
🇩🇪 SMARTNET	2025-11-26 02:37:10 (6 months ago)	Aisuru(Mirai variant) DDoS	DDoS Attack
🇺🇸 TPI-Abuse	2025-11-07 12:20:59 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 07 07:20:52.507678 2025] [security2:error] [pid 32563:tid 32563] [client 191.96.67.108:60857] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|maffiniandbearce.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "maffiniandbearce.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ3kJM7oFemjHuDZqKaCpwAAAA8"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-07 09:57:16 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 07 04:57:11.072071 2025] [security2:error] [pid 31223:tid 31298] [client 191.96.67.108:10318] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|curubin.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "curubin.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ3Cd1E3mCHUbiAMeqREkwAAAI4"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-07 09:14:21 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 07 04:14:18.566353 2025] [security2:error] [pid 363:tid 363] [client 191.96.67.108:16866] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|ferhardi.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ferhardi.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ24ao0DemCMZdlCL-ri-AAAAAc"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2025-11-07 01:05:00 (7 months ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
🇺🇸 TPI-Abuse	2025-11-06 21:36:27 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 06 16:36:21.543559 2025] [security2:error] [pid 1224:tid 1224] [client 191.96.67.108:26718] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|engineeringarts.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "engineeringarts.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ0U1birKVrzSy6TgtIGZwAAACA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-06 16:24:58 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 06 11:24:50.444505 2025] [security2:error] [pid 29622:tid 29622] [client 191.96.67.108:38981] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|cormanleigh.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cormanleigh.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQzL0vBRBGGVtszz_CQNEQAAAAE"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-06 13:08:49 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 06 08:08:43.031466 2025] [security2:error] [pid 3049:tid 3049] [client 191.96.67.108:35936] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|jimcameron.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "jimcameron.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQyd28DQVW-7AWS7Rzn1mAAAAAg"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-06 12:47:42 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 06 07:47:38.169798 2025] [security2:error] [pid 22919:tid 22919] [client 191.96.67.108:4902] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|opere.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "opere.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQyY6uzjTLJ9tSNibej3pgAAAAI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-05 18:29:02 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 05 13:28:58.550841 2025] [security2:error] [pid 16752:tid 16752] [client 191.96.67.108:62569] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|architech.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "architech.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQuXaolwpAy260fMt2GCoQAAAAE"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 kjaerulff	2025-11-05 11:55:10 (7 months ago)	Failed Wordpress login using xmlrpc.php	Web App Attack
🇮🇳 Shaik Sai Meera	2025-10-14 05:58:44 (8 months ago)	IM360 WAF: Block Drupal/Joomla spammers - Mon Oct 13 18:04:11 2025	Hacking
🇵🇱 sefinek.net	2025-09-07 04:48:19 (9 months ago)	Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1. ... show more Triggered Cloudflare WAF (firewallCustom) from US. Action taken: MANAGED_CHALLENGE Protocol: HTTP/1.1 (GET method) Endpoint: / UA: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:114.0) Gecko/20100101 Firefox/114.0 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot

Showing 1 to 15 of 74 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇨🇳 183.255.72.84

🇨🇳 171.43.134.254

🇺🇸 38.34.175.13

🇵🇪 38.25.7.169

🇻🇳 2402:800:61ae:80ae:585a:ba66:862c:7104

🇺🇸 209.141.61.103

🇸🇬 194.5.82.69

🇸🇬 185.200.116.42

🇩🇪 164.90.236.107

🇨🇳 124.238.34.179

🇳🇱 91.92.42.61

🇪🇸 82.223.5.196

🇩🇪 69.5.169.190

🇺🇸 52.35.117.102

🇨🇳 42.224.149.120

🇨🇳 36.135.92.36

🇫🇷 2.18.131.137

🇬🇧 172.217.32.21

🇨🇦 104.239.35.64

🇧🇬 84.54.139.75