JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.67.114

191.96.67.114 was found in our database!

This IP was reported 42 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Houston, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.67.114

Whois 191.96.67.114

IP Abuse Reports for 191.96.67.114:

This IP address has been reported a total of 42 times from 25 distinct sources. 191.96.67.114 was first reported on December 1st 2022, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2025-11-23 06:35:11 (6 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2025-11-20 06:30:14 (6 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
🇩🇪 neverdown.eu	2025-11-12 04:26:13 (6 months ago)	(smtpauth) Failed SMTP AUTH login from 191.96.67.114 (US/United States/-): 5 in the last 60 secs; Po ... show more (smtpauth) Failed SMTP AUTH login from 191.96.67.114 (US/United States/-): 5 in the last 60 secs; Ports: *; Direction: inout; Trigger: LF_SMTPAUTH; Logs: 2025-11-12 06:26:09 dovecot_login authenticator failed for (ADMIN) [191.96.67.114]:16555: 535 Incorrect authentication data ([email protected]) 2025-11-12 06:26:09 dovecot_login authenticator failed for (ADMIN) [191.96.67.114]:27483: 535 Incorrect authentication data ([email protected]) 2025-11-12 06:26:09 dovecot_login authenticator failed for (ADMIN) [191.96.67.114]:18133: 535 Incorrect authentication data ([email protected]) 2025-11-12 06:26:09 dovecot_login authenticator failed for (ADMIN) [191.96.67.114]:16647: 535 Incorrect authentication data ([email protected]) 2025-11-12 06:26:09 dovecot_login authenticator failed for (ADMIN) [191.96.67.114]:23399: 535 Incorrect authentication data ([email protected]) show less	Port Scan
🇺🇸 Jason Howell	2025-11-06 03:11:18 (7 months ago)	191.96.67.114 - - [06/Nov/2025:03:10:36 +0000] "POST /xmlrpc.php HTTP/1.1" 200 2721 "-" "Apache-Http ... show more 191.96.67.114 - - [06/Nov/2025:03:10:36 +0000] "POST /xmlrpc.php HTTP/1.1" 200 2721 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)" 191.96.67.114 - - [06/Nov/2025:03:10:44 +0000] "POST /xmlrpc.php HTTP/1.1" 200 2794 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)" 191.96.67.114 - - [06/Nov/2025:03:10:54 +0000] "POST /xmlrpc.php HTTP/1.1" 200 2795 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)" 191.96.67.114 - - [06/Nov/2025:03:11:03 +0000] "POST /xmlrpc.php HTTP/1.1" 200 2794 "-" "Apache-HttpClient/4.5.13 (Java/11.0.28)" 191.96.67.114 - - [06/Nov/2025:03:11:11 +0000] "GET /wp-login.php HTTP/1.1" 200 3997 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2025-11-05 20:16:44 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.114 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 05 15:16:37.969720 2025] [security2:error] [pid 21121:tid 21121] [client 191.96.67.114:11853] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|ejnes.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ejnes.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQuwpfSKOjuYuOsKbRNnJwAAAAQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-05 19:36:10 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.114 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.114 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 05 14:36:06.343517 2025] [security2:error] [pid 4453:tid 4453] [client 191.96.67.114:12560] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|thehandyfamily.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "thehandyfamily.net"] [uri "/wp-json/wp/v2/users"] [unique_id "aQunJufPU5Md9ZU1pdRitQAAAAM"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2025-11-05 14:07:58 (7 months ago)	Accessed trap at '/xmlrpc.php'	Web App Attack
🇺🇸 xmission.com	2025-10-28 12:19:04 (7 months ago)	Blocked by UFW (TCP on 55756) Source port: 65080 TTL: 51 Packet length: 60 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 55756) Source port: 65080 TTL: 51 Packet length: 60 TOS: 0x08 This report (for 191.96.67.114) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇨🇭 backslash	2025-10-07 00:00:38 (8 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
Anonymous	2025-09-28 13:12:21 (8 months ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇩🇪 Packets-Decreaser.NET	2025-09-05 16:10:54 (9 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇳🇱 b4shnhawx	2025-09-02 03:42:57 (9 months ago)	1756784577 - 09/02/2025 03:42:57 Host: 191.96.67.114/191.96.67.114 Port: 443 TCP Blocked ...	Bad Web Bot Web App Attack
🇩🇪 marzzzello	2025-07-15 23:06:15 (10 months ago)	Ports: 5x 24645	Port Scan
🇺🇸 oncord	2025-06-25 13:15:51 (11 months ago)	Form spam	Web Spam
🇦🇺 oncord	2025-06-05 19:31:14 (1 year ago)	Form spam	Web Spam

Showing 1 to 15 of 42 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 162.216.150.210

🇮🇪 146.70.189.40

🇧🇩 103.26.136.173

🇷🇺 95.24.35.51

🇸🇬 43.134.160.66

🇺🇸 35.188.229.252

🇩🇪 34.185.169.81

🇨🇳 14.103.123.75

🇲🇴 182.93.7.194

🇳🇱 176.65.148.229

🇺🇸 172.208.49.78

🇻🇳 171.244.142.205

🇺🇸 167.71.95.42

🇸🇬 139.162.52.72

🇸🇬 121.6.81.59

🇨🇳 114.217.53.40

🇩🇪 69.5.169.15

🇸🇬 43.159.47.44

🇺🇸 34.162.229.5

🇺🇸 216.73.161.178