JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.67.240

191.96.67.240 was found in our database!

This IP was reported 55 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Houston, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.67.240

Whois 191.96.67.240

IP Abuse Reports for 191.96.67.240:

This IP address has been reported a total of 55 times from 24 distinct sources. 191.96.67.240 was first reported on May 12th 2023, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 zUnlegit	2026-05-11 07:13:14 (1 month ago)	2026-05-11 07:13:13: Minecraft server scan detected from 191.96.67.240 on port 25565 of mailserver	Port Scan
🇬🇧 consul.to	2026-03-21 15:48:31 (2 months ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 bigscoots.com	2026-01-26 20:24:07 (4 months ago)	(smtpauth) Failed SMTP AUTH login from 191.96.67.240 (US/United States/-): 5 in the last 3600 secs; ... show more (smtpauth) Failed SMTP AUTH login from 191.96.67.240 (US/United States/-): 5 in the last 3600 secs; Ports: 25,465,587; Direction: 0; Trigger: LF_SMTPAUTH; Logs: 2026-01-26 15:22:00 dovecot_login authenticator failed for H=(sLClxUad) [191.96.67.240]:63879: 535 Incorrect authentication data ([email protected]) 2026-01-26 15:22:11 dovecot_login authenticator failed for H=(yudZUx) [191.96.67.240]:11727: 535 Incorrect authentication data (set_id=djrommel) 2026-01-26 15:22:27 dovecot_login authenticator failed for H=(Fd8mZ9y) [191.96.67.240]:48442: 535 Incorrect authentication data ([email protected]) 2026-01-26 15:22:32 dovecot_login authenticator failed for H=(3ljpFQok) [191.96.67.240]:54848: 535 Incorrect authentication data (set_id=djrommel) 2026-01-26 15:24:04 dovecot_login authenticator failed for H=(KMqscr3a) [191.96.67.240]:21617: 535 Incorrect authentication data ([email protected]) show less	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-11-12 11:47:44 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.240 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 06:47:36.861272 2025] [security2:error] [pid 7182:tid 7182] [client 191.96.67.240:36063] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|primacomm.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "primacomm.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aRRz2NCd6dGWwxw9me_a_QAAAA8"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 10:16:17 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.240 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 05:16:10.460840 2025] [security2:error] [pid 23471:tid 23471] [client 191.96.67.240:39826] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|leadek.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "leadek.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aRReapg9SeHcPyNrAcG45QAAAAQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 07:09:24 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.240 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 02:09:19.252094 2025] [security2:error] [pid 10895:tid 10895] [client 191.96.67.240:25834] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gonzalez.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gonzalez.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aRQyn7VDFaHLdSXiKgM-YQAAABc"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 05:49:45 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 191.96.67.240 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 191.96.67.240 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 00:49:36.699856 2025] [security2:error] [pid 31525:tid 31525] [client 191.96.67.240:10400] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|opere.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "opere.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aRQf8H5O9xijmynotMimuAAAAA0"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 rtbh.com.tr	2025-10-28 20:09:37 (7 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇹🇷 rtbh.com.tr	2025-10-28 00:09:35 (7 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
🇹🇷 rtbh.com.tr	2025-10-27 20:09:35 (7 months ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
Anonymous	2025-10-17 04:30:11 (8 months ago)	Failed login attempt detected by Fail2Ban in plesk-postfix jail	Brute-Force
🇩🇪 marzzzello	2025-09-18 12:21:09 (9 months ago)	Ports: 25x 3750	Port Scan
🇩🇪 marzzzello	2025-07-05 02:53:41 (11 months ago)	Ports: 5x 49948	Port Scan
🇩🇪 marzzzello	2025-07-03 23:48:58 (11 months ago)	Ports: 4x 49948	Port Scan
🇮🇹 Vertus	2025-06-27 04:51:08 (11 months ago)	Form spam	Web Spam

Showing 1 to 15 of 55 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 195.206.182.204

🇰🇷 61.76.38.54

🇻🇳 14.191.171.41

🇺🇸 216.25.89.148

🇧🇪 198.235.24.231

🇩🇪 185.242.3.226

🇧🇷 177.174.89.99

🇻🇳 171.243.58.170

🇻🇳 103.98.152.181

🇷🇴 92.118.39.62

🇰🇷 61.76.112.4

🇸🇳 41.82.50.218

🇧🇪 198.235.24.194

🇺🇸 198.199.68.156

🇺🇸 162.216.150.248

🇭🇰 121.202.135.172

🇦🇺 118.211.165.46

🇨🇳 115.52.161.155

🇨🇳 114.67.229.165

🇹🇼 60.199.224.2