JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 191.96.67.95

191.96.67.95 was found in our database!

This IP was reported 91 times. Confidence of Abuse is 0%: ?

ISP	Internet Utilities Europe and Asia Limited
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	netutils.io
Country	🇺🇸 United States of America
City	Houston, Texas

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 191.96.67.95

Whois 191.96.67.95

IP Abuse Reports for 191.96.67.95:

This IP address has been reported a total of 91 times from 59 distinct sources. 191.96.67.95 was first reported on January 31st 2023, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 octageeks.com	2026-03-16 04:07:38 (2 months ago)	Wordpress malicious attack:[octablocked]	Web App Attack
Anonymous	2026-03-15 16:31:39 (3 months ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇬🇧 Smish	2026-03-15 15:41:00 (3 months ago)	HONEYPOT HIT --> Fail2ban time=1773589258 log=2026-03-15T15:40:58+00:00 ip=191.96.67.95 host=as21066 ... show more HONEYPOT HIT --> Fail2ban time=1773589258 log=2026-03-15T15:40:58+00:00 ip=191.96.67.95 host=as210667.net method=GET uri="/.env" status=404 ua="Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" ref="-" rid=1140fea2fed33bcaf0f0dd933728d627 show less	Web App Attack
🇧🇷 vfAcceloReporter	2026-03-15 15:26:53 (3 months ago)	191.96.67.95 - - [15/Mar/2026:12:26:53 -0300] "GET /.env HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Macinto ... show more 191.96.67.95 - - [15/Mar/2026:12:26:53 -0300] "GET /.env HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko/20100101 Firefox/77.0" ... show less	Brute-Force Web App Attack Exploited Host
🇺🇸 TPI-Abuse	2026-03-15 15:06:45 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.67.95 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 191.96.67.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 11:06:41.514813 2026] [security2:error] [pid 3928:tid 3928] [client 191.96.67.95:6140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "4md.lol"] [uri "/.env"] [unique_id "abbLAVu06xs7HRGlxsOxQgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 rafled	2026-03-15 15:03:19 (3 months ago)	attempt to scan and scrape for env files and or files that expose the web app version	Bad Web Bot
🇺🇸 TPI-Abuse	2026-03-15 14:46:53 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.67.95 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 191.96.67.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 10:46:46.790946 2026] [security2:error] [pid 11412:tid 11412] [client 191.96.67.95:22961] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rogerheath.com"] [uri "/.env"] [unique_id "abbGVixmAiFeMFHe-JXl0gAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-15 14:30:30 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.67.95 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 191.96.67.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 10:30:23.548615 2026] [security2:error] [pid 30067:tid 30077] [client 191.96.67.95:36973] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "2291106.com"] [uri "/.env"] [unique_id "abbCf7E5oxXa5oiWnBBArgAAAUc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-03-15 14:08:56 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.67.95 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 191.96.67.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 10:08:49.409759 2026] [security2:error] [pid 17809:tid 17809] [client 191.96.67.95:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rodrigoaldecoa.com"] [uri "/.env"] [unique_id "aba9cRkgTWpCIMI-xFupXAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 conseilgouz	2026-03-15 14:08:21 (3 months ago)	gie-17 : Block hidden directories=>/.env(/)	Hacking
Anonymous	2026-03-15 14:05:07 (3 months ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇩🇪 ger-stg-sifi1	2026-03-15 14:01:38 (3 months ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-03-15 13:07:54 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 191.96.67.95 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 191.96.67.95 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Mar 15 09:07:49.012832 2026] [security2:error] [pid 10728:tid 10728] [client 191.96.67.95:47442] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "13waggoners.com"] [uri "/.env"] [unique_id "abavJUzhFAXzvAczN1OtrQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 stinpriza	2026-03-15 12:44:11 (3 months ago)	Web App Attack	Web App Attack
🇺🇸 Starburst SysOp Team	2026-03-15 12:43:49 (3 months ago)	(mod_security-custom) mod_security (id:210492) triggered by 191.96.67.95 (US/United States/Texas/Hou ... show more (mod_security-custom) mod_security (id:210492) triggered by 191.96.67.95 (US/United States/Texas/Houston/-/[AS212238 CDNEXT]): 1 in the last 3600 secs (0-srv1) show less	Hacking

Showing 1 to 15 of 91 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.210.31.48

🇨🇳 182.54.23.142

🇮🇳 143.110.181.226

🇵🇰 103.31.104.22

🇳🇱 45.148.10.183

🇳🇱 45.148.10.151

🇳🇱 45.142.193.161

🇺🇸 20.64.105.39

🇺🇸 205.210.31.77

🇭🇰 202.65.196.18

🇨🇳 124.117.195.248

🇧🇩 103.102.138.78

🇧🇬 91.148.190.150

🇨🇳 58.83.234.85

🇻🇳 42.114.119.204

🇰🇷 14.52.46.79

🇨🇦 209.50.177.163

🇮🇳 203.174.23.138

🇺🇸 195.184.76.3

🇨🇳 123.138.72.203