JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 172.111.208.241

172.111.208.241 was found in our database!

This IP was reported 149 times. Confidence of Abuse is 0%: ?

ISP	Network Operations Center AF
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	pointtoserver.com
Country	🇦🇫 Afghanistan
City	Kabul, Kabul

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 172.111.208.241

Whois 172.111.208.241

IP Abuse Reports for 172.111.208.241:

This IP address has been reported a total of 149 times from 77 distinct sources. 172.111.208.241 was first reported on June 14th 2024, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 octageeks.com	2026-03-19 04:09:08 (2 months ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇺🇸 Starburst SysOp Team	2026-03-17 14:56:15 (2 months ago)	(mod_security-custom) mod_security (id:210492) triggered by 172.111.208.241 (DE/Germany/Hesse/Frankf ... show more (mod_security-custom) mod_security (id:210492) triggered by 172.111.208.241 (DE/Germany/Hesse/Frankfurt am Main/-/[AS9009 M247]): 1 in the last 3600 secs (0-srv1) show less	Hacking
🇺🇸 TPI-Abuse	2026-03-17 14:28:04 (2 months ago)	(mod_security) mod_security (id:210580) triggered by 172.111.208.241 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210580) triggered by 172.111.208.241 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 17 10:27:56.122439 2026] [security2:error] [pid 21151:tid 21204] [client 172.111.208.241:48564] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "etc/passwd" at ARGS:main_page. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/08_Global_Other.conf"] [line "57"] [id "210580"] [rev "2"] [msg "COMODO WAF: OS File Access Attempt\|\|www.ajbruner.com\|F\|2"] [data "Matched Data: etc/passwd found within ARGS:main_page: ../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Other"] [hostname "www.ajbruner.com"] [uri "/ct/shop/index.php"] [unique_id "ablk7CW8yX7NruKvugQM0QAAAZI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-03-17 06:30:17 (2 months ago)	Repeated 404 errors, blocked by Fail2ban in custom-404 jail	Bad Web Bot
Anonymous	2026-03-10 15:19:37 (3 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
Anonymous	2026-03-05 16:49:39 (3 months ago)	This IP was involved in a brute force and password spray attack.	Brute-Force Web App Attack
🇦🇩 bakunin1848	2026-02-26 15:00:10 (3 months ago)	Firewall IPS Detection on 26-02-2026 at 16:00:10	Port Scan Exploited Host
🇫🇷 mrcrassi	2026-02-18 12:25:09 (3 months ago)	Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (POST meth ... show more Triggered Cloudflare WAF (firewallCustom) from DE. Action taken: BLOCK Protocol: HTTP/1.1 (POST method) Endpoint: /owa/auth.owa UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇷🇸 Smel	2026-02-15 06:07:02 (3 months ago)	HTTP/80/443/8080 Unauthorized Probe, Hack -	Hacking Web App Attack
🇬🇧 Swiptly	2026-02-11 05:02:41 (4 months ago)	Excessive 403/404/405 PHP/CMS errors from scanning or broken bots ...	Web App Attack
🇷🇸 Smel	2026-02-10 07:52:02 (4 months ago)	HTTP/80/443/8080 Unauthorized Probe, Hack -	Hacking Web App Attack
🇫🇷 Guardian	2026-02-08 09:20:46 (4 months ago)	Unauthorized connection attempt / Port scanning 172.111.208.241 [08/Feb/2026:09:20:45] "POST /owa/au ... show more Unauthorized connection attempt / Port scanning 172.111.208.241 [08/Feb/2026:09:20:45] "POST /owa/auth.owa HTTP/1.1" show less	Port Scan Web App Attack
🇮🇩 securejdprop	2026-02-06 05:50:39 (4 months ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus D ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET DROP Spamhaus DROP Listed Traffic Inbound group 32). Ip 172.111.208.241 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-02-06 05:50:37.233595045 +0000 UTC show less	Hacking Web App Attack
🇳🇱 i-turnradio.nl	2026-02-03 21:21:26 (4 months ago)	2026-02-03 22:21:26 (CET) ~ Blocked by abusescan risk assessment	Web App Attack
🇱🇻 garmtech.com	2026-01-26 10:08:23 (4 months ago)	IM360 WAF: Laravel .env file access	Web App Attack

Showing 1 to 15 of 149 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 216.26.247.0

🇩🇪 213.209.159.158

🇩🇪 209.50.184.44

🇳🇱 195.178.110.239

🇧🇩 103.26.136.173

🇺🇸 67.85.146.216

🇻🇳 14.191.6.4

🇺🇸 187.77.196.103

🇮🇳 182.18.139.237

🇨🇳 36.212.31.122

🇵🇹 185.99.232.89

🇰🇷 121.176.99.203

🇸🇬 101.47.156.21

🇫🇷 91.196.152.32

🇩🇪 45.3.44.137

🇧🇷 35.198.35.82

🇺🇸 34.187.227.17

🇩🇪 216.26.247.102

🇮🇳 216.10.242.215

🇩🇪 213.209.159.236