JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 195.170.172.108

195.170.172.108 was found in our database!

This IP was reported 2,361 times. Confidence of Abuse is 91%: ?

91%

ISP	NextGenWebs, S.L.
Usage Type	Data Center/Web Hosting/Transit
ASN	AS41608
Domain Name	nextgenwebs.es
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 195.170.172.108

Whois 195.170.172.108

IP Abuse Reports for 195.170.172.108:

This IP address has been reported a total of 2,361 times from 789 distinct sources. 195.170.172.108 was first reported on August 9th 2023, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 ICS Labs	2026-06-09 19:02:35 (2 weeks ago)	ICS Labs identified 195.170.172.108 as a malicious indicator from threat intelligence.	DDoS Attack Hacking Brute-Force Exploited Host
🇺🇸 MaxSmartCode	2026-06-03 11:25:54 (3 weeks ago)	Credential brute-force attacks on webpage.	Brute-Force SSH
🇩🇪 dbmwebdesign	2026-06-03 07:00:04 (3 weeks ago)	Bot detected and blocked by Fail2Ban in bytespider jail	Bad Web Bot
🇩🇪 FeG Deutschland	2026-06-03 05:22:13 (3 weeks ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 1247	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 05:12:51 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 195.170.172.108 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 195.170.172.108 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 01:12:46.494666 2026] [security2:error] [pid 12849:tid 12849] [client 195.170.172.108:0] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kirklandhighlands.org"] [uri "/.env.development"] [unique_id "ah-3zjWmDR8gOmgdMneEoQAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 antlac1	2026-06-03 02:31:59 (3 weeks ago)	crowdsecurity/http-sensitive-files	Brute-Force Web App Attack
🇩🇪 EGP Abuse Dept	2026-06-03 02:19:32 (3 weeks ago)	Scanning for web/db/file exploits on tpc-014.mach3builders.nl	SQL Injection Bad Web Bot Web App Attack
🇬🇧 andypiper	2026-06-03 01:01:43 (3 weeks ago)	CrowdSec ban for AbuseIPDB Top List	Brute-Force Web App Attack
🇳🇱 homeshowdomain.nl	2026-06-02 21:59:11 (3 weeks ago)	Auto-ban: >3000 req/min op 2026-06-02	Web App Attack SSH Hacking
🇹🇷 baku.hosting	2026-06-02 21:38:10 (3 weeks ago)	CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 195.170.172.108 (NL/The Nether ... show more CSF Auto Report: (mod_security) mod_security (id:949110) triggered by 195.170.172.108 (NL/The Netherlands/-): 5 in the last 3600 secs show less	Brute-Force Web App Attack
🇬🇧 consul.to	2026-06-02 18:30:24 (3 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 LotPhantom	2026-06-02 18:24:29 (3 weeks ago)	2026/06/02 18:24:29 [error] 46371#46371: 4896 connect() failed (111: Connection refused) while conn ... show more 2026/06/02 18:24:29 [error] 46371#46371: 4896 connect() failed (111: Connection refused) while connecting to upstream, client: 195.170.172.108, server: wynnesmiles.com, request: "GET / HTTP/2.0", upstream: "http://127.0.0.1:4001/", host: "wynnesmiles.com" ... show less	Web App Attack
🇳🇱 e.fierstra	2026-06-02 15:31:10 (3 weeks ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇫🇷 mouafiq	2026-06-02 07:13:29 (3 weeks ago)	2026-06-02 07:13:26,019 7690 INFO ? werkzeug: 195.170.172.108 - - [02/Jun/2026 07:13:26] "GET /.aws/ ... show more 2026-06-02 07:13:26,019 7690 INFO ? werkzeug: 195.170.172.108 - - [02/Jun/2026 07:13:26] "GET /.aws/credentials HTTP/1.0" 404 - 1 0.002 0.006 2026-06-02 07:13:27,768 7690 INFO ? werkzeug: 195.170.172.108 - - [02/Jun/2026 07:13:27] "GET /secrets.json HTTP/1.0" 404 - 1 0.003 0.010 2026-06-02 07:13:28,708 23066 INFO ? werkzeug: 195.170.172.108 - - [02/Jun/2026 07:13:28] "GET /vault.env HTTP/1.0" 404 - 1 0.002 0.007 2026-06-02 07:13:28,750 7690 INFO ? werkzeug: 195.170.172.108 - - [02/Jun/2026 07:13:28] "GET /secrets.yml HTTP/1.0" 404 - 1 0.003 0.007 2026-06-02 07:13:28,813 23066 INFO ? werkzeug: 195.170.172.108 - - [02/Jun/2026 07:13:28] "GET /.git/config HTTP/1.0" 404 - 1 0.002 0.006 show less	Brute-Force SSH
🇺🇸 Matthew Ping	2026-06-02 03:16:11 (3 weeks ago)	ModSecurity rule 949110 triggered on wp2. Web application attack blocked by CSF/LFD.	Web App Attack Hacking

Showing 1 to 15 of 2361 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇵🇭 58.69.56.44

🇳🇱 45.153.34.167

🇺🇬 196.0.107.158

🇩🇪 194.88.98.121

🇷🇴 193.32.162.103

🇳🇱 176.65.139.237

🇺🇸 172.217.46.149

🇨🇳 171.37.92.11

🇨🇳 171.36.7.210

🇺🇸 162.216.149.63

🇨🇳 106.117.110.153

🇫🇷 95.111.231.180

🇸🇬 47.128.61.228

🇧🇩 37.111.212.146

🇺🇸 20.168.122.39

🇵🇱 2a04:c605:409:93:9999::233

🇺🇸 216.218.206.119

🇺🇸 185.223.152.79

🇧🇷 177.152.42.12

🇻🇳 171.250.163.153