JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.173.21.1

158.173.21.1 was found in our database!

This IP was reported 43 times. Confidence of Abuse is 74%: ?

74%

ISP	VPN Consumer Amsterdam, The Netherlands
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.173.21.1

Whois 158.173.21.1

IP Abuse Reports for 158.173.21.1:

This IP address has been reported a total of 43 times from 34 distinct sources. 158.173.21.1 was first reported on March 14th 2026, and the most recent report was 2 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 2 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 soc-yk	2026-06-03 19:54:12 (2 weeks ago)	Type: web_scanning Risk: 89 Events: 25 Evidence: - Automated hostile web probing detected - Repeate ... show more Type: web_scanning Risk: 89 Events: 25 Evidence: - Automated hostile web probing detected - Repeated web scanning activity observed - Threat escalation behavior observed show less	Web App Attack
🇧🇷 ufn.edu.br	2026-06-03 19:02:38 (2 weeks ago)	[Wed Jun 03 15:52:19.415736 2026] [access_compat:error] [pid 27271] [client 158.173.21.1:20672] AH01 ... show more [Wed Jun 03 15:52:19.415736 2026] [access_compat:error] [pid 27271] [client 158.173.21.1:20672] AH01797: client denied by server configuration: /var/www/html/x.php [Wed Jun 03 15:52:20.866655 2026] [access_compat:error] [pid 27271] [client 158.173.21.1:20672] AH01797: client denied by server configuration: /var/www/html/alfa.php [Wed Jun 03 15:52:23.341931 2026] [access_compat:error] [pid 27271] [client 158.173.21.1:20672] AH01797: client denied by server configuration: /var/www/html/c99.php ... show less	Exploited Host Web App Attack
🇺🇦 URAN Publishing Service	2026-06-03 18:41:27 (2 weeks ago)	158.173.21.1 - - [03/Jun/2026:21:41:12 +0300] "GET /wp-content/wp-logins.php HTTP/1.1" 404 628 "-" " ... show more 158.173.21.1 - - [03/Jun/2026:21:41:12 +0300] "GET /wp-content/wp-logins.php HTTP/1.1" 404 628 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" 158.173.21.1 - - [03/Jun/2026:21:41:26 +0300] "GET /wp-content/wp-admin.php HTTP/1.1" 404 628 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36" ... show less	Web App Attack
🇺🇸 Charlesiv	2026-05-30 16:00:15 (3 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from NL. Action taken: BLOCK ASN: 212238 (Datacamp Limited ... show more Triggered Cloudflare WAF (firewallCustom) from NL. Action taken: BLOCK ASN: 212238 (Datacamp Limited) Protocol: HTTP/1.1 (GET method) Endpoint: / Timestamp: 2026-05-30T14:39:33Z Ray ID: a03e7d277f12c5d6 UA: Empty string show less	Bad Web Bot
🇺🇸 aks4226	2026-05-30 14:18:22 (3 weeks ago)	Attacking common web applications. (n01)	Web App Attack
🇩🇪 Hazzard	2026-05-30 11:45:46 (3 weeks ago)	(apache-empty-ua) Failed empty apache-ua trigger with match [redacted]): (CF_ENABLE)	Hacking
Anonymous	2026-05-30 10:17:13 (3 weeks ago)	158.173.21.1 - - [30/May/2026:12:17:12 +0200] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux ... show more 158.173.21.1 - - [30/May/2026:12:17:12 +0200] "GET / HTTP/1.1" 301 169 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36" show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 08:20:45 (3 weeks ago)	(mod_security) mod_security (id:240335) triggered by 158.173.21.1 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 158.173.21.1 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 04:20:40.425233 2026] [security2:error] [pid 3582:tid 3582] [client 158.173.21.1:54582] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 158.173.21.1 (+1 hits since last alert)\|lakependoreillemobility.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "lakependoreillemobility.com"] [uri "/xmlrpc.php"] [unique_id "ahqd2GEY6mC_d2s8i0m7kgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WeekendWeb	2026-05-30 07:16:18 (3 weeks ago)	Wordpress Vunerability attack	Web App Attack
🇫🇮 YF	2026-05-30 05:03:00 (3 weeks ago)	WordPress author enumeration	Web App Attack
🇫🇷 dynamix	2026-05-30 04:52:29 (3 weeks ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇺🇸 factor1	2026-05-30 04:50:07 (3 weeks ago)	Fail2ban at churndash Reports Abuse.	Brute-Force Web App Attack
🇩🇪 0x44	2026-05-30 04:49:23 (3 weeks ago)	Web probing - backdoors/webshells with missing User-Agent	Bad Web Bot Web App Attack
🇺🇸 integrantservices.com	2026-05-30 03:36:37 (3 weeks ago)	(wordpress) Failed wordpress login from 158.173.21.1 (-)	Brute-Force
🇨🇦 electronico	2026-05-30 01:32:51 (3 weeks ago)	158.173.21.1 - - [30/May/2026:12:32:51 +1100] "GET /xmlrpc.php HTTP/1.1" 301 427 "-" "Mozilla/5.0 (M ... show more 158.173.21.1 - - [30/May/2026:12:32:51 +1100] "GET /xmlrpc.php HTTP/1.1" 301 427 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_2_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15" ... show less	Brute-Force Web App Attack

Showing 1 to 15 of 43 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇿 178.90.250.170

🇺🇸 216.25.89.149

🇩🇪 192.109.200.220

🇺🇸 172.253.214.116

🇩🇪 92.209.158.170

🇺🇸 91.230.168.200

🇷🇴 80.94.92.182

🇺🇸 73.229.181.35

🇬🇧 46.101.42.230

🇱🇹 45.227.254.170

🇳🇱 45.148.10.157

🇨🇳 14.103.108.225

🇷🇴 193.46.255.86

🇵🇭 126.209.106.141

🇨🇦 99.248.130.125

🇺🇸 72.10.32.138

🇩🇪 69.5.169.218

🇺🇸 67.207.89.113

🇩🇪 46.128.118.93

🇳🇱 45.148.10.152