JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.173.152.116

158.173.152.116 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 6%: ?

ISP	VPN Consumer Zurich, Switzerland
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇨🇭 Switzerland
City	Zurich, Zurich

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.173.152.116

Whois 158.173.152.116

IP Abuse Reports for 158.173.152.116:

This IP address has been reported a total of 19 times from 13 distinct sources. 158.173.152.116 was first reported on November 5th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 consul.to	2026-04-20 00:02:20 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇺🇸 xmission.com	2026-04-18 21:37:50 (1 month ago)	Blocked by UFW (TCP on 65535) Source port: 51194 TTL: 44 Packet length: 60 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 65535) Source port: 51194 TTL: 44 Packet length: 60 TOS: 0x08 This report (for 158.173.152.116) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇸🇮 basing	2026-03-31 07:39:51 (2 months ago)	2026-03-31 08:39:51 bs SASL PLAIN auth failed: rhost=158.173.152.116...	Brute-Force
Anonymous	2026-03-26 16:31:16 (2 months ago)	Failed login attempt detected by Fail2Ban in plesk-postfix jail	Brute-Force
🇺🇸 TPI-Abuse	2026-02-20 03:00:58 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 158.173.152.116 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.152.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 22:00:54.415121 2026] [security2:error] [pid 32180:tid 32180] [client 158.173.152.116:64948] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "doublenaughtspycar.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aZfOZtQ3rScgankYcwKRtwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-02-20 02:30:35 (3 months ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-02-20 02:13:48 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 158.173.152.116 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.152.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 21:13:41.285556 2026] [security2:error] [pid 10383:tid 10383] [client 158.173.152.116:43795] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dorismitchell.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aZfDVT1x1f8pE9XnoBc1rAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-02-20 01:43:25 (3 months ago)	158.173.152.116 - - [19/Feb/2026:18:43:24 -0700] "GET /xmlrpc.php?rsd HTTP/1.1" 301 162 "-" "Mozilla ... show more 158.173.152.116 - - [19/Feb/2026:18:43:24 -0700] "GET /xmlrpc.php?rsd HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32" ... show less	Web App Attack
🇮🇪 RoboSOC	2026-02-20 00:48:30 (3 months ago)	WordPress Marketplace Remote Code Execution Vulnerability CVE-2017-17043, PTR: PTR record not found	Hacking
🇳🇱 ConsulHosting	2026-02-19 23:57:31 (3 months ago)	Excessive failed CAPTCHA attempts (CAPTCHA DoS)	Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 22:04:21 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 158.173.152.116 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.152.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 17:04:15.235161 2026] [security2:error] [pid 12791:tid 12791] [client 158.173.152.116:6468] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dogarttoday.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aZeI3y-wLJiOxYa6aRw3UwAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 21:18:51 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 158.173.152.116 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.152.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 16:18:48.158656 2026] [security2:error] [pid 26044:tid 26044] [client 158.173.152.116:41451] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "doctoredwinalvarez.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aZd-OMRIcKmUsrNa6IKbkQAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-19 17:46:36 (3 months ago)	(mod_security) mod_security (id:210492) triggered by 158.173.152.116 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.152.116 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 19 12:46:29.236522 2026] [security2:error] [pid 6147:tid 6147] [client 158.173.152.116:5383] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dixiegeek.com"] [uri "/wp-admin/admin-ajax.php"] [unique_id "aZdMdRMmm5RyppVy1WdSMgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 SvrAdmin	2025-12-30 08:52:35 (5 months ago)	[101] (smtpauth) Failed SMTP AUTH login from 158.173.152.116 (CH/Switzerland/-): 5 in the last 3600 ... show more [101] (smtpauth) Failed SMTP AUTH login from 158.173.152.116 (CH/Switzerland/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SMTPAUTH; Logs: 2025-12-30 05:52:30 dovecot_login authenticator failed for (ADMIN) [158.173.152.116]:41148: 535 Incorrect authentication data ([email protected]) 2025-12-30 05:52:30 dovecot_login authenticator failed for (ADMIN) [158.173.152.116]:21636: 535 Incorrect authentication data ([email protected]) 2025-12-30 05:52:30 dovecot_login authenticator failed for (ADMIN) [158.173.152.116]:19650: 535 Incorrect authentication data ([email protected]) 2025-12-30 05:52:30 dovecot_login authenticator failed for (ADMIN) [158.173.152.116]:37576: 535 Incorrect authentication data ([email protected]) 2025-12-30 05:52:30 dovecot_login authenticator failed for (ADMIN) [158.173.152.116]:14480: 535 Incorrect authentication data ([email protected]) show less	Port Scan Hacking Brute-Force Exploited Host
🇧🇷 hostseries	2025-12-30 08:50:30 (5 months ago)	Trigger: LF_SMTPAUTH	Brute-Force

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 2a02:c7c:c499:af00:a8f7:534f:d45e:a8ef

🇹🇭 223.205.76.47

🇹🇭 223.204.123.132

🇺🇸 192.241.134.97

🇺🇸 136.117.229.97

🇨🇳 110.243.152.75

🇮🇩 103.159.199.42

🇻🇳 103.159.54.61

🇻🇳 103.159.50.137

🇷🇸 77.105.37.219

🇺🇸 35.188.208.115

🇮🇪 34.247.81.178

🇯🇵 23.131.24.240

🇧🇷 20.226.94.24

🇵🇰 203.135.42.52

🇻🇪 190.153.21.124

🇸🇬 152.32.220.188

🇨🇳 112.22.10.209

🇦🇹 109.70.100.2

🇲🇾 103.159.132.217