JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.173.166.32

158.173.166.32 was found in our database!

This IP was reported 6 times. Confidence of Abuse is 22%: ?

22%

ISP	VPN Consumer Oslo, Norway
Usage Type	Data Center/Web Hosting/Transit
ASN	AS42708
Domain Name	vpnconsumer.com
Country	🇳🇴 Norway
City	Oslo, Oslo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.173.166.32

Whois 158.173.166.32

IP Abuse Reports for 158.173.166.32:

This IP address has been reported a total of 6 times from 3 distinct sources. 158.173.166.32 was first reported on May 11th 2026, and the most recent report was 23 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 17:23:20 (23 hours ago)	(mod_security) mod_security (id:210801) triggered by 158.173.166.32 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 158.173.166.32 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 13:23:16.474541 2026] [security2:error] [pid 30240:tid 30240] [client 158.173.166.32:31451] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|k2servicesinc.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "k2servicesinc.net"] [uri "/license.txt"] [unique_id "aixAhE2lszzSQnc80RvTagAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-12 17:09:38 (23 hours ago)	158.173.166.32 - - [12/Jun/2026:19:09:38 +0200] "GET /?rsd HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windo ... show more 158.173.166.32 - - [12/Jun/2026:19:09:38 +0200] "GET /?rsd HTTP/1.1" 301 169 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.75 Safari/537.36 OPR/36.0.2130.32" show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 16:49:23 (1 day ago)	(mod_security) mod_security (id:210801) triggered by 158.173.166.32 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 158.173.166.32 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 12:49:16.519852 2026] [security2:error] [pid 31993:tid 31993] [client 158.173.166.32:58521] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|drrw.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "drrw.net"] [uri "/license.txt"] [unique_id "aiw4jMpb76SBAOfu-Nu5jAAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 12:47:45 (1 day ago)	(mod_security) mod_security (id:210801) triggered by 158.173.166.32 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 158.173.166.32 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 12 08:47:37.861009 2026] [security2:error] [pid 25270:tid 25270] [client 158.173.166.32:42871] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|logosformacion.net\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "logosformacion.net"] [uri "/license.txt"] [unique_id "aiv_6ba48QGFXRC_Jjv5kgAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 consul.to	2026-06-01 00:11:43 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇬🇧 consul.to	2026-05-11 09:25:48 (1 month ago)	Web attack/malicious scanning detected	Web App Attack

Showing 1 to 6 of 6 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇩 210.4.68.72

🇺🇸 200.10.45.193

🇬🇧 188.240.59.13

🇲🇽 187.251.123.104

🇮🇩 182.253.156.173

🇲🇴 182.93.50.90

🇸🇬 172.253.236.211

🇩🇪 167.94.146.77

🇺🇸 162.254.36.150

🇦🇴 154.116.254.157

🇺🇸 100.49.117.77

🇫🇷 51.68.34.131

🇷🇺 178.176.87.195

🇭🇰 172.71.218.228

🇨🇳 115.190.181.18

🇺🇸 82.108.66.56

🇺🇸 54.177.95.82

🇺🇸 52.167.144.59

🇺🇸 47.230.151.38

🇨🇳 14.103.10.167