JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.173.20.106

158.173.20.106 was found in our database!

This IP was reported 64 times. Confidence of Abuse is 39%: ?

39%

ISP	VPN Consumer Amsterdam, The Netherlands
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.173.20.106

Whois 158.173.20.106

IP Abuse Reports for 158.173.20.106:

This IP address has been reported a total of 64 times from 50 distinct sources. 158.173.20.106 was first reported on November 20th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇳 evicky2002	2026-04-30 13:02:46 (1 month ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
🇧🇪 taivas.nl	2026-04-24 04:32:22 (1 month ago)	Many_bad_calls	Web App Attack
🇳🇱 homeshowdomain.nl	2026-04-23 21:59:03 (1 month ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-04-22. show less	Web App Attack SSH Hacking
🇨🇭 4server	2026-04-23 19:32:56 (1 month ago)	[ThuApr2321:32:49.6931862026][security2:error][pid771255:tid771267][client158.173.20.106:0]ModSecuri ... show more [ThuApr2321:32:49.6931862026][security2:error][pid771255:tid771267][client158.173.20.106:0]ModSecurity:Accessdeniedwithcode403\(phase2\).OperatorGEmatched5atTX:anomaly_score.[file\"/etc/apache2/conf.d/modsec_vendor_configs/OWASP3/rules/REQUEST-949-BLOCKING-EVALUATION.conf\"][line\"94\"][id\"949110\"][msg\"InboundAnomalyScoreExceeded\(TotalScore:5\)\"][severity\"CRITICAL\"][ver\"OWASP_CRS/3.3.9\"][tag\"application-multi\"][tag\"language-multi\"][tag\"platform-multi\"][tag\"attack-generic\"][hostname\"www.giuristifriburgo.ch\"][uri\"/contatti-e-iscrizioni/\"][unique_id\"aepz4X3ShNw2-5WfHsgnkAAAAMo\"]\,referer:https://www.giuristifriburgo.ch/contatti-e-iscrizioni/ show less	Hacking Web App Attack
🇩🇪 paissangroup	2026-04-23 19:10:09 (1 month ago)	Multiple WAF Violations	Web App Attack
🇩🇪 conseilgouz	2026-04-23 16:43:11 (1 month ago)	vew-(visforms) : try to access forms...	Hacking
Anonymous	2026-04-22 04:31:34 (1 month ago)	Failed login attempt detected by Fail2Ban in plesk-modsecurity jail	Exploited Host
🇺🇸 octageeks.com	2026-04-22 04:07:21 (1 month ago)	Wordpress malicious attack:[octablocked]	Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 03:35:23 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 158.173.20.106 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 158.173.20.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 23:35:14.984929 2026] [security2:error] [pid 29766:tid 29766] [client 158.173.20.106:64072] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "normteslaa.com"] [uri "/.env"] [unique_id "aehB8qazq1Ipji3b6yJwywAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-22 03:17:21 (1 month ago)	Excessive 404 Traffic Wordpress	Web App Attack
Anonymous	2026-04-22 03:15:01 (1 month ago)	suspicious request in access.log	Web App Attack
🇺🇸 TPI-Abuse	2026-04-22 03:01:04 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 158.173.20.106 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 158.173.20.106 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 23:00:56.581489 2026] [security2:error] [pid 31729:tid 31753] [client 158.173.20.106:35227] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stonyp.com"] [uri "/.env"] [unique_id "aeg56Jcj4yusEHYJw5wwlQAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-04-22 02:05:26 (1 month ago)	Too many Status 40X (15) Scanning/Probing (30)	Brute-Force Web App Attack
Anonymous	2026-04-22 01:13:51 (1 month ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇺🇸 S.O.B.A. Dev.	2026-04-22 01:05:07 (1 month ago)	Threat Blocked by BeeHive from (ASN:212238) (Network:CDNEXT) (Host:soba.dev) (Method:GET) (Protocol: ... show more Threat Blocked by BeeHive from (ASN:212238) (Network:CDNEXT) (Host:soba.dev) (Method:GET) (Protocol:HTTP/1.1) (Timestamp:2026-04-22T01:05:07Z) show less	Brute-Force Web Spam Web App Attack

Showing 1 to 15 of 64 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇷 2a00:1d34:a165:1c01:20a3:8033:449b:f98c

🇺🇸 2602:80d:1007::7e

🇰🇷 175.210.74.19

🇩🇪 167.94.146.40

🇨🇦 165.245.235.53

🇨🇦 154.20.30.177

🇨🇳 115.190.179.68

🇫🇷 54.38.109.217

🇲🇾 47.250.150.252

🇳🇱 45.142.193.118

🇭🇰 223.16.84.185

🇺🇸 208.84.100.108

🇳🇱 94.154.35.215

🇺🇸 45.59.161.73

🇺🇸 35.25.31.121

🇺🇸 3.131.24.55

🇵🇰 205.164.157.72

🇨🇱 179.57.170.71

🇸🇬 152.42.170.139

🇸🇬 43.156.92.183