JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.173.20.138

158.173.20.138 was found in our database!

This IP was reported 31 times. Confidence of Abuse is 0%: ?

ISP	VPN Consumer Amsterdam, The Netherlands
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.173.20.138

Whois 158.173.20.138

IP Abuse Reports for 158.173.20.138:

This IP address has been reported a total of 31 times from 21 distinct sources. 158.173.20.138 was first reported on October 10th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 NXTwoThou	2026-05-12 03:14:57 (1 month ago)	/shop/wp-login.php	Web App Attack
🇸🇬 abuseipreport.darajati	2026-03-10 08:49:56 (3 months ago)	158.173.20.138 - - [2026-03-10T16:49:55+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 131 ... show more 158.173.20.138 - - [2026-03-10T16:49:55+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1314 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" ... show less	Web App Attack
🇸🇬 abuseipreport.darajati	2026-03-10 04:44:55 (3 months ago)	158.173.20.138 - - [2026-03-10T12:44:45+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 132 ... show more 158.173.20.138 - - [2026-03-10T12:44:45+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1322 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 158.173.20.138 - - [2026-03-10T12:44:54+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1321 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 158.173.20.138 - - [2026-03-10T12:44:54+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1321 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" ... show less	Web App Attack
🇸🇬 abuseipreport.darajati	2026-03-10 01:46:21 (3 months ago)	158.173.20.138 - - [2026-03-10T09:45:56+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 132 ... show more 158.173.20.138 - - [2026-03-10T09:45:56+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1320 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 158.173.20.138 - - [2026-03-10T09:46:10+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1316 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 158.173.20.138 - - [2026-03-10T09:46:10+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1316 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 158.173.20.138 - - [2026-03-10T09:46:20+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1322 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Win ... show less	Web App Attack
🇸🇪 KIDOS	2026-03-09 22:17:11 (3 months ago)	malicious activity	Web App Attack
🇺🇸 mind5t0rm	2026-03-09 20:46:37 (3 months ago)	(XMLRPC,WPLOGIN) Login failure/trigger from 158.173.20.138 (NL/Netherlands/-): 3 in the last 3600 se ... show more (XMLRPC,WPLOGIN) Login failure/trigger from 158.173.20.138 (NL/Netherlands/-): 3 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_TRIGGER; Logs: 158.173.20.138 - - [10/Mar/2026:03:46:29 +0700] "GET /wp-login.php HTTP/2.0" 200 2006 "https://accident-investigator.me" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 158.173.20.138 - - [10/Mar/2026:03:46:30 +0700] "GET /wp-login.php?action=lostpassword HTTP/2.0" 200 1263 "https://accident-investigator.me/wp-login.php" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 158.173.20.138 - - [10/Mar/2026:03:46:33 +0700] "POST /xmlrpc.php HTTP/2.0" 403 154 "https://accident-investigator.me/css/" "PHP/6.2.86" show less	Port Scan
🇸🇮 administrator	2026-03-09 19:42:33 (3 months ago)	2026-03-09 15:32:49,310 fail2ban.actions [1259]: NOTICE [ninjafirewall-syslog] Ban 158.173.2 ... show more 2026-03-09 15:32:49,310 fail2ban.actions [1259]: NOTICE [ninjafirewall-syslog] Ban 158.173.20.138 2026-03-09 17:40:12,438 fail2ban.actions [1259]: NOTICE [ninjafirewall-syslog] Ban 158.173.20.138 2026-03-09 20:42:32,121 fail2ban.actions [1259]: NOTICE [ninjafirewall-syslog] Ban 158.173.20.138 ... show less	Bad Web Bot Web Spam Email Spam Blog Spam Port Scan Brute-Force Web App Attack
🇩🇪 LRob.fr	2026-03-09 16:30:13 (3 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇸🇬 abuseipreport.darajati	2026-03-09 16:03:25 (3 months ago)	158.173.20.138 - - [2026-03-10T00:02:29+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 132 ... show more 158.173.20.138 - - [2026-03-10T00:02:29+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1320 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 158.173.20.138 - - [2026-03-10T00:02:43+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1322 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 158.173.20.138 - - [2026-03-10T00:02:56+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1322 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.0.0 Safari/537.36" 158.173.20.138 - - [2026-03-10T00:03:10+08:00] "POST /wp-login.php?action=register HTTP/1.1" 200 1325 "https://hestiaistiviani.com/wp-login.php?action=register" "Mozilla/5.0 (Win ... show less	Web App Attack
Anonymous	2026-03-08 07:30:06 (3 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2026-03-05 07:25:07 (3 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2026-03-02 07:20:18 (3 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2026-02-12 21:35:24 (4 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
🇩🇪 Hary74656	2026-02-09 06:48:22 (4 months ago)	Feb 9 07:47:44 odin postfix/submission/smtpd[49015]: warning: unknown[158.173.20.138]: SASL PLAIN a ... show more Feb 9 07:47:44 odin postfix/submission/smtpd[49015]: warning: unknown[158.173.20.138]: SASL PLAIN authentication failed: (reason unavailable), [email protected] Feb 9 07:47:50 odin postfix/submission/smtpd[49015]: warning: unknown[158.173.20.138]: SASL LOGIN authentication failed: (reason unavailable), [email protected] Feb 9 07:48:01 odin postfix/submission/smtpd[49015]: warning: unknown[158.173.20.138]: SASL PLAIN authentication failed: (reason unavailable), [email protected] Feb 9 07:48:03 odin postfix/submission/smtpd[49015]: warning: unknown[158.173.20.138]: SASL LOGIN authentication failed: (reason unavailable), [email protected] Feb 9 07:48:14 odin postfix/submission/smtpd[49015]: warning: unknown[158.173.20.138]: SASL PLAIN authentication failed: (reason unavailable), [email protected] ... show less	Brute-Force
🇸🇪 konseptit	2026-01-29 08:39:38 (5 months ago)	(smtpauth) Failed SMTP AUTH login from 158.173.20.138 (NL/The Netherlands/-)	Brute-Force

Showing 1 to 15 of 31 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 205.210.31.42

🇹🇭 203.170.192.251

🇮🇩 182.253.156.184

🇳🇱 176.65.139.251

🇻🇳 171.243.150.146

🇺🇸 161.35.5.150

🇸🇬 157.230.249.241

🇺🇸 147.185.132.10

🇮🇳 124.253.203.68

🇫🇷 109.123.241.185

🇰🇷 106.246.224.218

🇧🇩 103.157.237.139

🇵🇱 95.214.53.157

🇷🇺 92.53.115.23

🇳🇱 91.92.42.195

🇳🇱 91.92.40.200

🇺🇸 54.175.41.109

🇫🇷 51.15.149.97

🇮🇷 2.183.203.148

🇷🇸 213.196.96.150