JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.173.20.61

158.173.20.61 was found in our database!

This IP was reported 27 times. Confidence of Abuse is 23%: ?

23%

ISP	VPN Consumer Amsterdam, The Netherlands
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.173.20.61

Whois 158.173.20.61

IP Abuse Reports for 158.173.20.61:

This IP address has been reported a total of 27 times from 21 distinct sources. 158.173.20.61 was first reported on October 11th 2025, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 consul.to	2026-05-06 13:24:43 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇮🇳 evicky2002	2026-05-06 06:00:00 (1 month ago)	Confirmed malicious by STILWaters CTI platform (score=94, sources=1)	Hacking Brute-Force SSH
🇬🇧 noise.agency	2026-05-05 08:19:10 (1 month ago)	(wordpress) Failed wordpress login from 158.173.20.61 (NL/Netherlands/-)	Brute-Force
🇬🇧 BRHosting	2026-05-05 07:46:02 (1 month ago)	Wordpress brute force attack for login credentials (eg xmlrc.php or wp-login.php)	Brute-Force Web App Attack
🇫🇷 Baking333	2026-05-05 07:41:00 (1 month ago)	[redacted] 158.173.20.61 - - [05/May/2026:08:40:59 +0100] "GET /[redacted] HTTP/1.1" 302 5268 0/1729 ... show more [redacted] 158.173.20.61 - - [05/May/2026:08:40:59 +0100] "GET /[redacted] HTTP/1.1" 302 5268 0/172940 "http://[redacted]/[redacted]" "Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36" [redacted] 158.173.20.61 - - [05/May/2026:08:40:59 +0100] "GET / HTTP/1.1" 200 8716 0/142730 "https://[redacted]/[redacted]" "Mozilla/5.0 (Linux; Android 14; SM-S918B) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Mobile Safari/537.36" show less	Bad Web Bot Web App Attack
🇺🇸 ArturShelby	2026-05-05 07:38:23 (1 month ago)	Honeypot triggered: /xmlrpc.php	Web App Attack
Anonymous	2026-05-05 07:08:59 (1 month ago)	Fail2Ban Log Report 158.173.20.61 - [05/May/2026:09:08:50 +0200] "GET /xmlrpc.php HTTP/2.0" 301 162 ... show more Fail2Ban Log Report 158.173.20.61 - [05/May/2026:09:08:50 +0200] "GET /xmlrpc.php HTTP/2.0" 301 162 "http://cvazquez.es/xmlrpc.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_2_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15" "-" "158.173.20.61" 158.173.20.61 - [05/May/2026:09:08:50 +0200] "GET /xmlrpc.php HTTP/2.0" 403 1813 "https://cvazquez.es/xmlrpc.php" "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_2_1) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15" "2.51" "158.173.20.61" ... show less	Port Scan Hacking Web App Attack
🇬🇧 consul.to	2026-05-04 17:05:27 (1 month ago)	Web attack/malicious scanning detected	Web App Attack
🇲🇾 Rizzy	2026-05-03 23:14:38 (1 month ago)	Multiple WAF Violations	Brute-Force Web App Attack
🇧🇪 cmbplf	2026-05-02 21:03:51 (1 month ago)	6.417 post requests in 1 hour (1w3d2h)	Brute-Force Bad Web Bot
🇺🇸 xmission.com	2026-05-02 13:58:19 (1 month ago)	Blocked by UFW (TCP on 61126) Source port: 43347 TTL: 48 Packet length: 60 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 61126) Source port: 43347 TTL: 48 Packet length: 60 TOS: 0x08 This report (for 158.173.20.61) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇦🇺 oncord	2026-04-30 19:57:58 (1 month ago)	Form spam	Web Spam
🇨🇭 backslash	2026-04-30 18:48:08 (1 month ago)	block ruleset WAF detection and high score on abuseIPDB 149EB1B42C242111FADBBC2EF8F90219570691E1	Bad Web Bot
🇦🇺 Anytech	2026-04-30 18:39:29 (1 month ago)	Blocked by Conn-Monitor: Automated form spam	Bad Web Bot Web App Attack
🇩🇪 conseilgouz	2026-04-30 18:36:10 (1 month ago)	vew-(visforms) : try to access forms...	Hacking

Showing 1 to 15 of 27 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 3.131.24.55

🇩🇪 162.158.95.250

🇨🇳 122.230.226.116

🇳🇱 91.92.40.8

🇫🇮 65.109.211.195

🇺🇸 52.237.167.19

🇺🇸 40.83.182.122

🇺🇸 20.168.6.226

🇺🇸 18.119.209.50

🇻🇳 14.227.6.18

🇺🇸 195.184.76.180

🇦🇺 168.138.23.15

🇲🇾 115.132.164.82

🇺🇸 96.78.175.41

🇺🇸 64.23.151.46

🇫🇷 46.105.39.50

🇺🇸 43.153.59.240

🇧🇪 34.140.190.165

🇩🇪 217.253.125.123

🇮🇷 185.141.107.50