JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.173.21.206

158.173.21.206 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 0%: ?

ISP	VPN Consumer Amsterdam, The Netherlands
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.173.21.206

Whois 158.173.21.206

IP Abuse Reports for 158.173.21.206:

This IP address has been reported a total of 28 times from 16 distinct sources. 158.173.21.206 was first reported on November 3rd 2025, and the most recent report was 2 months ago.

Old Reports: The most recent abuse report for this IP address is from 2 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 xmission.com	2026-04-05 04:04:28 (2 months ago)	Blocked by UFW (TCP on 1) Source port: 8178 TTL: 110 Packet length: 52 TOS: 0x08 This report (for 1 ... show more Blocked by UFW (TCP on 1) Source port: 8178 TTL: 110 Packet length: 52 TOS: 0x08 This report (for 158.173.21.206) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇨🇦 SSH-Admin	2026-04-03 09:00:05 (2 months ago)	Probing for Exploits on ns200	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 21:33:41 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 158.173.21.206 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 158.173.21.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 17:33:37.344387 2026] [security2:error] [pid 10591:tid 10591] [client 158.173.21.206:23422] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|epetsure.co\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "epetsure.co"] [uri "/wp-json/wp/v2/users"] [unique_id "ac7gsV3BBfmISvi4mUm-FQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-04-02 20:43:39 (2 months ago)	DEAGICO WEBEXPLOIT 158.173.21.206 (158.173.21.206)	Web App Attack
🇧🇪 cmbplf	2026-04-02 20:06:53 (2 months ago)	12.154 4xx requests in 1 hour (1yr10mos3w)	Brute-Force Bad Web Bot
🇨🇦 SSH-Admin	2026-04-02 20:05:22 (2 months ago)	Probing for Exploits on ns210	Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 20:03:03 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 158.173.21.206 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 158.173.21.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 16:02:57.216929 2026] [security2:error] [pid 24485:tid 24485] [client 158.173.21.206:46349] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|cmcnow.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "cmcnow.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ac7LcXa-A8G2PN4_Jj-QJgAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 19:43:38 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 158.173.21.206 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 158.173.21.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 15:43:34.776758 2026] [security2:error] [pid 15352:tid 15357] [client 158.173.21.206:34835] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|chaoticperception.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "chaoticperception.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ac7G5lq92NMJuwP-np0OaQAAAEA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 19:24:05 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 158.173.21.206 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 158.173.21.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 15:23:59.762283 2026] [security2:error] [pid 11956:tid 11956] [client 158.173.21.206:21274] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|campnecon.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "campnecon.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ac7CT3N0u7YRbAvTeO8pagAAACw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 18:20:07 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 158.173.21.206 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 158.173.21.206 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 14:20:02.273985 2026] [security2:error] [pid 8175:tid 8175] [client 158.173.21.206:32257] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|automatebi.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "automatebi.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ac6zUjrGMa4H_CIh-vbhAQAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 tvipper.com	2026-04-02 18:19:36 (2 months ago)	Auto reported by IDS	Web App Attack
Anonymous	2026-02-27 09:35:27 (3 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2026-02-20 22:35:08 (4 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
Anonymous	2026-02-16 02:50:23 (4 months ago)	Unauthorized connection attempt detected in the last 24 hours	Hacking
🇨🇿 lp	2026-02-08 12:02:17 (4 months ago)	Email account brute force: 6 attempts were recorded from 158.173.21.206 2026-02-08T12:34:19+01:00 wa ... show more Email account brute force: 6 attempts were recorded from 158.173.21.206 2026-02-08T12:34:19+01:00 warning: unknown[158.173.21.206]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-02-08T12:34:19+01:00 warning: unknown[158.173.21.206]: SASL LOGIN authentication failed: authentication failure, [email protected] 2026-02-08T12:34:19+01:00 warning: unknown[158.173.21.206]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-02-08T12:34:19+01:00 warning: unknown[158.173.21.206]: SASL LOGIN authentication failed: authentication failure, [email protected] 2026-02-08T12:34:26+01:00 warning: unknown[158.173.21.206]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-02-08T12:34:26+01:00 warning: unknown[158.173.21.206]: SASL LOGIN authentication failed: show less	Brute-Force

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇹🇼 45.150.242.95

🇨🇱 201.215.73.177

🇺🇸 192.3.245.167

🇺🇸 165.22.9.29

🇨🇳 123.145.13.103

🇻🇳 103.241.43.193

🇺🇸 47.251.55.135

🇵🇪 38.253.147.153

🇬🇧 35.203.210.36

🇸🇪 31.59.160.12

🇺🇸 20.64.104.164

🇹🇭 202.29.236.76

🇳🇱 193.176.31.216

🇨🇦 165.22.225.218

🇨🇳 140.206.195.111

🇫🇷 91.196.152.177

🇺🇸 66.132.195.28

🇵🇰 223.123.46.65

🇨🇳 222.222.73.70

🇺🇸 195.184.76.129