JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.173.21.214

158.173.21.214 was found in our database!

This IP was reported 23 times. Confidence of Abuse is 12%: ?

12%

ISP	VPN Consumer Amsterdam, The Netherlands
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇳🇱 Netherlands
City	Amsterdam, North Holland

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.173.21.214

Whois 158.173.21.214

IP Abuse Reports for 158.173.21.214:

This IP address has been reported a total of 23 times from 19 distinct sources. 158.173.21.214 was first reported on October 25th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 matthieul.dev	2026-06-17 14:25:17 (4 days ago)	Blocked by os-abuseipdb; 7 hits, proto=tcp,udp, ports=11782,36616	Port Scan Brute-Force
🇷🇺 Agrohim	2026-05-29 00:35:09 (3 weeks ago)	Gate Inet blocked for categories:	DDoS Attack Ping of Death Port Scan Hacking Brute-Force
🇫🇷 Nicolmn	2026-04-06 19:38:44 (2 months ago)	Web form spam ( id rl-mm.l )	Web Spam
Anonymous	2026-04-06 16:04:27 (2 months ago)		Web Spam Bad Web Bot
🇦🇺 oncord	2026-04-06 11:36:20 (2 months ago)	Form spam	Web Spam
🇫🇮 Shaik Sai Meera	2026-04-06 11:05:23 (2 months ago)	IM360 WAF: SQL Dorks collection for SQL Injection	FTP Brute-Force Port Scan SSH
🇨🇭 backslash	2026-04-06 10:21:00 (2 months ago)		Web Spam
🇺🇸 TPI-Abuse	2026-04-02 23:20:15 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 158.173.21.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 158.173.21.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 19:20:09.873796 2026] [security2:error] [pid 6170:tid 6170] [client 158.173.21.214:53711] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|hydrometal-js.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "hydrometal-js.com"] [uri "/wordpress/wp-json/wp/v2/users"] [unique_id "ac75qVY2UvhWGMjvSgJ3AQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 22:32:14 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 158.173.21.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 158.173.21.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 18:32:09.197238 2026] [security2:error] [pid 5180:tid 5180] [client 158.173.21.214:46890] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gerrytolentino.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gerrytolentino.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ac7uaWfowP-10Smp75LKaAAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-02 22:15:27 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 158.173.21.214 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:225170) triggered by 158.173.21.214 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 02 18:15:22.392462 2026] [security2:error] [pid 16056:tid 16056] [client 158.173.21.214:8327] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|frenchla.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "frenchla.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ac7qeg14GHNLTBGaYQCxqwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇷🇺 Agrohim	2026-03-14 01:07:05 (3 months ago)	Gate Inet blocked for categories:	DDoS Attack Ping of Death Port Scan Hacking Brute-Force
🇺🇸 COMPLEX	2026-03-09 02:00:24 (3 months ago)	Unsolicited TCP traffic \| Action: DROP \| Port 44779	Brute-Force
Anonymous	2026-02-11 12:14:01 (4 months ago)	...	Brute-Force
🇮🇱 Dolphi	2026-02-08 08:34:27 (4 months ago)	Mail server brute force	Email Spam Brute-Force
🇺🇸 bigscoots.com	2026-02-07 18:33:08 (4 months ago)	(smtpauth) Failed SMTP AUTH login from 158.173.21.214 (NL/The Netherlands/-): 5 in the last 3600 sec ... show more (smtpauth) Failed SMTP AUTH login from 158.173.21.214 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: 25,465,587; Direction: 0; Trigger: LF_SMTPAUTH; Logs: 2026-02-07 13:32:43 dovecot_plain authenticator failed for H=([10.16.18.68]) [158.173.21.214]:7951: 535 Incorrect authentication data ([email protected]) 2026-02-07 13:32:49 dovecot_login authenticator failed for H=([10.16.18.68]) [158.173.21.214]:7951: 535 Incorrect authentication data ([email protected]) 2026-02-07 13:32:56 dovecot_plain authenticator failed for H=([10.16.18.68]) [158.173.21.214]:49507: 535 Incorrect authentication data ([email protected]) 2026-02-07 13:32:58 dovecot_login authenticator failed for H=([10.16.18.68]) [158.173.21.214]:49507: 535 Incorrect authentication data ([email protected]) 2026-02-07 13:33:07 dovecot_plain authenticator failed for H=([10.16.18.68]) [158.173.21.214]:16323: 535 Incorrect authentication data ([email protected]) show less	Brute-Force SSH

Showing 1 to 15 of 23 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 204.76.203.206

🇨🇴 179.32.33.161

🇳🇱 176.65.139.217

🇨🇴 143.105.99.3

🇮🇩 180.254.73.155

🇮🇩 157.66.172.40

🇺🇸 143.55.45.206

🇺🇸 107.150.111.215

🇮🇩 103.106.145.96

🇷🇴 80.94.92.166

🇩🇪 69.5.169.134

🇰🇷 61.72.145.38

🇧🇬 185.253.160.7

🇮🇩 103.186.204.40

🇩🇪 69.5.169.139

🇺🇸 174.138.89.209

🇩🇪 151.243.11.245

🇮🇳 106.192.130.126

🇷🇴 92.118.39.210

🇺🇸 74.7.230.56