JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.173.241.130

158.173.241.130 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 41%: ?

41%

ISP	VPN Consumer Stockholm, Sweden
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.173.241.130

Whois 158.173.241.130

IP Abuse Reports for 158.173.241.130:

This IP address has been reported a total of 21 times from 9 distinct sources. 158.173.241.130 was first reported on April 22nd 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-03 17:41:49 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210801) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 13:41:43.108411 2026] [security2:error] [pid 29542:tid 29542] [client 158.173.241.130:26813] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|www.idmadventures.com\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "www.idmadventures.com"] [uri "/license.txt"] [unique_id "aiBnV8FF3rtflHez-f6zQAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 16:28:15 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210801) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 12:28:07.539740 2026] [security2:error] [pid 15201:tid 15288] [client 158.173.241.130:32929] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|newtrendmag.org\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "newtrendmag.org"] [uri "/license.txt"] [unique_id "aiBWFwgvk9VpzcB3V4pb_gAAAZM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 14:04:01 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210801) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 10:03:56.406236 2026] [security2:error] [pid 27073:tid 27073] [client 158.173.241.130:33265] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|naturalpozzolanassociation.org\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "naturalpozzolanassociation.org"] [uri "/license.txt"] [unique_id "aiA0TFwJxyTc3C3LeUqsjAAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 06:26:48 (1 week ago)	(mod_security) mod_security (id:210801) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210801) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:26:40.553314 2026] [security2:error] [pid 4504:tid 4504] [client 158.173.241.130:63695] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|bearssd.org\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "bearssd.org"] [uri "/license.txt"] [unique_id "ah_JIFitg00nPCj7c9S-JgAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 13:25:40 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 09:25:35.540612 2026] [security2:error] [pid 16515:tid 16515] [client 158.173.241.130:36605] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "assistfeed.com"] [uri "/wp-config.php.bak"] [unique_id "ah7Zz1wxvl8w8YZxM4gJJQAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 11:32:24 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 07:32:20.085542 2026] [security2:error] [pid 14636:tid 14636] [client 158.173.241.130:26539] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "arsenaultartistmanagement.com"] [uri "/wp-config.php.bak"] [unique_id "ah6_RKDQUkFTvF4RSwvBlAAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 01:48:30 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.130 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 21:48:23.198281 2026] [security2:error] [pid 1596:tid 1596] [client 158.173.241.130:52931] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "americanureport.com"] [uri "/wp-config.php.bak"] [unique_id "ah42Z7cWjOKlgGWrJqqwPgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-01 13:07:50 (1 week ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇿🇦 Tokolosh Hunters	2026-05-30 15:58:28 (1 week ago)	AutoBlockWindow-Known bad useragent query-2026-05-30 15:58:27	Bad Web Bot
🇧🇪 cmbplf	2026-05-24 11:37:41 (2 weeks ago)	201 requests with url.path *.php.bak	Brute-Force Bad Web Bot
🇩🇰 ScamAware	2026-05-23 15:54:52 (2 weeks ago)	Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensiti ... show more Detected by Cloudflare Security Events via WordPress automation. Detection: sensitive_files (Sensitive files, source control, config, and backups). Hits from same IP in last 60 minutes: 1. Unique request paths counted internally: 1. Cloudflare action: block. Cloudflare source: firewallCustom. show less	Web App Attack
🇺🇸 nowyouknow	2026-05-22 09:12:08 (3 weeks ago)	(From [email protected]) IMPORTANT MESSAGE! Don't Wait Your 1.3426 BTC is Live https://telegra.ph ... show more (From [email protected]) IMPORTANT MESSAGE! Don't Wait Your 1.3426 BTC is Live https://telegra.ph/You-Mined-13426-BTC-Message-ID-448843-05-04 Reservation ID: d9bq1v1i5i0t5d6of9zy3v1c3o3c2b5gt3ox1v4f7d9c8q3nx0rl1c8w6q9t7j0an4tc3j3n9t1n0k1ep0in5m6r3z9m5c2sf5xg5z1x0t1p9f7d show less	Phishing Web Spam
🇫🇷 Nicolmn	2026-05-22 08:28:57 (3 weeks ago)	Web form spam ( id dqt.l )	Web Spam
🇺🇸 nowyouknow	2026-05-21 22:16:40 (3 weeks ago)	(From [email protected]) IMPORTANT! DON'T TARRY WITHDRAW YOUR 1.3426 BTC https://telegra.ph/Y ... show more (From [email protected]) IMPORTANT! DON'T TARRY WITHDRAW YOUR 1.3426 BTC https://telegra.ph/You-Mined-13426-BTC-Message-ID-731256-05-04 Plan ID: v3gj4n9r0p1c2h8dx6tk3z3t6k9d0u0fd9ct8z5b2k7s9t2qk8ai3o9b9x9d9a1cz0wa1y7i3q2f3c3al2zo4q2e1v7t0x0cp2pz6w0i6q7m6i5g show less	Phishing Web Spam
🇫🇷 Nicolmn	2026-05-21 19:43:43 (3 weeks ago)	Web form spam ( id mmltz.l )	Web Spam

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 72.56.86.124

🇺🇸 35.92.80.89

🇮🇳 182.95.12.178

🇩🇪 139.59.208.49

🇨🇳 106.35.131.86

🇯🇵 103.27.133.74

🇿🇦 102.64.32.187

🇵🇱 87.251.64.149

🇧🇷 45.229.91.34

🇧🇷 45.164.31.0

🇬🇧 35.203.211.32

🇮🇳 27.56.147.163

🇻🇳 14.191.134.111

🇷🇺 5.167.64.172

🇺🇸 2620:171:fe:f0::236

🇲🇾 202.165.29.219

🇧🇷 201.17.146.173

🇮🇳 167.71.239.213

🇮🇳 128.185.199.22

🇹🇼 111.70.32.53