JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.173.241.234

158.173.241.234 was found in our database!

This IP was reported 32 times. Confidence of Abuse is 62%: ?

62%

ISP	VPN Consumer Stockholm, Sweden
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.173.241.234

Whois 158.173.241.234

IP Abuse Reports for 158.173.241.234:

This IP address has been reported a total of 32 times from 11 distinct sources. 158.173.241.234 was first reported on April 22nd 2026, and the most recent report was 11 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-03 17:56:27 (11 hours ago)	(mod_security) mod_security (id:210801) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210801) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 13:56:20.184114 2026] [security2:error] [pid 19390:tid 19390] [client 158.173.241.234:49155] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|thesilverlegion.org\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "thesilverlegion.org"] [uri "/license.txt"] [unique_id "aiBqxAkWdVEiZN5oLfgfQwAAABA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 12:02:35 (16 hours ago)	(mod_security) mod_security (id:210801) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210801) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 08:02:29.320202 2026] [security2:error] [pid 11662:tid 11686] [client 158.173.241.234:53959] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|ahsdistance.org\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "ahsdistance.org"] [uri "/license.txt"] [unique_id "aiAX1ZCG4SOM4sFUAjfeNwAAAVI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 08:38:56 (20 hours ago)	(mod_security) mod_security (id:210801) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210801) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 04:38:52.672306 2026] [security2:error] [pid 32086:tid 32086] [client 158.173.241.234:40121] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|vekk.org\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "vekk.org"] [uri "/license.txt"] [unique_id "ah_oHDbFMVCFxaLBUUPo7QAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 06:26:53 (22 hours ago)	(mod_security) mod_security (id:210801) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210801) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 02:26:46.270983 2026] [security2:error] [pid 7937:tid 7937] [client 158.173.241.234:47143] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|www.bearssd.org\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "www.bearssd.org"] [uri "/license.txt"] [unique_id "ah_JJgId7kzlcOdlz6NsLQAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 05:20:36 (23 hours ago)	(mod_security) mod_security (id:210801) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210801) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 01:20:32.044736 2026] [security2:error] [pid 11422:tid 11422] [client 158.173.241.234:27265] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|rwabutazafoundation.org\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "rwabutazafoundation.org"] [uri "/license.txt"] [unique_id "ah-5oGxMlQW1J_Os3Z1SCAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 23:50:53 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 19:50:48.479701 2026] [security2:error] [pid 28734:tid 28734] [client 158.173.241.234:52979] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bfpsamoa.com"] [uri "/wp-config.php.bak"] [unique_id "ah9sWOWqg9JNib3gpbNsZwAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 00:00:48 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 20:00:41.996235 2026] [security2:error] [pid 12520:tid 12520] [client 158.173.241.234:40831] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "alltecmachinerepair.com"] [uri "/wp-config.php.bak"] [unique_id "ah4dKTbt7wnzF4kO23B5CAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 16:00:31 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 12:00:23.155020 2026] [security2:error] [pid 7973:tid 7995] [client 158.173.241.234:59055] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "abusaimeh.com"] [uri "/wp-config.php.bak"] [unique_id "ah2slxImwxTsNDtToXRlVAAAAVM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 15:38:03 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 11:37:56.448301 2026] [security2:error] [pid 18901:tid 18901] [client 158.173.241.234:36491] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "abilityimprinting.com"] [uri "/wp-config.php.bak"] [unique_id "ah2nVFDN8tmlmZ4Kv3myUgAAACA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-01 13:07:50 (2 days ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 18:25:43 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 14:25:37.731206 2026] [security2:error] [pid 13747:tid 13747] [client 158.173.241.234:30243] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "certifiedfarmersmarkets.org"] [uri "/wp-config.php.bak"] [unique_id "ahSUITerBJVVsh-6yCHmpAAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-25 13:56:24 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 25 09:56:19.021518 2026] [security2:error] [pid 26461:tid 26461] [client 158.173.241.234:61119] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tarekshohaieb.online"] [uri "/wp-config.php.bak"] [unique_id "ahRVAzZ09x3V4BjshEh87gAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 cmbplf	2026-05-24 11:37:43 (1 week ago)	200 requests with url.path *.php.bak	Brute-Force Bad Web Bot
🇩🇪 maxpower	2026-05-23 18:27:02 (1 week ago)	(exploit_critical) REGOLA 2 - Critical File Exploit Attempt 158.173.241.234 (SE/Sweden/-): 1 in the ... show more (exploit_critical) REGOLA 2 - Critical File Exploit Attempt 158.173.241.234 (SE/Sweden/-): 1 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: 158.173.241.234 - - [23/May/2026:20:26:57 +0200] "GET /wp-config.php.bak HTTP/1.1" 403 146 "-" "Fuzz Faster U Fool v2.1.0-dev" "-" host=frleone.ovh show less	Port Scan
🇺🇸 TPI-Abuse	2026-05-22 17:06:15 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Po ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.234 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 13:06:08.625349 2026] [security2:error] [pid 27831:tid 27831] [client 158.173.241.234:42661] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "creationorevolution.net"] [uri "/wp-config.php.bak"] [unique_id "ahCNAMjZsoaqx89hmkT7AgAAABU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 32 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇪 200.8.158.135

🇹🇼 198.235.24.118

🇻🇳 160.30.113.59

🇺🇸 156.229.163.164

🇹🇭 147.50.227.79

🇺🇸 91.230.168.103

🇫🇷 91.196.152.183

🇰🇪 197.248.207.139

🇨🇳 183.132.88.178

🇮🇳 168.144.16.23

🇫🇮 147.185.133.34

🇫🇷 144.24.207.211

🇮🇳 139.59.83.32

🇦🇺 123.209.123.56

🇮🇩 118.99.102.207

🇸🇬 114.119.181.180

🇧🇩 103.158.206.141

🇺🇸 88.216.68.15

🇩🇪 88.214.25.125

🇸🇬 47.245.121.94