JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 158.173.241.72

158.173.241.72 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 42%: ?

42%

ISP	VPN Consumer Stockholm, Sweden
Usage Type	Data Center/Web Hosting/Transit
ASN	AS212238
Domain Name	vpnconsumer.com
Country	🇸🇪 Sweden
City	Stockholm, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 158.173.241.72

Whois 158.173.241.72

IP Abuse Reports for 158.173.241.72:

This IP address has been reported a total of 19 times from 9 distinct sources. 158.173.241.72 was first reported on April 22nd 2026, and the most recent report was 13 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-18 20:39:36 (13 hours ago)	(mod_security) mod_security (id:210730) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 16:39:30.979024 2026] [security2:error] [pid 24042:tid 24042] [client 158.173.241.72:43895] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|bitcoincasting.com\|F\|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "bitcoincasting.com"] [uri "/wp-config.php.bak"] [unique_id "ajRXgnuCeGQEdzEFofNTZwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇷 chronos	2026-06-04 03:08:59 (2 weeks ago)	Generic malicious activity: Tentativa de varredura de porta TCP... \| Port: 59601 \| Proto: TCP \| Loca ... show more Generic malicious activity: Tentativa de varredura de porta TCP... \| Port: 59601 \| Proto: TCP \| Location: The Netherlands, N/A show less	Port Scan Hacking
🇺🇸 TPI-Abuse	2026-06-03 11:51:49 (2 weeks ago)	(mod_security) mod_security (id:210801) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 07:51:45.980753 2026] [security2:error] [pid 13843:tid 13843] [client 158.173.241.72:24981] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|helpkccare.org\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "helpkccare.org"] [uri "/license.txt"] [unique_id "aiAVUahNaYbpz336_uwL0gAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-03 08:33:14 (2 weeks ago)	(mod_security) mod_security (id:210801) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210801) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 03 04:33:06.471048 2026] [security2:error] [pid 27008:tid 27008] [client 158.173.241.72:28139] ModSecurity: Access denied with code 403 (phase 2). Matched phrase "paros" at REQUEST_HEADERS:User-Agent. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/03_Global_Agents.conf"] [line "17"] [id "210801"] [rev "2"] [msg "COMODO WAF: Request Indicates a Security Scanner Scanned the Site\|\|3905ccn.org\|F\|2"] [data "mozilla/5.0 (windows nt 5.1; rv:22.0) gecko/20100101 firefox/22.0 paros/3.2.13"] [severity "CRITICAL"] [tag "CWAF"] [tag "Agents"] [hostname "3905ccn.org"] [uri "/license.txt"] [unique_id "ah_mwmx7JlNkQzbZ7XRf4wAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 22:21:09 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 18:21:04.288017 2026] [security2:error] [pid 15355:tid 15355] [client 158.173.241.72:24281] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bennoyes.com"] [uri "/wp-config.php.bak"] [unique_id "ah9XUKT-t0myUf__Hl_3ygAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-02 11:58:57 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 07:58:50.880102 2026] [security2:error] [pid 32713:tid 32752] [client 158.173.241.72:46537] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "artmarialeon.com"] [uri "/wp-config.php.bak"] [unique_id "ah7FenDO3o4vbYWAa5GzagAAAUM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 xmission.com	2026-06-02 06:40:57 (2 weeks ago)	Blocked by UFW (TCP on 51593) Source port: 43970 TTL: 43 Packet length: 60 TOS: 0x08 This report (f ... show more Blocked by UFW (TCP on 51593) Source port: 43970 TTL: 43 Packet length: 60 TOS: 0x08 This report (for 158.173.241.72) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
🇺🇸 TPI-Abuse	2026-06-01 16:49:47 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 12:49:38.506650 2026] [security2:error] [pid 29147:tid 29159] [client 158.173.241.72:53441] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "aclarityforensics.com"] [uri "/wp-config.php.bak"] [unique_id "ah24IqngR4uOMHsaOTvo2QAAAQg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-01 14:06:08 (2 weeks ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇬🇧 consul.to	2026-06-01 00:55:46 (2 weeks ago)	Web attack/malicious scanning detected	Web App Attack
🇿🇦 Tokolosh Hunters	2026-05-30 15:28:20 (2 weeks ago)	AutoBlockWindow-Known bad useragent query-2026-05-30 15:28:19	Bad Web Bot
🇧🇪 cmbplf	2026-05-24 12:45:22 (3 weeks ago)	272 requests with url.path *.php.bak	Brute-Force Bad Web Bot
🇺🇸 TPI-Abuse	2026-05-23 00:53:00 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 158.173.241.72 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 22 20:52:52.256231 2026] [security2:error] [pid 14441:tid 14441] [client 158.173.241.72:56299] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "math1on1.net"] [uri "/wp-config.php.bak"] [unique_id "ahD6ZFHwITJ_0zL0BfpQMgAAABQ"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-22 04:45:01 (4 weeks ago)	Spam in form	Email Spam
🇬🇧 oncord	2026-05-21 15:13:02 (4 weeks ago)	Form spam	Web Spam

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇮 178.20.210.208

🇸🇬 145.223.130.138

🇮🇳 136.232.11.10

🇳🇱 91.92.40.7

🇨🇳 49.93.83.8

🇭🇰 45.249.244.136

🇬🇧 35.203.211.53

🇺🇸 17.22.237.8

🇩🇪 2400:cb00:929:1000:914b:25ca:c851:ad4

🇺🇸 216.180.246.98

🇺🇸 216.73.217.19

🇸🇬 188.166.248.216

🇻🇳 113.23.115.203

🇮🇳 103.89.136.111

🇮🇷 89.44.180.115

🇨🇳 42.233.102.138

🇺🇸 3.144.71.123

🇺🇿 213.230.65.53

🇰🇷 211.105.44.231

🇳🇱 195.178.110.30