JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 194.5.48.158

194.5.48.158 was found in our database!

This IP was reported 92 times. Confidence of Abuse is 70%: ?

70%

ISP	VPN Consumer Tokyo, Japan
Usage Type	Data Center/Web Hosting/Transit
ASN	AS206092
Domain Name	vpnconsumer.com
Country	🇯🇵 Japan
City	Tokyo, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 194.5.48.158

Whois 194.5.48.158

IP Abuse Reports for 194.5.48.158:

This IP address has been reported a total of 92 times from 54 distinct sources. 194.5.48.158 was first reported on December 4th 2024, and the most recent report was 6 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 neckaralb-admin.de	2026-06-30 12:24:55 (6 hours ago)	(wordpress) Failed login wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 WeekendWeb	2026-06-30 05:33:21 (13 hours ago)	Wordpress Vunerability attack	Web App Attack
Anonymous	2026-06-27 14:04:01 (3 days ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: JP, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: JP, Attack patterns: WordPress scanning, Webshell probing show less	Bad Web Bot Web App Attack
Anonymous	2026-06-26 13:03:54 (4 days ago)	Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: JP, Attack patterns: Word ... show more Blocked by FortiWeb WAF ML threat detection. ML probability: 99%, Country: JP, Attack patterns: WordPress scanning, Webshell probing show less	Bad Web Bot Web App Attack
🇺🇸 ambor	2026-06-26 05:02:39 (4 days ago)	Honeypot triggered on tcpdata.com - Attempted to access /xmlrpc.php (wordpress_xmlrpc). User-Agent: ... show more Honeypot triggered on tcpdata.com - Attempted to access /xmlrpc.php (wordpress_xmlrpc). User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 Chrome/120.0.0.0 Safari/537.36 show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 13:19:45 (5 days ago)	(mod_security) mod_security (id:240335) triggered by 194.5.48.158 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 194.5.48.158 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 25 09:19:40.668963 2026] [security2:error] [pid 16408:tid 16426] [client 194.5.48.158:36455] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 194.5.48.158 (+1 hits since last alert)\|mail.sandiegosamsolo.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mail.sandiegosamsolo.com"] [uri "/xmlrpc.php"] [unique_id "aj0q7FUQ36vVoSwvF9TanAAAAI0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 lostswordfish.com	2026-06-25 07:02:03 (5 days ago)	Wordfence waf block on parsol	Web App Attack
🇦🇺 nzhost.co.nz	2026-06-23 17:20:08 (1 week ago)	$f2bV_matches	Hacking Brute-Force
🇬🇧 consul.to	2026-06-21 12:38:55 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇮🇩 zam	2026-06-20 19:58:11 (1 week ago)	194.5.48.158 - - [20/Jun/2026:19:58:08 +0000] "GET /simple.php HTTP/1.1" 404 236	Web App Attack
🇬🇧 consul.to	2026-06-20 12:28:04 (1 week ago)	Web attack/malicious scanning detected	Web App Attack
🇳🇿 Antinson	2026-06-18 09:05:18 (1 week ago)	Scraping with a high error ratio and request rate	Bad Web Bot
🇸🇮 valryx	2026-06-18 05:00:04 (1 week ago)	🛡️ Cloudflare WAF - 43 malicious requests Actions: link_maze_injected, block Sources: firewallCustom ... show more 🛡️ Cloudflare WAF - 43 malicious requests Actions: link_maze_injected, block Sources: firewallCustom, linkMaze Country: JP Attacked paths: • /wp-admin/maint/ • /wp-content/themes/Avada/shortcodes/ • /wp-includes/blocks/table/int/tmpl/ User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4 show less	Web App Attack
Anonymous	2026-06-01 19:05:15 (4 weeks ago)	Improper access to WordPress XML-RPC	Web App Attack
🇺🇸 nodepile	2026-06-01 17:23:12 (4 weeks ago)	Requests denied due to proxy/VPN risk (tenant=82 method=GET path=/wp-logln.php7 ua='Mozilla/5.0 (Win ... show more Requests denied due to proxy/VPN risk (tenant=82 method=GET path=/wp-logln.php7 ua='Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.102 Safari/537.36') show less	Open Proxy VPN IP

Showing 1 to 15 of 92 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇪 198.235.24.253

🇺🇸 196.51.184.88

🇻🇪 190.97.253.20

🇧🇷 190.89.137.122

🇩🇪 185.242.3.226

🇮🇳 74.125.178.154

🇳🇱 46.235.42.53

🇨🇳 39.105.205.153

🇺🇸 16.58.56.214

🇳🇱 185.28.37.194

🇵🇪 179.6.3.173

🇮🇹 147.45.51.138

🇺🇸 52.167.144.20

🇳🇱 45.156.87.13

🇱🇺 217.70.186.133

🇬🇧 185.247.137.176

🇬🇧 185.247.137.25

🇧🇩 182.48.68.82

🇺🇸 165.227.19.139

🇯🇵 153.156.20.162