JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 178.20.28.189

178.20.28.189 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 0%: ?

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46475
Domain Name	finegroupservers.com
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 178.20.28.189

Whois 178.20.28.189

IP Abuse Reports for 178.20.28.189:

This IP address has been reported a total of 9 times from 7 distinct sources. 178.20.28.189 was first reported on July 21st 2023, and the most recent report was 1 month ago.

Old Reports: The most recent abuse report for this IP address is from 1 month ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-04-12 18:49:32 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 12 14:49:24.294363 2026] [security2:error] [pid 3196071:tid 3196071] [client 178.20.28.189:22845] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|extreme-atv.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "extreme-atv.com"] [uri "/wp-json/wp/v2/users"] [unique_id "advpNI3TctWmtMIx4vMB3AAAABQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-20 19:04:57 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 178.20.28.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 178.20.28.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Feb 20 14:04:49.518357 2025] [security2:error] [pid 21282:tid 21294] [client 178.20.28.189:17793] [client 178.20.28.189] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cosmeticdermatologist.aafm.us"] [uri "/.env"] [unique_id "Z7d80Q4BE8ZWXoTljKXQcgAAAMk"], referer: https://tasamm.com/about/ccc81.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-16 04:46:57 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 178.20.28.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 178.20.28.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 15 23:46:50.522191 2025] [security2:error] [pid 9192:tid 9192] [client 178.20.28.189:46365] [client 178.20.28.189] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "bridgenevercrossed.com"] [uri "/.env"] [unique_id "Z7FtuiIACMqtUjBpGGOFJwAAABA"], referer: https://tasamm.com/about/bbb80.html show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2024-11-14 12:59:02 (1 year ago)	Brute force attempt to access portal using various usernames	Brute-Force
🇺🇸 Bryan Lemas	2024-11-02 03:35:34 (1 year ago)	"Attempts to brute force our VPN"	Brute-Force
🇷🇺 sms.ru	2024-09-27 21:15:04 (1 year ago)	SMS pumping attack from foreign country	DDoS Attack
🇵🇱 rafix	2023-10-28 10:15:07 (2 years ago)	Scrapping website, using diffrent useragents, not wait for response, #botnet20231026	DDoS Attack Bad Web Bot
🇨🇭 backslash	2023-07-21 11:04:12 (2 years ago)		Web App Attack
🇮🇩 hermawan	2023-07-21 06:43:47 (2 years ago)	[Fri Jul 21 13:43:44.907734 2023] [security2:error] [pid 122829:tid 140436689237568] [client 178.20. ... show more [Fri Jul 21 13:43:44.907734 2023] [security2:error] [pid 122829:tid 140436689237568] [client 178.20.28.189:38345] [client 178.20.28.189] ModSecurity: Access denied with code 403 (phase 2). Match of "pm AppleWebKit Android" against "REQUEST_HEADERS:User-Agent" required. [file "/etc/modsecurity/coreruleset-3.3.4/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "1628"] [id "920300"] [msg "Request Missing an Accept Header"] [data "Matched Data: connection found within REQUEST_HEADERS:User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.0.11) Gecko/2009060309 Ubuntu/9.10 (karmic) Firefox/3.0.11 request_line = GET /index.php?option=com_content&view=article&id=83&catid=112&Itemid=575 HTTP/1.1"] [severity "NOTICE"] [ver "OWASP_CRS/3.3.4"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [tag "paranoia-level/2"] [hostname "karangploso.jatim.bmkg.go.id"] [uri "/index.php"] [uni ... show less	Hacking Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 177.72.41.44

🇷🇴 80.94.92.182

🇦🇺 173.244.62.75

🇺🇸 172.253.86.22

🇺🇸 152.32.148.250

🇹🇼 104.199.211.141

🇮🇳 103.174.10.52

🇺🇸 65.49.20.118

🇨🇳 61.179.73.179

🇫🇷 54.37.118.88

🇳🇱 45.148.10.152

🇸🇬 8.222.207.193

🇸🇬 8.219.165.219

🇬🇧 2.96.140.114

🇭🇰 2602:80d:1004::2d

🇷🇼 197.243.14.52

🇺🇸 195.184.76.8

🇸🇪 188.151.176.48

🇺🇸 184.105.247.199

🇨🇳 140.246.201.218