JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 178.20.28.66

178.20.28.66 was found in our database!

This IP was reported 26 times. Confidence of Abuse is 26%: ?

26%

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46475
Domain Name	finegroupservers.com
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 178.20.28.66

Whois 178.20.28.66

IP Abuse Reports for 178.20.28.66:

This IP address has been reported a total of 26 times from 15 distinct sources. 178.20.28.66 was first reported on October 28th 2023, and the most recent report was 5 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇬🇧 adnscom.net	2026-06-17 14:38:31 (5 days ago)	IPS trigger: Brute force WebApp/CMS scanning/attack	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-12 00:29:22 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.66 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 20:29:15.728106 2026] [security2:error] [pid 24193:tid 24193] [client 178.20.28.66:61789] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|ibcnu.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "ibcnu.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aitS2wgIl1mGAMtuho4wrAAAAAA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 15:41:11 (3 weeks ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.66 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 11:41:05.787870 2026] [security2:error] [pid 12476:tid 12476] [client 178.20.28.66:23907] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|minetterisquez.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "minetterisquez.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ahxWkYlcMg3I3Jeyn_OS-QAAAAw"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-24 14:45:36 (4 weeks ago)	[redacted] 178.20.28.66 - - [24/May/2026:16:45:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 132 "-" "Ap ... show more [redacted] 178.20.28.66 - - [24/May/2026:16:45:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 132 "-" "Apache-HttpClient/4.5.13 (Java/17.0.18)" [redacted] 178.20.28.66 - - [24/May/2026:16:45:08 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Apache-HttpClient/4.5.13 (Java/17.0.18)" [redacted] 178.20.28.66 - - [24/May/2026:16:45:23 +0200] "POST /xmlrpc.php HTTP/1.1" 200 132 "-" "Apache-HttpClient/4.5.13 (Java/17.0.18)" [redacted] 178.20.28.66 - - [24/May/2026:16:45:25 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Apache-HttpClient/4.5.13 (Java/17.0.18)" [redacted] 178.20.28.66 - - [24/May/2026:16:45:26 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Apache-HttpClient/4.5.13 (Java/17.0.18)" [redacted] 178.20.28.66 - - [24/May/2026:16:45:28 +0200] "POST /xmlrpc.php HTTP/1.1" 200 216 "-" "Apache-HttpClient/4.5.13 (Java/17.0.18)" [redacted] 178.20.28.66 - - [24/May/2026:16:45:29 +0200] "POST /xmlrpc.php HTTP/1.1" 200 251 "-" "Apache-HttpClient/4.5.13 (Java/17.0.18)" ... show less	Hacking Web App Attack
Anonymous	2026-05-22 16:24:49 (1 month ago)	(caddyscan) Scanner path probe from 178.20.28.66 (NL/The Netherlands/-): 5 in the last 3600 secs; Po ... show more (caddyscan) Scanner path probe from 178.20.28.66 (NL/The Netherlands/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_CUSTOMTRIGGER; Logs: [REDACTED] 200 2627 178.20.28.66 - - [22/May/2026:16:24:41 +0000] "POST /xmlrpc.php HTTP/1.1" [REDACTED] 200 2627 178.20.28.66 - - [22/May/2026:16:24:42 +0000] "GET /wp-login.php HTTP/1.1" [REDACTED] 200 2627 178.20.28.66 - - [22/May/2026:16:24:43 +0000] "GET /wp-login.php HTTP/1.1" [REDACTED] 200 2627 178.20.28.66 - - [22/May/2026:16:24:46 +0000] "POST /xmlrpc.php HTTP/1.1" [REDACTED] 200 2627 178.20.28.66 - - [22/May/2026:16:24:47 +0000] "GET /wp-login.php HTTP/1.1" show less	Port Scan
Anonymous	2026-05-19 06:29:00 (1 month ago)	Banned by Fail2Ban on server	Web App Attack
🇺🇸 TPI-Abuse	2026-01-23 05:02:15 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.66 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 23 00:02:09.257572 2026] [security2:error] [pid 24026:tid 24026] [client 178.20.28.66:50247] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|forefrontmusic.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "forefrontmusic.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "aXMA0Zw7OC2YyW7wrt0bywAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇸🇪 OnTheEdge	2025-03-16 06:41:08 (1 year ago)	Password spraying. Multiple unauthorized login attempts	Hacking Web App Attack
🇸🇪 OnTheEdge	2025-03-16 06:41:08 (1 year ago)	Password spraying. Multiple unauthorized login attempts	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-03-11 04:24:00 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 178.20.28.66 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 178.20.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Mar 11 00:23:54.023860 2025] [security2:error] [pid 13531:tid 13613] [client 178.20.28.66:51423] [client 178.20.28.66] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ouye.net"] [uri "/.env"] [unique_id "Z8-62spE3OT3Gn1P8bVNoQAAAU4"], referer: https://tasamm.com/about/mmm301.html show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2025-02-09 06:25:57 (1 year ago)	WP Login Scan Activities	Web App Attack
🇺🇸 TPI-Abuse	2025-02-08 16:48:36 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 178.20.28.66 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 178.20.28.66 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Feb 08 11:48:29.558853 2025] [security2:error] [pid 13714:tid 13714] [client 178.20.28.66:35459] [client 178.20.28.66] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "activethinkers.net"] [uri "/.env"] [unique_id "Z6eK3TLE51jwxszaQA5BCQAAAAI"], referer: https://a00016.tiiny.site/ show less	Brute-Force Bad Web Bot Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2025-01-31 11:31:36 (1 year ago)	WP Login Scan Activities	Web App Attack
🇮🇩 BPS-StatisticsIndonesia	2025-01-29 17:44:45 (1 year ago)	WP Login Scan Activities	Web App Attack
🇩🇪 Bedios GmbH	2025-01-29 11:59:39 (1 year ago)	Wordpress hacking attempt	Web App Attack

Showing 1 to 15 of 26 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.227

🇺🇸 172.98.33.161

🇺🇸 44.220.185.37

🇬🇭 41.242.115.84

🇧🇪 198.235.24.165

🇨🇭 179.43.163.26

🇨🇳 110.166.87.119

🇵🇰 101.50.98.142

🇱🇻 81.30.98.49

🇨🇳 60.188.112.159

🇳🇱 45.148.10.152

🇺🇸 23.239.96.154

🇫🇷 13.140.180.48

🇨🇳 220.154.143.136

🇰🇷 218.149.228.151

🇫🇮 147.185.133.32

🇯🇵 103.163.220.193

🇫🇮 77.105.161.120

🇺🇸 76.79.213.70

🇱🇹 45.227.254.170