JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 178.20.28.67

178.20.28.67 was found in our database!

This IP was reported 14 times. Confidence of Abuse is 4%: ?

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46475
Domain Name	finegroupservers.com
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 178.20.28.67

Whois 178.20.28.67

IP Abuse Reports for 178.20.28.67:

This IP address has been reported a total of 14 times from 9 distinct sources. 178.20.28.67 was first reported on September 29th 2022, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-24 15:34:42 (2 days ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 11:34:36.181330 2026] [security2:error] [pid 27059:tid 27116] [client 178.20.28.67:40917] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|peimbert.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "peimbert.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajv5DDkr_EsMLEwQtElolQAAAVc"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-19 16:35:29 (1 week ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jun 19 12:35:25.395389 2026] [security2:error] [pid 6261:tid 6261] [client 178.20.28.67:58133] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|utd.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "utd.net"] [uri "/wp-json/wp/v2/users"] [unique_id "ajVvzaZEvQKTgaeV_JzKuAAAAAA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-12 13:55:55 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 12 09:55:49.760674 2026] [security2:error] [pid 20915:tid 20915] [client 178.20.28.67:41601] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|alan-ip.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "alan-ip.com"] [uri "/wp-json/wp/v2/users"] [unique_id "agMxZQym19WGTt3EHcVegQAAABU"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-23 03:14:59 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 22 22:14:55.159302 2026] [security2:error] [pid 1501:tid 1501] [client 178.20.28.67:35211] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|greensandbeans.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "greensandbeans.us"] [uri "/wp-json/wp/v2/users"] [unique_id "aXLnrwuU6hdOHwnCcCdASwAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-22 18:08:55 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 22 13:08:48.577470 2026] [security2:error] [pid 20844:tid 20844] [client 178.20.28.67:48263] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|phalanxemail.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "phalanxemail.net"] [uri "/wp-json/wp/v2/users"] [unique_id "aXJnsIld6cZeAxT_oXFn4QAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-22 10:12:07 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.67 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 22 05:11:56.342957 2026] [security2:error] [pid 2914943:tid 2914989] [client 178.20.28.67:60963] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|alancphotography.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "alancphotography.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aXH37E48Su2xxQ5a_8k6TwAAAMM"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 masterguru	2025-11-28 02:59:43 (6 months ago)	(FolderList) Hacking file access attemp in wordpress site from 178.20.28.67 (NL/The Netherlands/-): ... show more (FolderList) Hacking file access attemp in wordpress site from 178.20.28.67 (NL/The Netherlands/-): 1 in the last 3600 secs (0-195) show less	Hacking
Anonymous	2025-11-21 05:45:39 (7 months ago)	2025-11-21T07:45:39.056911+02:00 zanati wp(www.sahpa.co.za)[1154686]: Blocked authentication attempt ... show more 2025-11-21T07:45:39.056911+02:00 zanati wp(www.sahpa.co.za)[1154686]: Blocked authentication attempt for [email protected] from 178.20.28.67 ... show less	Web App Attack
Anonymous	2025-11-19 06:53:50 (7 months ago)	wordpress-trap	Web App Attack
🇨🇿 lp	2025-03-15 01:22:20 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 178.20.28.67 2025-03-15T01:48:32+01:0 ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 178.20.28.67 2025-03-15T01:48:32+01:00 vpn Access-Reject 'matthias' station: 178.20.28.67 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
Anonymous	2024-05-07 13:00:00 (2 years ago)	Attempted PaloAlto GlobalProtect Credential Stuffing	Brute-Force
Anonymous	2023-11-19 17:36:32 (2 years ago)	opencart admin attack from fail2ban ...	DDoS Attack Brute-Force SSH
🇩🇪 SCHAPPY	2023-07-26 19:09:22 (2 years ago)	IP was involved in L7 DDoS attack.	DDoS Attack
🇳🇱 Voltic	2022-09-29 11:28:04 (3 years ago)	L7 Flood (17362 RP5M)	DDoS Attack

Showing 1 to 14 of 14 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇬 193.24.211.107

🇺🇸 162.216.150.44

🇺🇸 104.174.61.109

🇵🇱 83.168.69.141

🇨🇳 58.37.93.230

🇺🇸 20.171.8.87

🇨🇳 14.103.123.67

🇺🇦 185.104.44.158

🇷🇴 141.98.83.48

🇨🇳 117.81.212.152

🇨🇳 116.179.33.212

🇵🇱 95.214.53.157

🇫🇷 85.217.140.49

🇺🇸 76.79.213.69

🇺🇸 64.62.156.198

🇺🇸 44.220.185.11

🇭🇰 43.128.61.114

🇸🇪 31.208.220.217

🇨🇳 1.85.217.49

🇺🇸 173.19.19.38