JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 178.20.28.84

178.20.28.84 was found in our database!

This IP was reported 16 times. Confidence of Abuse is 34%: ?

34%

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS46475
Domain Name	finegroupservers.com
Country	🇸🇪 Sweden
City	Marsta, Stockholm

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 178.20.28.84

Whois 178.20.28.84

IP Abuse Reports for 178.20.28.84:

This IP address has been reported a total of 16 times from 12 distinct sources. 178.20.28.84 was first reported on January 6th 2022, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 tilellit.pro	2026-06-25 17:29:24 (1 day ago)	Fail2Ban banned 178.20.28.84 for security violations in jail wp-armour. Log: 2026/06/25 17:29:23 [er ... show more Fail2Ban banned 178.20.28.84 for security violations in jail wp-armour. Log: 2026/06/25 17:29:23 [error] FastCGI sent in stderr: "PHP message: [WP_ARMOUR_BAN] IP: 178.20.28.84 \| Target: wplogin" , client: 178.20.28.84, server: [REDACTED], request: "POST /wp-login.php HTTP/1.1", upstream: [REDACTED], host: [REDACTED], referrer: "https://comerciogallego.es/wp-login.php" ... show less	Web Spam
🇨🇿 ptlab	2026-06-25 12:46:21 (1 day ago)	Detected wp_login attack from WP-host.	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-25 02:03:46 (1 day ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.84 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 24 22:03:41.690145 2026] [security2:error] [pid 6203:tid 6203] [client 178.20.28.84:38085] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|i-med.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "i-med.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ajyMfZik-VQg0cAwlNxKLgAAAA0"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 filstal.org	2026-06-19 18:50:09 (1 week ago)	WordPress login brute-force detected.	Brute-Force Web App Attack
🇪🇸 librebit	2026-06-12 00:05:52 (2 weeks ago)	Brute force	Brute-Force
🇺🇸 TPI-Abuse	2026-01-22 22:52:25 (5 months ago)	(mod_security) mod_security (id:225170) triggered by 178.20.28.84 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.28.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 22 17:52:18.111945 2026] [security2:error] [pid 11116:tid 11116] [client 178.20.28.84:17697] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|stationrestaurant.ca\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "stationrestaurant.ca"] [uri "/wp-json/wp/v2/users"] [unique_id "aXKqIsPCWuMqU3TAcS6e-wAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-17 18:08:20 (6 months ago)	(mod_security) mod_security (id:210350) triggered by 178.20.28.84 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 178.20.28.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Dec 17 13:08:13.295483 2025] [security2:error] [pid 9934:tid 9934] [client 178.20.28.84:35687] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|kewlkarz.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "kewlkarz.com"] [uri "/"] [unique_id "aULxjaPzlEsu4KitoZrgjwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-09-29 21:36:40 (8 months ago)	[30/Sep/2025:07:36:40 +1000] "GET //wp-login.php HTTP/1.1" 301 253 "Mozilla/5.0 (Windows; U; Windows ... show more [30/Sep/2025:07:36:40 +1000] "GET //wp-login.php HTTP/1.1" 301 253 "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.10 (KHTML, like Gecko) Chrome/8.0.552.224 Safari/534.10" show less	Hacking Web App Attack
🇨🇿 lp	2025-05-12 19:50:05 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 178.20.28.84 2025-05-12T21:11:22+02:0 ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 178.20.28.84 2025-05-12T21:11:22+02:00 vpn Access-Reject 'prealleging' station: 178.20.28.84 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
Anonymous	2025-03-28 15:35:08 (1 year ago)	This IP was involved in an brute force and password spray attack on 2025/03/28 08:15:05	Port Scan Brute-Force Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2025-03-07 19:35:57 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 178.20.28.84 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 178.20.28.84 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Mar 07 14:35:50.054467 2025] [security2:error] [pid 25877:tid 25877] [client 178.20.28.84:47467] [client 178.20.28.84] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "keithgill.com"] [uri "/.env"] [unique_id "Z8tKlloFXVmR3d8L-E-1oAAAAAE"], referer: https://tasamm.com/about/ggg221.html show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 lp	2025-03-06 14:49:51 (1 year ago)	Unauthorized VPN login attempts: 1 attempts were recorded from 178.20.28.84 2025-03-06T14:54:12+01:0 ... show more Unauthorized VPN login attempts: 1 attempts were recorded from 178.20.28.84 2025-03-06T14:54:12+01:00 vpn Access-Reject 'coldsore' station: 178.20.28.84 auth-type: - realm: vse.cz nas: <redacted> called: <redacted> => address-pool: - msg: '<redacted>' show less	Brute-Force Web App Attack
🇺🇸 MrDD	2024-07-17 21:38:12 (1 year ago)	Brute Force on Cisco Web VPN	Brute-Force
🇯🇵 HeliJP	2022-09-29 11:19:56 (3 years ago)	2022-09-29 11:39:09 - Recognized attacks\bad behavior from IP address 178.20.28.84 on port 443\80 (6 ... show more 2022-09-29 11:39:09 - Recognized attacks\bad behavior from IP address 178.20.28.84 on port 443\80 (62 daily hits): Remote Command Execution: Windows Command Injection, Remote Command Execution: Wildcard bypass technique attempt, RCE Bypass Technique, PHP Injection Attack: High-Risk PHP Function Call Found, PHP Injection Attack: Low-Value PHP Function Call Found, PHP Injection Attack: Variable Function Call Found, IE XSS Filters - Attack Detected, SQL Injection Attack Detected via libinjection, SQL Injection Attack: SQL Operator Detected, SQL Injection Attack: SQL Tautology Detected, SQL Injection Attack, Detects MySQL comments, conditions and ch(a)r injections, Detects chained SQL injection attempts 2/2, Restricted SQL Character Anomaly Detection (args): # of special characters exceeded (12), SQL Comment Sequence Detected, SQL Hex Encoding Identified show less	Hacking SQL Injection Web App Attack
🇺🇸 gu-alvareza	2022-01-10 13:44:01 (4 years ago)	WordPress.xmlrpc.Pingback.DoS	DDoS Attack

Showing 1 to 15 of 16 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇧🇷 205.210.31.253

🇨🇳 120.48.54.170

🇨🇳 116.179.32.214

🇸🇬 2a09:bac5:55fe:25c3::3c3:f

🇸🇬 2a09:bac5:55fd:25c3::3c3:f

🇸🇬 2a09:bac5:55fb:25c3::3c3:f

🇸🇬 2a09:bac5:55fa:25c3::3c3:f

🇸🇬 2a09:bac5:55f9:25c3::3c3:f

🇸🇬 2a09:bac1:6520:8::3c3:f

🇸🇬 2a09:bac1:6500:8::3c3:f

🇬🇧 2400:cb00:989:1000:7209:ad3:1745:229b

🇺🇸 216.24.219.235

🇫🇷 185.177.72.11

🇰🇷 58.229.141.26

🇨🇳 49.89.171.77

🇸🇬 43.173.174.103

🇺🇸 35.188.112.111

🇨🇭 20.203.129.163

🇸🇬 2a09:bac5:55ff:25c3::3c3:f

🇸🇬 2a09:bac5:55f8:25c3::3c3:f