JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 178.20.29.25

178.20.29.25 was found in our database!

This IP was reported 28 times. Confidence of Abuse is 21%: ?

21%

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59651
Domain Name	finegroupservers.com
Country	🇫🇮 Finland
City	Helsinki, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 178.20.29.25

Whois 178.20.29.25

IP Abuse Reports for 178.20.29.25:

This IP address has been reported a total of 28 times from 18 distinct sources. 178.20.29.25 was first reported on January 4th 2022, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 london2038.com	2026-06-12 11:07:50 (1 day ago)	Detected by WP fail2ban 2026-06-12T13:07:49.391335+02:00 wordpress: Authentication attempt from 178. ... show more Detected by WP fail2ban 2026-06-12T13:07:49.391335+02:00 wordpress: Authentication attempt from 178.20.29.25 show less	Brute-Force Web App Attack
🇫🇮 tjs	2026-05-12 12:55:00 (1 month ago)	web attack	Hacking Web App Attack
Anonymous	2026-05-02 21:07:27 (1 month ago)	PARMACOM WEBEXPLOIT 178.20.29.25 (178.20.29.25)	Web App Attack
🇬🇧 hugolovepole	2026-04-24 14:53:24 (1 month ago)	Fail2Ban (nginx-badbots-444) on bethselamin	Port Scan Brute-Force SSH
🇺🇸 TPI-Abuse	2026-04-23 19:03:20 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 23 15:03:12.912192 2026] [security2:error] [pid 3580671:tid 3580671] [client 178.20.29.25:61039] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|bicaco.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "bicaco.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aeps8GpQkGqY0UPN5-_1EgAAABg"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-04-13 09:32:05 (2 months ago)	(mod_security) mod_security (id:225170) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Apr 13 05:31:56.945282 2026] [security2:error] [pid 887375:tid 887375] [client 178.20.29.25:46821] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|scothart.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "scothart.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ady4DJzlqfJR3wWoeWTcKgAAACE"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 kjaerulff	2026-03-31 05:37:05 (2 months ago)	Failed Wordpress login using wp-login.php	Web App Attack
🇺🇸 bazter.pro	2026-03-20 23:01:38 (2 months ago)	Auto-Ban [2026-03-21 01:01:34]: CRITICAL: Sensitive files (231) [Paths: 5] \| Details: Sensitive file ... show more Auto-Ban [2026-03-21 01:01:34]: CRITICAL: Sensitive files (231) [Paths: 5] \| Details: Sensitive files/paths: /xmlrpc.php, /xmlrpc.php, /admin/, /xmlrpc.php, /xmlrpc.php \| 403 errors (2): /admin/ \| Other paths: /?author=1, /wp-json/wp/v2/users, /wp-login.php, /xmlrpc.php show less	Web App Attack Hacking
🇺🇸 TPI-Abuse	2026-01-23 02:51:57 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jan 22 21:51:49.771111 2026] [security2:error] [pid 1003:tid 1040] [client 178.20.29.25:19769] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|travelusa.us\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "travelusa.us"] [uri "/wp-json/wp/v2/users"] [unique_id "aXLiRYXChqbyJdnndVGcngAAAU4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-21 16:06:14 (6 months ago)	(mod_security) mod_security (id:210350) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 21 11:06:07.580714 2025] [security2:error] [pid 29684:tid 29684] [client 178.20.29.25:64975] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|peaksalesnw.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "peaksalesnw.com"] [uri "/"] [unique_id "aSCN76xEtZzM4g4eKfbgAQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-21 15:21:11 (6 months ago)	(mod_security) mod_security (id:210350) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Nov 21 10:21:07.047662 2025] [security2:error] [pid 15488:tid 15488] [client 178.20.29.25:29111] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|wizind.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "wizind.com"] [uri "/"] [unique_id "aSCDYwcrpgLPvzVdvUUqKgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-15 16:36:09 (6 months ago)	(mod_security) mod_security (id:210350) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 15 11:36:01.761891 2025] [security2:error] [pid 1162:tid 1162] [client 178.20.29.25:52439] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|jcbergapparel.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "jcbergapparel.com"] [uri "/"] [unique_id "aRir8aOYl3i1WslwCFMLngAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-12 06:05:40 (7 months ago)	(mod_security) mod_security (id:210350) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210350) triggered by 178.20.29.25 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 01:05:37.067806 2025] [security2:error] [pid 22411:tid 22529] [client 178.20.29.25:53009] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|gryphix.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "gryphix.com"] [uri "/"] [unique_id "aRQjsTEhK0jMI0MWK9ag5AAAAc0"] show less	Brute-Force Bad Web Bot Web App Attack
🇧🇪 voormedia	2025-10-06 17:04:18 (8 months ago)	Accessed trap at '/wp-login.php'	Web App Attack
Anonymous	2025-10-04 11:39:23 (8 months ago)	wordpress-trap	Web App Attack

Showing 1 to 15 of 28 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.180.246.225

🇺🇸 216.73.216.253

🇩🇪 213.209.159.56

🇬🇧 35.203.210.52

🇳🇱 213.152.161.54

🇪🇸 185.9.193.111

🇺🇸 157.245.1.7

🇨🇳 112.27.178.171

🇺🇸 104.129.17.147

🇮🇳 103.21.79.242

🇳🇱 45.148.10.152

🇺🇸 34.174.219.211

🇸🇬 34.143.140.85

🇯🇵 212.32.76.18

🇹🇼 114.34.106.146

🇮🇩 103.191.92.247

🇳🇱 91.92.40.11

🇺🇸 74.195.53.129

🇹🇼 35.185.175.87

🇨🇦 4.206.92.183