JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 178.20.30.189

178.20.30.189 was found in our database!

This IP was reported 10 times. Confidence of Abuse is 12%: ?

12%

ISP	FINE GROUP SERVERS SOLUTIONS LLC
Usage Type	Data Center/Web Hosting/Transit
ASN	AS59651
Domain Name	finegroupservers.com
Country	🇫🇮 Finland
City	Vantaa, Uusimaa

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 178.20.30.189

Whois 178.20.30.189

IP Abuse Reports for 178.20.30.189:

This IP address has been reported a total of 10 times from 7 distinct sources. 178.20.30.189 was first reported on August 9th 2024, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-12 03:43:21 (22 hours ago)	(mod_security) mod_security (id:210492) triggered by 178.20.30.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 178.20.30.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 11 23:43:04.937921 2026] [security2:error] [pid 29581:tid 29581] [client 178.20.30.189:58591] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.tmp" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.rdhtrucking.com"] [uri "/wp-config.tmp"] [unique_id "aiuASFD4AB0_k_PFw-dQgwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 NicoID	2026-05-02 00:13:12 (1 month ago)	178.20.30.189 - - [01/May/2026:12:05:59 -0600] "GET /wp-login.php HTTP/1.1" 200 4883 "https://www.go ... show more 178.20.30.189 - - [01/May/2026:12:05:59 -0600] "GET /wp-login.php HTTP/1.1" 200 4883 "https://www.google.com" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36" ... show less	Brute-Force
🇺🇸 TPI-Abuse	2026-04-26 17:45:16 (1 month ago)	(mod_security) mod_security (id:225170) triggered by 178.20.30.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 178.20.30.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Apr 26 13:45:10.789165 2026] [security2:error] [pid 2208:tid 2208] [client 178.20.30.189:12357] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|pinman.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "pinman.com"] [uri "/wp-json/wp/v2/users"] [unique_id "ae5PJtzhrRxXRkZp0s5IsgAAAAA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Packets-Decreaser.NET	2025-09-23 06:05:03 (8 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇬🇧 thetomtaylor.co.uk	2025-03-28 02:10:43 (1 year ago)	Fail2Ban - [NGINX]WordPress Logins Sniffings on nginx-wordpress-sniffer ... [wa01]	Bad Web Bot Web App Attack
🇻🇳 Xuan Can	2025-03-19 04:35:46 (1 year ago)	(mod_security) mod_security (id:6) triggered by 178.20.30.189 (US/United States/-): 1 in the last 36 ... show more (mod_security) mod_security (id:6) triggered by 178.20.30.189 (US/United States/-): 1 in the last 3600 secs; Ports: 80,443; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Mar 19 11:35:39.969095 2025] [security2:error] [pid 37436:tid 37466] [client 178.20.30.189:0] [client 178.20.30.189] ModSecurity: Access denied with connection close (phase 2). Pattern match "wp-login.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec/modsec2.user.conf"] [line "62"] [id "6"] [severity "CRITICAL"] [hostname "kb.sieuthimaychu.vn"] [uri "/wp-login.php"] [unique_id "Z9pJmwLF4yhI-CFe6gE8WgAAAAM"] show less	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-02-25 13:15:13 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 178.20.30.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 178.20.30.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Feb 25 08:15:07.267288 2025] [security2:error] [pid 2096752:tid 2096752] [client 178.20.30.189:54887] [client 178.20.30.189] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "dpcfab.com"] [uri "/.env"] [unique_id "Z73CW52B6Fba4b42IRhZjwAAAAo"], referer: https://tasamm.com/about/ddd75.html show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-02-10 14:47:08 (1 year ago)	(mod_security) mod_security (id:210492) triggered by 178.20.30.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 178.20.30.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Feb 10 09:47:02.745017 2025] [security2:error] [pid 6283:tid 6283] [client 178.20.30.189:47223] [client 178.20.30.189] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "anythingsoldworldwide.com"] [uri "/.env"] [unique_id "Z6oRZh-xvllze9rZTD1obgAAAAE"], referer: https://a00057.tiiny.site/ show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Swiptly	2024-08-28 13:06:20 (1 year ago)	Multiple critical ModSecurity events ...	Web Spam Bad Web Bot
🇹🇼 nansen su	2024-08-09 08:59:52 (1 year ago)	Firewall Web Interface Login fail: remip="178.20.30.189" user=admin	Brute-Force Exploited Host

Showing 1 to 10 of 10 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 207.241.173.205

🇯🇵 203.25.124.96

🇩🇪 167.94.145.24

🇺🇸 207.241.173.124

🇮🇩 110.137.154.97

🇿🇦 102.129.53.232

🇨🇳 61.182.2.26

🇺🇸 45.33.14.5

🇯🇵 43.167.168.2

🇭🇰 8.210.253.107

🇺🇸 3.141.153.201

🇰🇿 217.11.66.75

🇩🇪 213.209.159.56

🇩🇪 207.241.172.57

🇧🇷 191.5.31.61

🇸🇦 154.205.134.214

🇨🇦 85.217.149.39

🇱🇹 81.30.98.158

🇺🇸 65.49.1.58

🇺🇸 34.11.232.207