JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 201.78.128.63

201.78.128.63 was found in our database!

This IP was reported 41 times. Confidence of Abuse is 100%: ?

100%

ISP	Cheuk Wang Wu trading as Zesty Technologies
Usage Type	Data Center/Web Hosting/Transit
ASN	AS152586
Domain Name	zesty.group
Country	🇬🇧 United Kingdom of Great Britain and Northern Ireland
City	Birmingham, England

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 201.78.128.63

Whois 201.78.128.63

IP Abuse Reports for 201.78.128.63:

This IP address has been reported a total of 41 times from 24 distinct sources. 201.78.128.63 was first reported on June 27th 2026, and the most recent report was 22 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 e.fierstra	2026-06-28 16:54:13 (22 minutes ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇫🇮 oh.mg	2026-06-28 16:45:54 (30 minutes ago)	[Sun Jun 28 18:45:51.139181 2026] [security2:error] [pid 1466460:tid 1466469] [client 201.78.128.63: ... show more [Sun Jun 28 18:45:51.139181 2026] [security2:error] [pid 1466460:tid 1466469] [client 201.78.128.63:33108] [client 201.78.128.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.10.0-dev"] [tag "anomaly-evaluation"] [tag "OWASP_CRS"] [hostname "mail10.mrman.net"] [uri "/.git/HEAD"] [unique_id "akFPv3Yv8xDsxJs7CBg1kQAAAEc"] [Sun Jun 28 18:45:53.616340 2026] [security2:error] [pid 1466460:tid 1466464] [client 201.78.128.63:33108] [client 201.78.128.63] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:blocking_inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "233"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 5)"] [ver "OWASP_CRS/4.10.0-dev" ... show less	Web App Attack Bad Web Bot
🇨🇭 4server	2026-06-28 11:46:15 (5 hours ago)	[SunJun2813:46:08.3493332026][security2:error][pid1592075:tid1592095][client201.78.128.63:0]ModSecur ... show more [SunJun2813:46:08.3493332026][security2:error][pid1592075:tid1592095][client201.78.128.63:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Matchedphrase\".env\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"365\"][id\"960720\"][msg\"Forbiddenfileaccess\"][hostname\"staging.swiss-sailing-system.ch\"][uri\"/.env\"][unique_id\"akEJgC1ejsWKNwfwEbFBiAAAANI\"] show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 11:35:26 (5 hours ago)	(mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 07:35:22.582075 2026] [security2:error] [pid 18878:tid 18878] [client 201.78.128.63:51176] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stansco.com"] [uri "/.git/HEAD"] [unique_id "akEG-lrsEYhtOesGVFaOlAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 10:14:10 (7 hours ago)	(mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 06:14:05.802934 2026] [security2:error] [pid 18168:tid 18168] [client 201.78.128.63:34782] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stablechase.com"] [uri "/.git/HEAD"] [unique_id "akDz7SnX0A2c5VArdvMcJwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 CounterScrape	2026-06-28 08:21:39 (8 hours ago)	CounterScrape Deception: Bot identified as HONEYTOKEN_HIT (Unauthorized access attempt to leaked hon ... show more CounterScrape Deception: Bot identified as HONEYTOKEN_HIT (Unauthorized access attempt to leaked honeytoken infrastructure subdomain). Trapped in honeypot. Concurrency hits: 8. Bandwidth drained: 0.0 MB. show less	Bad Web Bot Port Scan
Anonymous	2026-06-28 08:15:06 (9 hours ago)	IP banned by Fail2Ban in jail nginx-abusive-ips	Web App Attack Brute-Force Bad Web Bot
🇺🇸 Starburst SysOp Team	2026-06-28 07:57:55 (9 hours ago)	Restricted File Access Attempt. Matched phrase ".git/" at REQUEST_FILENAME. (930130-mnz6-1)	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 06:50:06 (10 hours ago)	(mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 02:49:54.884184 2026] [security2:error] [pid 25041:tid 25041] [client 201.78.128.63:47088] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "stat-alliance.com"] [uri "/.git/HEAD"] [unique_id "akDEElaD__qUEG2ynqGMlwAAADA"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 05:34:46 (11 hours ago)	(mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 28 01:34:41.382252 2026] [security2:error] [pid 17283:tid 17283] [client 201.78.128.63:38648] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "srsrestoration.net"] [uri "/.git/config"] [unique_id "akCyccpf5sp_zrcgoWmYzAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 keep_out	2026-06-28 05:15:19 (12 hours ago)	Probing\(5\) HTTP Ports ...	Bad Web Bot Web App Attack
🇺🇸 gamabe	2026-06-28 04:37:56 (12 hours ago)	Detected crowdsecurity/http-sensitive-files attack pattern. Reported by CrowdSec IDS.	Hacking
Anonymous	2026-06-28 04:30:51 (12 hours ago)	201.78.128.63 - - [28/Jun/2026:06:30:45 +0200] "GET /.git/config HTTP/1.1" 403 177 "-" "Mozilla/5.0 ... show more 201.78.128.63 - - [28/Jun/2026:06:30:45 +0200] "GET /.git/config HTTP/1.1" 403 177 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/147.0.0.0 Safari/537.36 Edg/146.0.3856.109" ... show less	Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 03:58:59 (13 hours ago)	(mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 23:58:51.891721 2026] [security2:error] [pid 13199:tid 13199] [client 201.78.128.63:55864] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "srosa.com"] [uri "/.git/HEAD"] [unique_id "akCb-xxSufkHcD1OCPvgHgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-28 02:08:21 (15 hours ago)	(mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 201.78.128.63 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 27 22:08:17.311810 2026] [security2:error] [pid 17749:tid 17749] [client 201.78.128.63:56928] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rendermatrix.com"] [uri "/.git/HEAD"] [unique_id "akCCERu7jRfLs_oVaNm-9AAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 41 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 185.226.197.58

🇧🇷 177.152.82.137

🇩🇪 165.22.82.165

🇭🇰 156.225.28.14

🇺🇸 108.54.253.60

🇸🇬 43.133.61.11

🇩🇪 2a01:239:3c6:2a00::1

🇵🇰 223.123.72.96

🇵🇱 178.219.101.142

🇩🇪 135.125.202.215

🇦🇹 77.119.24.163

🇱🇹 45.227.254.170

🇬🇧 45.82.76.128

🇨🇳 222.86.168.224

🇧🇷 186.194.253.185

🇸🇬 174.138.19.173

🇺🇸 172.237.150.22

🇸🇪 155.4.244.179

🇯🇵 139.162.66.65

🇫🇷 51.159.110.167