JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 138.252.74.73

138.252.74.73 was found in our database!

This IP was reported 13 times. Confidence of Abuse is 47%: ?

47%

ISP	SAFE TRACK (PRIVATE) LIMITED
Usage Type	Fixed Line ISP
ASN	AS151330
Domain Name	safetracktelecom.net
Country	🇵🇰 Pakistan
City	Lahore, Punjab

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 138.252.74.73

Whois 138.252.74.73

IP Abuse Reports for 138.252.74.73:

This IP address has been reported a total of 13 times from 8 distinct sources. 138.252.74.73 was first reported on January 16th 2026, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-18 15:31:19 (1 day ago)	(mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 18 11:31:16.548180 2026] [security2:error] [pid 29421:tid 29421] [client 138.252.74.73:65253] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 138.252.74.73 (+1 hits since last alert)\|theamarals.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "theamarals.com"] [uri "/xmlrpc.php"] [unique_id "ajQPROBggZut_LasL-FflwAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-18 15:28:04 (1 day ago)	[redacted] 138.252.74.73 - - [18/Jun/2026:17:27:19 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "J ... show more [redacted] 138.252.74.73 - - [18/Jun/2026:17:27:19 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com" [redacted] 138.252.74.73 - - [18/Jun/2026:17:27:29 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.5; WordPress/6.3; http://site47518712.com" [redacted] 138.252.74.73 - - [18/Jun/2026:17:27:40 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.0; WordPress/6.4; http://site14916538.com" [redacted] 138.252.74.73 - - [18/Jun/2026:17:27:50 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack by WordPress.com (Jetpack 12.1; WordPress 6.1)" [redacted] 138.252.74.73 - - [18/Jun/2026:17:28:01 +0200] "POST /xmlrpc.php HTTP/1.1" 405 428 "-" "Jetpack/12.1; WordPress/6.4; http://site82642134.com" ... show less	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 21:06:31 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 17:06:23.877775 2026] [security2:error] [pid 18400:tid 18414] [client 138.252.74.73:56938] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 138.252.74.73 (+1 hits since last alert)\|jimlawrencesongs.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "jimlawrencesongs.com"] [uri "/xmlrpc.php"] [unique_id "ajMMT6l3wcpoHnrfWGP5vQAAAMo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 WeekendWeb	2026-06-17 21:03:13 (2 days ago)	Wordpress Vunerability attack	Web App Attack
🇺🇸 TPI-Abuse	2026-06-17 19:15:12 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 15:15:06.496595 2026] [security2:error] [pid 25554:tid 25554] [client 138.252.74.73:59007] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5965"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 138.252.74.73 (+1 hits since last alert)\|bickleton.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "bickleton.org"] [uri "/xmlrpc.php"] [unique_id "ajLyOmaVsKh4xkujvepZRAAAAAs"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-17 19:09:09 (2 days ago)	Attac	Brute-Force
🇺🇸 TPI-Abuse	2026-06-17 15:48:38 (2 days ago)	(mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Jun 17 11:48:31.872441 2026] [security2:error] [pid 9385:tid 9385] [client 138.252.74.73:62712] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 138.252.74.73 (+1 hits since last alert)\|gasoilliquidsdaily.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gasoilliquidsdaily.com"] [uri "/xmlrpc.php"] [unique_id "ajLBz9vE0r4-Ad_XZnROTAAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-16 19:44:43 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 15:44:38.593040 2026] [security2:error] [pid 20126:tid 20126] [client 138.252.74.73:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 138.252.74.73 (+1 hits since last alert)\|local639.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "local639.com"] [uri "/xmlrpc.php"] [unique_id "ajGnpo8Aqgj04r1qIDT1MQAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 dynamix	2026-06-16 18:07:30 (3 days ago)	WordPress XMLRPC Brute Force Attack	Brute-Force Web App Attack
🇩🇪 konseptit	2026-06-16 16:08:49 (3 days ago)	(wordpress) Failed wordpress login from 138.252.74.73 (PK/Pakistan/-)	Brute-Force
🇺🇸 TPI-Abuse	2026-06-16 14:40:59 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 138.252.74.73 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 10:40:51.804616 2026] [security2:error] [pid 30420:tid 30430] [client 138.252.74.73:51940] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 138.252.74.73 (+1 hits since last alert)\|sparkhypnotherapy.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "sparkhypnotherapy.com"] [uri "/xmlrpc.php"] [unique_id "ajFgc8WMTSD3hDAIrh3H9AAAAIY"] show less	Brute-Force Bad Web Bot Web App Attack
🇪🇸 masterguru	2026-06-16 13:43:21 (3 days ago)	(xmlrpc) Failed xmlrpc access from 138.252.74.73 (PK/Pakistan/-): 5 in the last 3600 secs (0-122)	Hacking
Anonymous	2026-01-16 13:56:26 (5 months ago)	Web App Attack	Brute-Force Exploited Host Web App Attack

Showing 1 to 13 of 13 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 94.23.204.164

🇺🇸 174.172.5.248

🇮🇩 163.7.8.178

🇨🇴 161.18.234.168

🇺🇸 107.173.197.70

🇮🇩 103.112.245.85

🇮🇳 103.88.77.153

🇱🇹 91.224.92.17

🇱🇹 81.30.98.62

🇮🇶 65.20.140.163

🇰🇷 47.80.63.229

🇷🇺 46.165.56.248

🇮🇩 36.64.174.210

🇬🇧 35.203.210.110

🇧🇷 20.226.45.125

🇨🇷 190.112.222.28

🇺🇸 185.149.26.71

🇺🇸 172.93.106.153

🇺🇸 162.216.150.58

🇰🇷 121.178.185.141