AbuseIPDB » 119.63.138.28
119.63.138.28 was found in our database!
This IP was reported 9 times. Confidence of
Abuse
is 37% : ?
ISP
Transworld Associates (Pvt.) Ltd.
Usage Type
Fixed Line ISP
ASN
AS138655
Domain Name
tw1.com
Country
๐ต๐ฐ
Pakistan
City
Lahore, Punjab
IP info including ISP, Usage Type, and Location provided
by IPInfo . Updated weekly.
IP Abuse Reports for 119.63.138.28 :
This IP address has been reported a total of
9
times from
8 distinct
sources.
119.63.138.28 was first reported on
October 26th 2024 , and the most recent report was
13 hours ago .
Recent Reports:
We have received reports of abusive activity from this IP address within the last week. It is
potentially still actively engaged in abusive activities.
Reporter
IoA Timestamp (UTC)
Comment
Categories
๐ฉ๐ช
Marc
2026-07-10 06:42:07
(13 hours ago)
119.63.138.28 - - [10/Jul/2026:08:28:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3457 "-" "Mozilla/5.0 ...
show more
119.63.138.28 - - [10/Jul/2026:08:28:04 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3457 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; x86) AppleWebKit/537.36 (KHTML, like Gecko) Edge/88.0.0.0 Safari/537.36" 119.63.138.28 - - [10/Jul/2026:08:34:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3455 "-" "Mozilla/5.0 (Linux; Android 10; x64) AppleWebKit/537.36 (KHTML, like Gecko) Edge/90.0.0.0 Safari/537.36" 119.63.138.28 - - [10/Jul/2026:08:42:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 3455 "-" "Mozilla/5.0 (Windows NT 6.2; x64) AppleWebKit/537.36 (KHTML, like Gecko) Safari/11.0.0.0 Safari/537.36"
show less
Brute-Force
Web App Attack
๐ฉ๐ช
4server
2026-07-09 11:04:08
(1 day ago)
[ThuJul0913:04:04.0382572026][security2:error][pid4038739:tid4038861][client119.63.138.28:0]ModSecur ...
show more
[ThuJul0913:04:04.0382572026][security2:error][pid4038739:tid4038861][client119.63.138.28:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Stringmatch\"/xmlrpc.php\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"170\"][id\"960024\"][msg\"XML-RPCdisabled\"][hostname\"autoeuro.lv\"][uri\"/xmlrpc.php\"][unique_id\"ak-AJEUtcglyZuaqgTXCZgAAAJM\"]
show less
Port Scan
Brute-Force
Web App Attack
Anonymous
2026-06-30 21:27:31
(1 week ago)
Unauthorized connection attempt
Port Scan
Hacking
Exploited Host
๐บ๐ธ
kosada.com
2026-06-29 08:28:49
(1 week ago)
Web bot: denial-of-service flood
DDoS Attack
Bad Web Bot
๐จ๐ญ
ALPHANET
2026-05-25 07:15:07
(1 month ago)
Botnet or web spider not respecting robots.txt
DDoS Attack
Exploited Host
๐ฉ๐ช
FeG Deutschland
2026-03-01 01:02:14
(4 months ago)
Mail: - login with unknown user - bruteforce
Brute-Force
๐ณ๐ฑ
exxos
2025-08-08 17:06:03
(11 months ago)
HTTP1.x attacks
DDoS Attack
๐ณ๐ฑ
exxos
2025-08-07 08:03:01
(11 months ago)
http-no-verb
Hacking
๐บ๐ธ
TPI-Abuse
2024-10-26 15:27:47
(1 year ago)
(mod_security) mod_security (id:225170) triggered by 119.63.138.28 (-): 1 in the last 300 secs; Port ...
show more
(mod_security) mod_security (id:225170) triggered by 119.63.138.28 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Oct 26 11:27:42.830617 2024] [security2:error] [pid 29261:tid 29261] [client 119.63.138.28:4144] [client 119.63.138.28] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)||www.bradleybarefoot.com|F|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "www.bradleybarefoot.com"] [uri "/wp-json/wp/v2/users/1"] [unique_id "Zx0KbrfJURMZF_XsVz0PhgAAAAU"]
show less
Brute-Force
Bad Web Bot
Web App Attack
Showing 1 to
9
of 9 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ
Recently Reported IPs: