138.68.30.48 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
138.68.30.2	attack	138.68.30.2 - - \[28/Dec/2019:20:38:27 +0100\] "POST /wp-login.php HTTP/1.0" 200 3080 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.68.30.2 - - \[28/Dec/2019:20:38:29 +0100\] "POST /wp-login.php HTTP/1.0" 200 3039 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" 138.68.30.2 - - \[28/Dec/2019:20:38:32 +0100\] "POST /wp-login.php HTTP/1.0" 200 3048 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-12-29 06:02:51
138.68.30.2	attack	Automatic report - Banned IP Access	2019-11-26 00:59:16
138.68.30.2	attack	11/24/2019-07:29:55.129981 138.68.30.2 Protocol: 6 ET POLICY Cleartext WordPress Login	2019-11-24 14:45:51
138.68.30.68	attackbots	53413/udp 53413/udp 53413/udp... [2019-10-21/11-21]1223pkt,1pt.(udp)	2019-11-21 19:51:21
138.68.30.68	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-10 19:55:08
138.68.30.68	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-07 01:08:00
138.68.30.68	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-01 00:43:09
138.68.30.68	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-10-30 20:32:01
138.68.30.2	attack	WordPress wp-login brute force :: 138.68.30.2 0.116 BYPASS [24/Oct/2019:14:45:53 1100] [censored_1] "POST /wp-login.php HTTP/1.1" 200 3972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-10-24 18:35:47
138.68.30.2	attack	plussize.fitness 138.68.30.2 \[20/Sep/2019:01:05:51 +0200\] "POST /wp-login.php HTTP/1.1" 200 5629 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" plussize.fitness 138.68.30.2 \[20/Sep/2019:01:05:52 +0200\] "POST /wp-login.php HTTP/1.1" 200 5582 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-09-20 09:02:58

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.30.48
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9882
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;138.68.30.48.			IN	A

;; AUTHORITY SECTION:
.			481	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021702 1800 900 604800 86400

;; Query time: 14 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Feb 18 11:58:34 CST 2022
;; MSG SIZE  rcvd: 105

Host info

Host 48.30.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 48.30.68.138.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
31.181.31.25	attackspambots	Automatic report - Port Scan Attack	2019-11-20 17:36:31
193.106.29.75	attackbots	2019-11-20T06:27:33Z - RDP login failed multiple times. (193.106.29.75)	2019-11-20 17:11:54
118.25.12.59	attackspambots	Nov 19 23:11:53 wbs sshd\[13820\]: Invalid user ssh from 118.25.12.59 Nov 19 23:11:53 wbs sshd\[13820\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.12.59 Nov 19 23:11:55 wbs sshd\[13820\]: Failed password for invalid user ssh from 118.25.12.59 port 40412 ssh2 Nov 19 23:16:07 wbs sshd\[14179\]: Invalid user rinus from 118.25.12.59 Nov 19 23:16:07 wbs sshd\[14179\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.12.59	2019-11-20 17:22:50
103.217.166.204	attackbotsspam	2019-11-20 06:28:30 H=([103.217.166.204]) [103.217.166.204]:60385 I=[10.100.18.22]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=103.217.166.204) 2019-11-20 06:28:31 unexpected disconnection while reading SMTP command from ([103.217.166.204]) [103.217.166.204]:60385 I=[10.100.18.22]:25 (error: Connection reset by peer) 2019-11-20 07:21:37 H=([103.217.166.204]) [103.217.166.204]:60036 I=[10.100.18.22]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=103.217.166.204) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=103.217.166.204	2019-11-20 16:58:47
185.143.223.146	attack	Scanning random ports - tries to find possible vulnerable services	2019-11-20 17:03:09
41.182.190.54	attack	2019-11-20 07:09:02 H=oai-br02-41-182-190-54.ipb.na [41.182.190.54]:12618 I=[10.100.18.25]:25 sender verify fail for : all relevant MX records point to non-existent hosts 2019-11-20 x@x 2019-11-20 07:09:03 unexpected disconnection while reading SMTP command from oai-br02-41-182-190-54.ipb.na [41.182.190.54]:12618 I=[10.100.18.25]:25 (error: Connection reset by peer) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=41.182.190.54	2019-11-20 17:34:51
181.231.71.238	attackbots	Bad Postfix AUTH attempts ...	2019-11-20 17:03:44
106.12.121.40	attackspambots	Nov 19 22:22:13 web9 sshd\[15436\]: Invalid user udjus from 106.12.121.40 Nov 19 22:22:13 web9 sshd\[15436\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.121.40 Nov 19 22:22:14 web9 sshd\[15436\]: Failed password for invalid user udjus from 106.12.121.40 port 52854 ssh2 Nov 19 22:26:13 web9 sshd\[15961\]: Invalid user copenhagen from 106.12.121.40 Nov 19 22:26:13 web9 sshd\[15961\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.121.40	2019-11-20 17:19:07
51.77.200.101	attackbotsspam	Brute-force attempt banned	2019-11-20 16:56:59
218.59.49.118	attackspam	Unauthorised access (Nov 20) SRC=218.59.49.118 LEN=40 TTL=49 ID=23256 TCP DPT=8080 WINDOW=164 SYN Unauthorised access (Nov 19) SRC=218.59.49.118 LEN=40 TTL=49 ID=7513 TCP DPT=8080 WINDOW=61012 SYN Unauthorised access (Nov 19) SRC=218.59.49.118 LEN=40 TTL=49 ID=44295 TCP DPT=8080 WINDOW=31941 SYN Unauthorised access (Nov 18) SRC=218.59.49.118 LEN=40 TTL=49 ID=28084 TCP DPT=8080 WINDOW=14236 SYN Unauthorised access (Nov 18) SRC=218.59.49.118 LEN=40 TTL=49 ID=17805 TCP DPT=8080 WINDOW=164 SYN Unauthorised access (Nov 18) SRC=218.59.49.118 LEN=40 TTL=49 ID=14802 TCP DPT=8080 WINDOW=61012 SYN Unauthorised access (Nov 17) SRC=218.59.49.118 LEN=40 TTL=49 ID=18554 TCP DPT=8080 WINDOW=14236 SYN	2019-11-20 17:05:15
41.93.73.2	attackbotsspam	2019-11-20 05:53:03 H=([41.93.73.2]) [41.93.73.2]:36174 I=[10.100.18.23]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=41.93.73.2) 2019-11-20 05:53:04 unexpected disconnection while reading SMTP command from ([41.93.73.2]) [41.93.73.2]:36174 I=[10.100.18.23]:25 (error: Connection reset by peer) 2019-11-20 07:07:26 H=([197.149.178.18]) [41.93.73.2]:49779 I=[10.100.18.23]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=41.93.73.2) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=41.93.73.2	2019-11-20 17:24:43
188.68.93.39	attack	" "	2019-11-20 17:21:45
45.143.220.33	attackbots	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-20 17:02:41
121.214.0.25	attackbotsspam	2019-11-20 07:05:57 unexpected disconnection while reading SMTP command from (cpe-121-214-0-25.bpw5-r-033.win.vic.bigpond.net.au) [121.214.0.25]:12039 I=[10.100.18.20]:25 (error: Connection reset by peer) 2019-11-20 07:06:40 unexpected disconnection while reading SMTP command from (cpe-121-214-0-25.bpw5-r-033.win.vic.bigpond.net.au) [121.214.0.25]:12276 I=[10.100.18.20]:25 (error: Connection reset by peer) 2019-11-20 07:10:52 H=(cpe-121-214-0-25.bpw5-r-033.win.vic.bigpond.net.au) [121.214.0.25]:12608 I=[10.100.18.20]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=121.214.0.25) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=121.214.0.25	2019-11-20 17:38:05
63.81.87.133	attackspambots	2019-11-20T07:27:32.487107stark.klein-stark.info postfix/smtpd\[6514\]: NOQUEUE: reject: RCPT from situate.jcnovel.com\[63.81.87.133\]: 554 5.7.1 \: Relay access denied\; from=\ to=\ proto=ESMTP helo=\ ...	2019-11-20 17:08:14

Recently Reported IPs

138.68.29.7	138.68.29.176	138.68.37.51	138.68.36.18
138.68.39.112	138.68.37.53	138.68.38.150	138.68.44.205
138.68.47.16	138.68.45.120	138.68.44.164	138.68.40.123
138.68.49.108	138.68.5.118	138.68.4.189	138.68.5.187
138.68.51.125	138.68.5.228	138.68.50.15	138.68.51.67