138.68.52.248 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
138.68.52.53	attackspam	Automatic report - XMLRPC Attack	2020-09-09 20:54:56
138.68.52.53	attackspam	Automatic report - XMLRPC Attack	2020-09-09 14:52:40
138.68.52.53	attack	Automatic report - XMLRPC Attack	2020-09-09 07:02:38
138.68.52.53	attackbotsspam	138.68.52.53 - - [31/Aug/2020:13:28:36 +0100] "POST /wp-login.php HTTP/1.1" 200 1905 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.52.53 - - [31/Aug/2020:13:28:38 +0100] "POST /wp-login.php HTTP/1.1" 200 1890 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.52.53 - - [31/Aug/2020:13:28:40 +0100] "POST /wp-login.php HTTP/1.1" 200 1887 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-01 04:29:16
138.68.52.53	attackspam	138.68.52.53 - - [20/Aug/2020:04:55:30 +0100] "POST /wp-login.php HTTP/1.1" 200 2264 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.52.53 - - [20/Aug/2020:04:55:37 +0100] "POST /wp-login.php HTTP/1.1" 200 2195 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.52.53 - - [20/Aug/2020:04:55:37 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-20 12:33:19
138.68.52.53	attack	Wordpress malicious attack:[octaxmlrpc]	2020-07-31 12:41:03
138.68.52.53	attack	xmlrpc attack	2020-07-06 15:11:26
138.68.52.53	attackspambots	CMS (WordPress or Joomla) login attempt.	2020-05-24 12:58:02
138.68.52.53	attack	138.68.52.53 - - [23/Apr/2020:05:55:33 +0200] "GET /wp-login.php HTTP/1.1" 200 6108 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.52.53 - - [23/Apr/2020:05:55:35 +0200] "POST /wp-login.php HTTP/1.1" 200 6338 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 138.68.52.53 - - [23/Apr/2020:05:55:37 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-04-23 12:46:04
138.68.52.53	attackbotsspam	Automatic report - WordPress Brute Force	2020-04-13 00:33:13
138.68.52.53	attackbots	Automatic report - XMLRPC Attack	2020-03-20 19:00:35
138.68.52.53	attack	xmlrpc attack	2020-02-25 20:58:16
138.68.52.53	attackbots	WordPress login Brute force / Web App Attack on client site.	2019-12-14 20:52:35
138.68.52.53	attackspam	Looking for resource vulnerabilities	2019-12-01 16:07:01
138.68.52.53	attackspambots	138.68.52.53 - - \[23/Nov/2019:19:01:03 +0000\] "POST /wp-login.php HTTP/1.1" 200 4358 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 138.68.52.53 - - \[23/Nov/2019:19:01:09 +0000\] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" ...	2019-11-24 03:32:53

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 138.68.52.248
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33074
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;138.68.52.248.			IN	A

;; AUTHORITY SECTION:
.			455	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022020702 1800 900 604800 86400

;; Query time: 14 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Feb 08 14:26:58 CST 2022
;; MSG SIZE  rcvd: 106

Host info

Host 248.52.68.138.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 248.52.68.138.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
45.14.148.145	attackbotsspam	Apr 5 19:25:01 srv01 sshd[22244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.14.148.145 user=root Apr 5 19:25:03 srv01 sshd[22244]: Failed password for root from 45.14.148.145 port 35590 ssh2 Apr 5 19:30:07 srv01 sshd[22514]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.14.148.145 user=root Apr 5 19:30:10 srv01 sshd[22514]: Failed password for root from 45.14.148.145 port 51134 ssh2 Apr 5 19:34:48 srv01 sshd[22844]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=45.14.148.145 user=root Apr 5 19:34:50 srv01 sshd[22844]: Failed password for root from 45.14.148.145 port 57960 ssh2 ...	2020-04-06 03:01:03
185.68.28.239	attackbots	Apr 5 17:26:30 [HOSTNAME] sshd[22190]: User removed from 185.68.28.239 not allowed because not listed in AllowUsers Apr 5 17:26:30 [HOSTNAME] sshd[22190]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.68.28.239 user=removed Apr 5 17:26:32 [HOSTNAME] sshd[22190]: Failed password for invalid user removed from 185.68.28.239 port 37014 ssh2 ...	2020-04-06 03:33:10
203.189.198.215	attackspam	Apr 5 14:35:43 haigwepa sshd[27627]: Failed password for root from 203.189.198.215 port 58786 ssh2 ...	2020-04-06 03:18:36
139.217.227.32	attack	Apr 5 14:19:03 h2646465 sshd[4685]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.217.227.32 user=root Apr 5 14:19:05 h2646465 sshd[4685]: Failed password for root from 139.217.227.32 port 47516 ssh2 Apr 5 14:27:11 h2646465 sshd[5858]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.217.227.32 user=root Apr 5 14:27:13 h2646465 sshd[5858]: Failed password for root from 139.217.227.32 port 58320 ssh2 Apr 5 14:32:50 h2646465 sshd[6495]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.217.227.32 user=root Apr 5 14:32:52 h2646465 sshd[6495]: Failed password for root from 139.217.227.32 port 54272 ssh2 Apr 5 14:36:18 h2646465 sshd[7053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.217.227.32 user=root Apr 5 14:36:20 h2646465 sshd[7053]: Failed password for root from 139.217.227.32 port 50010 ssh2 Apr 5 14:39:57 h2646465 ssh	2020-04-06 02:54:35
87.251.74.8	attack	firewall-block, port(s): 702/tcp, 854/tcp	2020-04-06 03:03:02
54.36.185.105	attack	firewall-block, port(s): 1451/tcp	2020-04-06 02:53:57
79.99.49.242	attack	CMS (WordPress or Joomla) login attempt.	2020-04-06 03:14:54
109.226.194.25	attackspam	Apr 5 17:57:41 *** sshd[16795]: User root from 109.226.194.25 not allowed because not listed in AllowUsers	2020-04-06 03:14:22
62.210.114.58	attack	SSH Brute-Forcing (server1)	2020-04-06 03:32:42
129.226.73.26	attack	(sshd) Failed SSH login from 129.226.73.26 (SG/Singapore/-): 2 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SSHD; Logs: Apr 5 20:20:01 ubnt-55d23 sshd[11086]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.226.73.26 user=root Apr 5 20:20:03 ubnt-55d23 sshd[11086]: Failed password for root from 129.226.73.26 port 57378 ssh2	2020-04-06 02:55:08
195.206.105.217	attackbotsspam	Triggered by Fail2Ban at Ares web server	2020-04-06 03:09:09
46.101.43.224	attackspambots	Apr 5 17:05:31 vpn01 sshd[14238]: Failed password for root from 46.101.43.224 port 36576 ssh2 ...	2020-04-06 03:13:32
165.22.78.222	attackbots	$f2bV_matches	2020-04-06 03:12:59
89.42.252.124	attackspam	Unauthorised connection attempt detected at AUO NODE 1. System is sshd. Protected by AUO Stack Web Application Firewall (WAF)	2020-04-06 03:26:04
106.13.191.132	attack	Apr 5 14:24:34 sso sshd[2919]: Failed password for root from 106.13.191.132 port 48558 ssh2 ...	2020-04-06 03:11:17

Recently Reported IPs

103.73.35.163	183.54.246.104	175.0.62.128	102.66.228.37
40.107.92.59	54.87.108.117	117.1.222.77	178.236.47.42
222.181.199.22	1.181.63.130	91.236.172.10	181.57.154.20
117.5.242.37	109.175.105.40	115.61.109.153	178.72.76.100
103.165.21.60	103.81.116.53	199.249.230.177	162.144.46.101