JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 68.154.38.21

68.154.38.21 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 75%: ?

75%

ISP	Microsoft Corporation
Usage Type	Data Center/Web Hosting/Transit
ASN	AS8075
Domain Name	microsoft.com
Country	🇺🇸 United States of America
City	Boydton, Virginia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 68.154.38.21

Whois 68.154.38.21

IP Abuse Reports for 68.154.38.21:

This IP address has been reported a total of 19 times from 16 distinct sources. 68.154.38.21 was first reported on July 25th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇳 Mr.Singh	2026-06-03 00:30:57 (1 day ago)	NFT blocked 68.154.38.21 after 6 rejections on 03-Jun-2026.	Port Scan Brute-Force
🇷🇸 Scan	2026-06-03 00:10:23 (1 day ago)	MultiHost/MultiPort Probe, Scan, Hack -	Port Scan Hacking
🇦🇹 urnilxfgbez	2026-06-02 22:45:00 (1 day ago)	Last 24 Hours suspicious: (DPT=445\|DPT=3389\|DPT=22\|DPT=3306\|DPT=8080\|DPT=23\|DPT=5900\|DPT=1433)	Port Scan
🇹🇷 Threat.live	2026-06-02 21:20:05 (1 day ago)	Suspicious Connection Attempts	Brute-Force
🇺🇸 aks4226	2026-06-02 21:01:07 (1 day ago)	Bot search, attacking common web applications.	Web App Attack
🇬🇧 PeravixGroup	2026-06-02 20:31:38 (1 day ago)	Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. A ... show more Honeypot detection: Web application scanning / reconnaissance attempt on port 8443. Severity: LOW. Aaran.cloud show less	Port Scan Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-02 18:36:47 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 68.154.38.21 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 68.154.38.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 14:36:42.076815 2026] [security2:error] [pid 29024:tid 29024] [client 68.154.38.21:4326] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.35"] [uri "/.git/HEAD"] [unique_id "ah8iuhZexn_pKUZ2oXz1ggAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇮🇹 NonOggiCaroMio	2026-06-02 17:57:35 (2 days ago)	Arruso ca si: crowdsecurity/http-sensitive-files	Brute-Force
🇩🇪 acadeova	2026-06-02 17:44:25 (2 days ago)	🚨 Recon detected (nft drop) SRC=68.154.38.21 Observed=TCP dpt=443 in=enp0s6 ttl=46 Time=recent(journ ... show more 🚨 Recon detected (nft drop) SRC=68.154.38.21 Observed=TCP dpt=443 in=enp0s6 ttl=46 Time=recent(journalctl: 10 minutes ago) Assessment=Generic scanning / reconnaissance (PORT_SCAN) show less	Port Scan
🇩🇪 Enno	2026-06-02 17:24:06 (2 days ago)	P04::Fail2Ban: automated bot scanning / credential probing detected.	Web App Attack Bad Web Bot
🇺🇸 zwebvigil	2026-06-02 17:15:59 (2 days ago)	68.154.38.21 [02/Jun/2026:10:15:41 -0700] "GET /.git/HEAD HTTP/1.1" 404 2683 "-" port=5483 "Mozilla ... show more 68.154.38.21 [02/Jun/2026:10:15:41 -0700] "GET /.git/HEAD HTTP/1.1" 404 2683 "-" port=5483 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" "-" "<ipaddr>" 7128 68.154.38.21 [02/Jun/2026:10:15:52 -0700] "GET /.env.production HTTP/1.1" 404 2695 "-" port=4436 "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" "-" "-" "<ipaddr>" 1169 68.154.38.21 [02/Jun/2026:10:15:53 -0700] "GET /.env.backup HTTP/1.1" 404 2687 "-" port=5469 "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:125.0) Gecko/20100101 Firefox/125.0" "-" "-" "<ipaddr>" 1659 68.154.38.21 [02/Jun/2026:10:15:55 -0700] "GET /.env.save HTTP/1.1" 401 381 "-" port=4478 "Mozilla/5.0 (Macintosh; Intel Mac OS X 14_4_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36" "-" "-" "<ipaddr>" 662 68.154.38.21 [02/Jun/2026:10:15:58 -0700] "GET /wp-config.php HTTP/1.1" 401 381 "-" port=4 show less	Web App Attack
Anonymous	2026-06-02 16:46:56 (2 days ago)	Unauthorized connection attempt	Port Scan Hacking Exploited Host
🇺🇸 TPI-Abuse	2026-06-02 16:44:40 (2 days ago)	(mod_security) mod_security (id:210492) triggered by 68.154.38.21 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 68.154.38.21 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 02 12:44:33.258349 2026] [security2:error] [pid 29735:tid 29735] [client 68.154.38.21:4162] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "192.64.150.209"] [uri "/.git/HEAD"] [unique_id "ah8IcX1H6QQG7QEOMPiXRgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Rayulcifer	2026-04-16 12:20:08 (1 month ago)	68.154.38.21 - - [16/Apr/2026:07:19:57 -0500] "CONNECT graph.vshield.pro:443 HTTP/1.1" 502 488 "-" " ... show more 68.154.38.21 - - [16/Apr/2026:07:19:57 -0500] "CONNECT graph.vshield.pro:443 HTTP/1.1" 502 488 "-" "-" 68.154.38.21 - - [16/Apr/2026:07:19:57 -0500] "\x16\x03\x01" 400 392 "-" "-" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH
🇺🇸 Rayulcifer	2026-04-13 12:42:56 (1 month ago)	68.154.38.21 - - [13/Apr/2026:07:42:55 -0500] "GET https://yun.naizha.top HTTP/1.1" 200 90576 "-" "M ... show more 68.154.38.21 - - [13/Apr/2026:07:42:55 -0500] "GET https://yun.naizha.top HTTP/1.1" 200 90576 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0" 68.154.38.21 - - [13/Apr/2026:07:42:55 -0500] "GET https://yun.naizha.top HTTP/1.1" 200 90590 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:120.0) Gecko/20100101 Firefox/120.0" ... show less	Open Proxy Port Scan Hacking Web App Attack SSH

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 209.50.168.50

🇺🇸 209.50.163.25

🇳🇴 193.90.12.122

🇳🇱 185.223.235.61

🇮🇩 182.253.156.173

🇳🇱 176.65.139.130

🇺🇸 104.207.43.14

🇳🇱 88.151.32.188

🇩🇪 65.111.28.49

🇩🇪 216.26.255.127

🇨🇳 180.111.30.145

🇺🇸 148.153.121.146

🇮🇳 122.165.124.15

🇩🇪 104.207.63.32

🇰🇷 61.72.55.130

🇨🇦 4.205.28.179

🇳🇱 217.103.204.241

🇺🇸 208.87.242.107

🇩🇪 151.123.178.135

🇸🇬 107.150.112.233