197.221.254.22

Basic Info

City: unknown

Region: unknown

Country: Zimbabwe

Internet Service Provider: Telone Pvt Ltd

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Port Scan detected! ...	2020-07-14 08:05:45

Comments on same subnet:

IP	Type	Details	Datetime
197.221.254.235	attack	Logged onto my email	2020-07-05 03:55:10
197.221.254.235	attackspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-05-29 06:30:57
197.221.254.79	attack	Fail2Ban - HTTP Auth Bruteforce Attempt	2020-05-12 05:24:46
197.221.254.176	attackbotsspam	2019-03-12 20:37:49 H=\(16.176.telone.co.zw\) \[197.221.254.176\]:25129 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-12 20:38:40 H=\(16.176.telone.co.zw\) \[197.221.254.176\]:25137 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-12 20:39:11 H=\(16.176.telone.co.zw\) \[197.221.254.176\]:25138 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed ...	2020-01-30 04:45:43
197.221.254.63	attack	Unauthorized connection attempt detected from IP address 197.221.254.63 to port 445	2019-12-11 21:32:25
197.221.254.96	attack	2019-11-20 14:13:49 H=(16.96.telone.co.zw) [197.221.254.96]:6050 I=[10.100.18.22]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.96) 2019-11-20 14:13:49 unexpected disconnection while reading SMTP command from (16.96.telone.co.zw) [197.221.254.96]:6050 I=[10.100.18.22]:25 (error: Connection reset by peer) 2019-11-20 15:33:34 H=(16.96.telone.co.zw) [197.221.254.96]:6523 I=[10.100.18.22]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.96) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.96	2019-11-21 00:42:21
197.221.254.6	attackspambots	2019-11-20 15:12:24 H=(16.6.telone.co.zw) [197.221.254.6]:31578 I=[10.100.18.25]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.6) 2019-11-20 15:12:25 unexpected disconnection while reading SMTP command from (16.6.telone.co.zw) [197.221.254.6]:31578 I=[10.100.18.25]:25 (error: Connection reset by peer) 2019-11-20 15:29:34 H=(16.6.telone.co.zw) [197.221.254.6]:31622 I=[10.100.18.25]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.6) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.6	2019-11-20 22:54:01
197.221.254.40	attack	firewall-block, port(s): 1433/tcp	2019-11-20 00:40:13
197.221.254.172	attackspambots	Hello! As you may have noticed, I sent you an email from your account. This means that I have full access to your device. I've been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence. Why your antivirus did not detect malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks...	2019-10-13 06:30:27
197.221.254.157	attack	Spam	2019-08-14 23:36:14
197.221.254.2	attackspambots	Lines containing failures of 197.221.254.2 Jul 13 16:57:36 mellenthin postfix/smtpd[5323]: connect from unknown[197.221.254.2] Jul x@x Jul 13 16:57:45 mellenthin postfix/smtpd[5323]: lost connection after DATA from unknown[197.221.254.2] Jul 13 16:57:45 mellenthin postfix/smtpd[5323]: disconnect from unknown[197.221.254.2] ehlo=1 mail=1 rcpt=0/1 data=0/1 commands=2/4 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.2	2019-07-14 08:02:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.221.254.22
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58144
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;197.221.254.22.			IN	A

;; AUTHORITY SECTION:
.			343	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020071301 1800 900 604800 86400

;; Query time: 58 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Jul 14 08:05:41 CST 2020
;; MSG SIZE  rcvd: 118

Host info

22.254.221.197.in-addr.arpa domain name pointer 16.22.telone.co.zw.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
22.254.221.197.in-addr.arpa	name = 16.22.telone.co.zw.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
213.32.65.111	attackspam	Nov 28 10:35:50 microserver sshd[62856]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.32.65.111 user=bin Nov 28 10:35:52 microserver sshd[62856]: Failed password for bin from 213.32.65.111 port 51804 ssh2 Nov 28 10:41:54 microserver sshd[63604]: Invalid user latham from 213.32.65.111 port 39198 Nov 28 10:41:54 microserver sshd[63604]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.32.65.111 Nov 28 10:41:56 microserver sshd[63604]: Failed password for invalid user latham from 213.32.65.111 port 39198 ssh2 Nov 28 10:53:44 microserver sshd[65094]: Invalid user barak from 213.32.65.111 port 41842 Nov 28 10:53:44 microserver sshd[65094]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.32.65.111 Nov 28 10:53:46 microserver sshd[65094]: Failed password for invalid user barak from 213.32.65.111 port 41842 ssh2 Nov 28 10:59:49 microserver sshd[617]: pam_unix(sshd:auth): authenticatio	2019-11-28 18:57:47
190.210.222.124	attack	Nov 28 09:27:52 MainVPS sshd[29900]: Invalid user shawnasee from 190.210.222.124 port 34010 Nov 28 09:27:52 MainVPS sshd[29900]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.210.222.124 Nov 28 09:27:52 MainVPS sshd[29900]: Invalid user shawnasee from 190.210.222.124 port 34010 Nov 28 09:27:54 MainVPS sshd[29900]: Failed password for invalid user shawnasee from 190.210.222.124 port 34010 ssh2 Nov 28 09:36:12 MainVPS sshd[12747]: Invalid user test from 190.210.222.124 port 52247 ...	2019-11-28 18:53:14
218.107.133.49	attackbotsspam	2019-11-28T07:24:19.525364MailD postfix/smtpd[2541]: warning: unknown[218.107.133.49]: SASL LOGIN authentication failed: authentication failure 2019-11-28T07:24:22.562896MailD postfix/smtpd[2541]: warning: unknown[218.107.133.49]: SASL LOGIN authentication failed: authentication failure 2019-11-28T07:24:26.597574MailD postfix/smtpd[2541]: warning: unknown[218.107.133.49]: SASL LOGIN authentication failed: authentication failure	2019-11-28 18:46:35
89.248.172.85	attackbotsspam	Nov 28 10:27:52 TCP Attack: SRC=89.248.172.85 DST=[Masked] LEN=40 TOS=0x08 PREC=0x20 TTL=246 PROTO=TCP SPT=50682 DPT=19680 WINDOW=1024 RES=0x00 SYN URGP=0	2019-11-28 18:46:14
106.13.67.90	attack	Brute-force attempt banned	2019-11-28 18:24:11
159.65.182.7	attackbots	Port Scan detected from 159.65.182.7 (US/United States/servidor.cashservices.cl). 4 hits in the last 215 seconds	2019-11-28 18:28:54
49.234.203.221	attack	Port scan on 2 port(s): 2376 2377	2019-11-28 18:51:56
189.132.160.168	attackspambots	port scan and connect, tcp 23 (telnet)	2019-11-28 18:33:09
218.92.0.200	attack	Nov 28 11:35:32 dcd-gentoo sshd[28799]: User root from 218.92.0.200 not allowed because none of user's groups are listed in AllowGroups Nov 28 11:35:34 dcd-gentoo sshd[28799]: error: PAM: Authentication failure for illegal user root from 218.92.0.200 Nov 28 11:35:32 dcd-gentoo sshd[28799]: User root from 218.92.0.200 not allowed because none of user's groups are listed in AllowGroups Nov 28 11:35:34 dcd-gentoo sshd[28799]: error: PAM: Authentication failure for illegal user root from 218.92.0.200 Nov 28 11:35:32 dcd-gentoo sshd[28799]: User root from 218.92.0.200 not allowed because none of user's groups are listed in AllowGroups Nov 28 11:35:34 dcd-gentoo sshd[28799]: error: PAM: Authentication failure for illegal user root from 218.92.0.200 Nov 28 11:35:34 dcd-gentoo sshd[28799]: Failed keyboard-interactive/pam for invalid user root from 218.92.0.200 port 37612 ssh2 ...	2019-11-28 18:35:54
58.208.229.74	attackspam	SASL broute force	2019-11-28 18:23:03
106.12.46.104	attackspam	Nov 28 11:45:49 MK-Soft-VM8 sshd[29989]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.46.104 Nov 28 11:45:51 MK-Soft-VM8 sshd[29989]: Failed password for invalid user server from 106.12.46.104 port 44480 ssh2 ...	2019-11-28 18:52:45
142.93.199.244	attackbots	Nov 28 08:51:10 OPSO sshd\[29306\]: Invalid user April@123 from 142.93.199.244 port 52974 Nov 28 08:51:10 OPSO sshd\[29306\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.199.244 Nov 28 08:51:12 OPSO sshd\[29306\]: Failed password for invalid user April@123 from 142.93.199.244 port 52974 ssh2 Nov 28 08:57:29 OPSO sshd\[30526\]: Invalid user awh from 142.93.199.244 port 60844 Nov 28 08:57:29 OPSO sshd\[30526\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=142.93.199.244	2019-11-28 18:38:54
210.75.21.242	attackbots	web exploits ...	2019-11-28 18:21:41
222.186.175.220	attackbotsspam	2019-11-27 UTC: 3x - (3x)	2019-11-28 18:49:35
180.244.233.39	attackspam	Unauthorised access (Nov 28) SRC=180.244.233.39 LEN=52 TTL=115 ID=22090 DF TCP DPT=445 WINDOW=8192 SYN Unauthorised access (Nov 28) SRC=180.244.233.39 LEN=52 TTL=115 ID=26988 DF TCP DPT=445 WINDOW=8192 SYN	2019-11-28 18:28:23

Recently Reported IPs

172.194.100.37	196.232.116.19	154.56.67.93	199.202.23.116
200.220.141.205	174.248.52.52	217.74.72.183	191.163.39.222
94.132.80.72	173.80.176.86	115.161.109.47	14.120.132.69
201.42.12.165	200.29.105.33	86.78.250.158	112.105.101.35
132.239.231.205	103.52.16.101	88.244.252.103	106.118.97.12