197.221.254.238

Basic Info

City: unknown

Region: unknown

Country: Zimbabwe

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
197.221.254.22	attack	Port Scan detected! ...	2020-07-14 08:05:45
197.221.254.235	attack	Logged onto my email	2020-07-05 03:55:10
197.221.254.235	attackspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-05-29 06:30:57
197.221.254.79	attack	Fail2Ban - HTTP Auth Bruteforce Attempt	2020-05-12 05:24:46
197.221.254.176	attackbotsspam	2019-03-12 20:37:49 H=$16.176.telone.co.zw$ \[197.221.254.176\]:25129 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-12 20:38:40 H=$16.176.telone.co.zw$ \[197.221.254.176\]:25137 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-12 20:39:11 H=$16.176.telone.co.zw$ \[197.221.254.176\]:25138 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed ...	2020-01-30 04:45:43
197.221.254.63	attack	Unauthorized connection attempt detected from IP address 197.221.254.63 to port 445	2019-12-11 21:32:25
197.221.254.96	attack	2019-11-20 14:13:49 H=(16.96.telone.co.zw) [197.221.254.96]:6050 I=[10.100.18.22]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.96) 2019-11-20 14:13:49 unexpected disconnection while reading SMTP command from (16.96.telone.co.zw) [197.221.254.96]:6050 I=[10.100.18.22]:25 (error: Connection reset by peer) 2019-11-20 15:33:34 H=(16.96.telone.co.zw) [197.221.254.96]:6523 I=[10.100.18.22]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.96) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.96	2019-11-21 00:42:21
197.221.254.6	attackspambots	2019-11-20 15:12:24 H=(16.6.telone.co.zw) [197.221.254.6]:31578 I=[10.100.18.25]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.6) 2019-11-20 15:12:25 unexpected disconnection while reading SMTP command from (16.6.telone.co.zw) [197.221.254.6]:31578 I=[10.100.18.25]:25 (error: Connection reset by peer) 2019-11-20 15:29:34 H=(16.6.telone.co.zw) [197.221.254.6]:31622 I=[10.100.18.25]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.6) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.6	2019-11-20 22:54:01
197.221.254.40	attack	firewall-block, port(s): 1433/tcp	2019-11-20 00:40:13
197.221.254.172	attackspambots	Hello! As you may have noticed, I sent you an email from your account. This means that I have full access to your device. I've been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence. Why your antivirus did not detect malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks...	2019-10-13 06:30:27
197.221.254.157	attack	Spam	2019-08-14 23:36:14
197.221.254.2	attackspambots	Lines containing failures of 197.221.254.2 Jul 13 16:57:36 mellenthin postfix/smtpd[5323]: connect from unknown[197.221.254.2] Jul x@x Jul 13 16:57:45 mellenthin postfix/smtpd[5323]: lost connection after DATA from unknown[197.221.254.2] Jul 13 16:57:45 mellenthin postfix/smtpd[5323]: disconnect from unknown[197.221.254.2] ehlo=1 mail=1 rcpt=0/1 data=0/1 commands=2/4 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.2	2019-07-14 08:02:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.221.254.238
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 9757
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;197.221.254.238.		IN	A

;; AUTHORITY SECTION:
.			583	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022102901 1800 900 604800 86400

;; Query time: 66 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Oct 30 03:51:18 CST 2022
;; MSG SIZE  rcvd: 108

Host info

238.254.221.197.in-addr.arpa domain name pointer 16.238.telone.co.zw.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
238.254.221.197.in-addr.arpa	name = 16.238.telone.co.zw.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
5.196.14.207	attack	DATE:2019-09-11 09:53:55, IP:5.196.14.207, PORT:3306 - MySQL/MariaDB brute force auth on a honeypot server (epe-dc)	2019-09-11 19:57:07
194.44.48.50	attack	SSH invalid-user multiple login attempts	2019-09-11 19:53:28
198.12.83.202	attackbots	(From MeganWhitesj@gmail.com) Hello there! Different kinds of mobile apps can help your business, whether in terms of marketing, business efficiency, or both. Do you have a mobile app for your business? Potential clients nowadays are more comfortable doing business with companies whose mobile app does not only have an amazing user-interface, but also has some features that make doing most business processes easier. I'm an app developer that can design and program on any platform (Android, iOs, etc). If you already have ideas in mind, I'd love to hear about them. I also have ideas of my own that I'd really love to share with you. If you'd like to know more info, I'll send you my portfolio containing the apps that I've made for my other clients, and I'll also show you data about how the app helps their business. Please reply to let me know what you think. Talk to you soon! - Megan White	2019-09-11 20:39:08
159.65.248.54	attack	Sep 11 02:43:12 dallas01 sshd[30940]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.248.54 Sep 11 02:43:15 dallas01 sshd[30940]: Failed password for invalid user support from 159.65.248.54 port 36994 ssh2 Sep 11 02:52:29 dallas01 sshd[32244]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=159.65.248.54	2019-09-11 20:48:52
218.98.40.150	attack	Sep 11 14:03:56 ubuntu-2gb-nbg1-dc3-1 sshd[6989]: Failed password for root from 218.98.40.150 port 30203 ssh2 Sep 11 14:04:04 ubuntu-2gb-nbg1-dc3-1 sshd[6989]: error: maximum authentication attempts exceeded for root from 218.98.40.150 port 30203 ssh2 [preauth] ...	2019-09-11 20:11:34
185.137.233.136	attackspam	RDP brute forcing (d)	2019-09-11 19:54:09
180.168.198.142	attackbotsspam	Sep 10 23:20:33 hanapaa sshd\[19183\]: Invalid user mysql@1234 from 180.168.198.142 Sep 10 23:20:33 hanapaa sshd\[19183\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.168.198.142 Sep 10 23:20:35 hanapaa sshd\[19183\]: Failed password for invalid user mysql@1234 from 180.168.198.142 port 52164 ssh2 Sep 10 23:24:18 hanapaa sshd\[19529\]: Invalid user test from 180.168.198.142 Sep 10 23:24:18 hanapaa sshd\[19529\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.168.198.142	2019-09-11 20:14:56
208.118.88.242	attackbots	2019-09-11T11:39:47.039032abusebot-2.cloudsearch.cf sshd\[25684\]: Invalid user cloud from 208.118.88.242 port 44120	2019-09-11 20:05:23
213.133.3.8	attackbotsspam	Sep 10 23:59:25 php1 sshd\[2122\]: Invalid user ts3 from 213.133.3.8 Sep 10 23:59:25 php1 sshd\[2122\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.133.3.8 Sep 10 23:59:28 php1 sshd\[2122\]: Failed password for invalid user ts3 from 213.133.3.8 port 45795 ssh2 Sep 11 00:05:47 php1 sshd\[2992\]: Invalid user minecraft from 213.133.3.8 Sep 11 00:05:47 php1 sshd\[2992\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.133.3.8	2019-09-11 20:18:47
49.88.112.78	attackspam	2019-09-11T12:08:07.350276abusebot-3.cloudsearch.cf sshd\[23423\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.88.112.78 user=root	2019-09-11 20:08:53
62.94.74.132	attack	Sep 11 12:04:57 mout sshd[2598]: Invalid user user from 62.94.74.132 port 48788	2019-09-11 20:33:55
117.50.17.253	attack	Sep 11 09:53:14 mout sshd[23916]: Invalid user jenkins from 117.50.17.253 port 55014	2019-09-11 20:28:21
45.82.153.38	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-09-11 20:14:30
201.38.172.76	attackbots	$f2bV_matches	2019-09-11 20:26:52
202.95.226.22	attack	Port scan: Attack repeated for 24 hours	2019-09-11 19:51:08

Recently Reported IPs

146.45.105.12	100.244.255.137	73.132.140.67	187.171.13.71
112.118.234.241	3.20.126.171	224.35.180.21	104.233.61.216
51.54.143.234	103.206.136.174	57.128.88.254	28.241.105.227
45.116.196.254	192.35.191.109	52.143.148.39	183.213.233.205
223.62.51.140	46.167.207.153	24.14.251.150	205.233.134.92