197.221.254.63

Basic Info

City: unknown

Region: unknown

Country: Zimbabwe

Internet Service Provider: Telone Pvt Ltd

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Unauthorized connection attempt detected from IP address 197.221.254.63 to port 445	2019-12-11 21:32:25

Comments on same subnet:

IP	Type	Details	Datetime
197.221.254.22	attack	Port Scan detected! ...	2020-07-14 08:05:45
197.221.254.235	attack	Logged onto my email	2020-07-05 03:55:10
197.221.254.235	attackspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-05-29 06:30:57
197.221.254.79	attack	Fail2Ban - HTTP Auth Bruteforce Attempt	2020-05-12 05:24:46
197.221.254.176	attackbotsspam	2019-03-12 20:37:49 H=\(16.176.telone.co.zw\) \[197.221.254.176\]:25129 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-12 20:38:40 H=\(16.176.telone.co.zw\) \[197.221.254.176\]:25137 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-12 20:39:11 H=\(16.176.telone.co.zw\) \[197.221.254.176\]:25138 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed ...	2020-01-30 04:45:43
197.221.254.96	attack	2019-11-20 14:13:49 H=(16.96.telone.co.zw) [197.221.254.96]:6050 I=[10.100.18.22]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.96) 2019-11-20 14:13:49 unexpected disconnection while reading SMTP command from (16.96.telone.co.zw) [197.221.254.96]:6050 I=[10.100.18.22]:25 (error: Connection reset by peer) 2019-11-20 15:33:34 H=(16.96.telone.co.zw) [197.221.254.96]:6523 I=[10.100.18.22]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.96) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.96	2019-11-21 00:42:21
197.221.254.6	attackspambots	2019-11-20 15:12:24 H=(16.6.telone.co.zw) [197.221.254.6]:31578 I=[10.100.18.25]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.6) 2019-11-20 15:12:25 unexpected disconnection while reading SMTP command from (16.6.telone.co.zw) [197.221.254.6]:31578 I=[10.100.18.25]:25 (error: Connection reset by peer) 2019-11-20 15:29:34 H=(16.6.telone.co.zw) [197.221.254.6]:31622 I=[10.100.18.25]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.6) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.6	2019-11-20 22:54:01
197.221.254.40	attack	firewall-block, port(s): 1433/tcp	2019-11-20 00:40:13
197.221.254.172	attackspambots	Hello! As you may have noticed, I sent you an email from your account. This means that I have full access to your device. I've been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence. Why your antivirus did not detect malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks...	2019-10-13 06:30:27
197.221.254.157	attack	Spam	2019-08-14 23:36:14
197.221.254.2	attackspambots	Lines containing failures of 197.221.254.2 Jul 13 16:57:36 mellenthin postfix/smtpd[5323]: connect from unknown[197.221.254.2] Jul x@x Jul 13 16:57:45 mellenthin postfix/smtpd[5323]: lost connection after DATA from unknown[197.221.254.2] Jul 13 16:57:45 mellenthin postfix/smtpd[5323]: disconnect from unknown[197.221.254.2] ehlo=1 mail=1 rcpt=0/1 data=0/1 commands=2/4 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.2	2019-07-14 08:02:14

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.221.254.63
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 762
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;197.221.254.63.			IN	A

;; AUTHORITY SECTION:
.			278	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019121100 1800 900 604800 86400

;; Query time: 159 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Dec 11 21:32:20 CST 2019
;; MSG SIZE  rcvd: 118

Host info

63.254.221.197.in-addr.arpa domain name pointer 16.63.telone.co.zw.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
63.254.221.197.in-addr.arpa	name = 16.63.telone.co.zw.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
45.77.180.119	attackbots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-06 00:02:06,933 INFO [amun_request_handler] PortScan Detected on Port: 445 (45.77.180.119)	2019-07-06 09:52:38
104.197.160.87	attackbotsspam	2019-07-06T03:54:09.431513enmeeting.mahidol.ac.th sshd\[4031\]: Invalid user assise from 104.197.160.87 port 36432 2019-07-06T03:54:09.450633enmeeting.mahidol.ac.th sshd\[4031\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=87.160.197.104.bc.googleusercontent.com 2019-07-06T03:54:11.101777enmeeting.mahidol.ac.th sshd\[4031\]: Failed password for invalid user assise from 104.197.160.87 port 36432 ssh2 ...	2019-07-06 10:21:43
92.19.139.126	attackspam	NAME : CPWBBSERV-NET CIDR : 92.16.0.0/13 DDoS attack United Kingdom - block certain countries :) IP: 92.19.139.126 Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-07-06 10:09:17
119.49.16.178	attackbotsspam	Unauthorised access (Jul 5) SRC=119.49.16.178 LEN=40 TTL=49 ID=54828 TCP DPT=23 WINDOW=14345 SYN	2019-07-06 09:49:20
123.23.53.103	attackbotsspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-05 22:34:13,892 INFO [amun_request_handler] PortScan Detected on Port: 445 (123.23.53.103)	2019-07-06 10:22:37
1.179.184.177	attackbots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-03 22:30:29,352 INFO [shellcode_manager] (1.179.184.177) no match, writing hexdump (82d9fe5a436b804f2aefe369d0cb9d07 :2125842) - MS17010 (EternalBlue)	2019-07-06 09:54:42
191.7.8.2	attackbots	Honeypot attack, port: 445, PTR: 191-7-8-2-dynamic.onnettelecom.com.br.	2019-07-06 09:46:17
85.72.148.171	attack	NAME : OTENET CIDR : 85.72.0.0/16 DDoS attack Greece - block certain countries :) IP: 85.72.148.171 Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-07-06 10:06:42
88.250.18.198	attackbotsspam	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-05 20:45:01,951 INFO [amun_request_handler] PortScan Detected on Port: 445 (88.250.18.198)	2019-07-06 10:20:16
91.236.66.123	attackspam	Autoban 91.236.66.123 AUTH/CONNECT	2019-07-06 10:23:11
181.171.106.167	attack	Invalid user weblogic from 181.171.106.167 port 29865 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.171.106.167 Failed password for invalid user weblogic from 181.171.106.167 port 29865 ssh2 Invalid user csgoserver from 181.171.106.167 port 40801 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=181.171.106.167	2019-07-06 10:00:37
106.75.65.85	attack	05.07.2019 23:32:42 Connection to port 32768 blocked by firewall	2019-07-06 09:56:53
121.194.2.247	attackspam	firewall-block, port(s): 22/tcp	2019-07-06 10:28:29
36.7.140.77	attack	Jul 5 20:37:52 core01 sshd\[27722\]: Invalid user ph from 36.7.140.77 port 48455 Jul 5 20:37:52 core01 sshd\[27722\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=36.7.140.77 ...	2019-07-06 10:19:15
223.30.162.94	attackbots	@LucianNitescu Personal Honeypot Network <<<>>> Donate at paypal.me/LNitescu <<<>>> 2019-07-05 16:13:24,959 INFO [amun_request_handler] PortScan Detected on Port: 445 (223.30.162.94)	2019-07-06 09:59:21

Recently Reported IPs

203.190.154.83	114.33.250.151	103.192.76.16	101.28.29.116
155.192.125.29	167.160.65.45	50.200.170.92	92.108.44.249
66.57.107.210	77.97.6.176	23.254.55.94	187.4.158.172
82.50.105.100	109.226.213.125	66.73.153.165	106.66.48.2
8.223.202.217	207.130.99.90	234.93.132.5	72.178.179.177