197.242.1.243 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Gabon

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
197.242.145.186	spam	This address sent an email requesting my company to buy IT equipment with a stolen credit card	2020-12-05 08:16:27
197.242.124.229	attackspam	Unauthorized connection attempt from IP address 197.242.124.229 on Port 445(SMB)	2020-09-21 23:37:34
197.242.124.229	attackbotsspam	Unauthorized connection attempt from IP address 197.242.124.229 on Port 445(SMB)	2020-09-21 15:20:23
197.242.124.229	attack	Unauthorized connection attempt from IP address 197.242.124.229 on Port 445(SMB)	2020-09-21 07:15:10
197.242.144.61	attackspambots	SQL Injection in QueryString parameter: dokument1111111111111' UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),CHAR(45,120,56,45,81,45),CHAR(45,120,57,45,81,45),CHAR(45,120,49,48,45,81,45)--	2020-09-13 02:55:42
197.242.144.61	attackbots	SQL Injection in QueryString parameter: dokument1111111111111' UNION SELECT CHAR(45,120,49,45,81,45),CHAR(45,120,50,45,81,45),CHAR(45,120,51,45,81,45),CHAR(45,120,52,45,81,45),CHAR(45,120,53,45,81,45),CHAR(45,120,54,45,81,45),CHAR(45,120,55,45,81,45),CHAR(45,120,56,45,81,45),CHAR(45,120,57,45,81,45),CHAR(45,120,49,48,45,81,45)--	2020-09-12 18:58:46
197.242.100.156	attack	Sep 3 18:48:30 mellenthin postfix/smtpd[20953]: NOQUEUE: reject: RCPT from unknown[197.242.100.156]: 554 5.7.1 Service unavailable; Client host [197.242.100.156] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/197.242.100.156 / https://www.spamhaus.org/sbl/query/SBL174938; from= to= proto=ESMTP helo=<[197.242.100.156]>	2020-09-04 22:56:12
197.242.100.156	attack	Sep 3 18:48:30 mellenthin postfix/smtpd[20953]: NOQUEUE: reject: RCPT from unknown[197.242.100.156]: 554 5.7.1 Service unavailable; Client host [197.242.100.156] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/197.242.100.156 / https://www.spamhaus.org/sbl/query/SBL174938; from= to= proto=ESMTP helo=<[197.242.100.156]>	2020-09-04 14:28:11
197.242.100.156	attack	Sep 3 18:48:30 mellenthin postfix/smtpd[20953]: NOQUEUE: reject: RCPT from unknown[197.242.100.156]: 554 5.7.1 Service unavailable; Client host [197.242.100.156] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/197.242.100.156 / https://www.spamhaus.org/sbl/query/SBL174938; from= to= proto=ESMTP helo=<[197.242.100.156]>	2020-09-04 06:54:06
197.242.184.29	attackspam	Unauthorized connection attempt detected from IP address 197.242.184.29 to port 334 [T]	2020-08-16 20:17:18
197.242.102.141	attackbots	1596888676 - 08/08/2020 14:11:16 Host: 197.242.102.141/197.242.102.141 Port: 445 TCP Blocked	2020-08-09 02:16:05
197.242.152.135	attackbotsspam	Jul 22 10:51:52 Host-KEWR-E postfix/smtpd[29782]: NOQUEUE: reject: RCPT from spe6.ucebox.co.za[197.242.152.135]: 450 4.1.8 : Sender address rejected: Domain not found; from= to= proto=ESMTP helo= ...	2020-07-23 00:03:24
197.242.147.68	attackbotsspam	Jul 12 02:38:18 web1 sshd[30248]: Invalid user xzt from 197.242.147.68 port 56110 Jul 12 02:38:18 web1 sshd[30248]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.242.147.68 Jul 12 02:38:18 web1 sshd[30248]: Invalid user xzt from 197.242.147.68 port 56110 Jul 12 02:38:20 web1 sshd[30248]: Failed password for invalid user xzt from 197.242.147.68 port 56110 ssh2 Jul 12 02:41:12 web1 sshd[31082]: Invalid user dieter from 197.242.147.68 port 54242 Jul 12 02:41:12 web1 sshd[31082]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.242.147.68 Jul 12 02:41:12 web1 sshd[31082]: Invalid user dieter from 197.242.147.68 port 54242 Jul 12 02:41:15 web1 sshd[31082]: Failed password for invalid user dieter from 197.242.147.68 port 54242 ssh2 Jul 12 02:42:04 web1 sshd[31297]: Invalid user leejw from 197.242.147.68 port 34084 ...	2020-07-12 01:01:52
197.242.147.68	attackbots	Jun 30 23:37:03 master sshd[3626]: Failed password for invalid user mysql from 197.242.147.68 port 40384 ssh2	2020-07-02 04:13:34
197.242.1.116	attackbotsspam	Unauthorized connection attempt from IP address 197.242.1.116 on Port 445(SMB)	2020-06-03 03:06:31

Whois info:

Dig info:

b'
; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> 197.242.1.243
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64567
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;197.242.1.243.			IN	A

;; Query time: 1 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Sat Jun 26 18:03:18 CST 2021
;; MSG SIZE  rcvd: 42

'

Host info

Host 243.1.242.197.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 243.1.242.197.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
178.137.88.65	attack	Automatic report - XMLRPC Attack	2020-05-15 07:07:15
81.24.131.138	attackspam	Unauthorized connection attempt from IP address 81.24.131.138 on Port 445(SMB)	2020-05-15 07:19:01
176.251.18.143	attack	Invalid user user from 176.251.18.143 port 33770	2020-05-15 07:10:38
185.18.6.65	attack	May 14 23:55:31 sip sshd[262468]: Invalid user git from 185.18.6.65 port 35400 May 14 23:55:33 sip sshd[262468]: Failed password for invalid user git from 185.18.6.65 port 35400 ssh2 May 14 23:59:14 sip sshd[262511]: Invalid user postgres from 185.18.6.65 port 41832 ...	2020-05-15 07:10:01
178.154.200.105	attack	[Fri May 15 03:54:26.296850 2020] [:error] [pid 22861:tid 139881058109184] [client 178.154.200.105:41046] [client 178.154.200.105] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "Xr2wAkRI0TcagAXuPCtuzAAAAfA"] ...	2020-05-15 07:05:40
139.227.252.202	attackspambots	Invalid user talbot from 139.227.252.202 port 55110	2020-05-15 07:07:38
218.92.0.212	attack	2020-05-15T01:36:19.219542afi-git.jinr.ru sshd[21050]: Failed password for root from 218.92.0.212 port 43095 ssh2 2020-05-15T01:36:22.697136afi-git.jinr.ru sshd[21050]: Failed password for root from 218.92.0.212 port 43095 ssh2 2020-05-15T01:36:25.251884afi-git.jinr.ru sshd[21050]: Failed password for root from 218.92.0.212 port 43095 ssh2 2020-05-15T01:36:25.252064afi-git.jinr.ru sshd[21050]: error: maximum authentication attempts exceeded for root from 218.92.0.212 port 43095 ssh2 [preauth] 2020-05-15T01:36:25.252080afi-git.jinr.ru sshd[21050]: Disconnecting: Too many authentication failures [preauth] ...	2020-05-15 06:46:15
103.89.89.126	attackspam	05/14/2020-16:54:43.385180 103.89.89.126 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-05-15 06:52:40
157.230.32.164	attack	May 15 00:26:34 piServer sshd[5198]: Failed password for root from 157.230.32.164 port 57368 ssh2 May 15 00:30:36 piServer sshd[5492]: Failed password for root from 157.230.32.164 port 36786 ssh2 May 15 00:34:38 piServer sshd[5798]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.32.164 ...	2020-05-15 06:46:30
52.11.29.75	attackbotsspam	52.11.29.75 - - [21/Feb/2020:15:58:42 +0100] "GET /wp-login.php HTTP/1.1" 404 470 ...	2020-05-15 06:40:15
118.68.119.157	attack	Port probing on unauthorized port 81	2020-05-15 06:49:12
198.50.250.134	attack	Automatic report - Port Scan	2020-05-15 07:11:38
185.143.75.81	attackbots	May 15 00:50:10 relay postfix/smtpd\[11987\]: warning: unknown\[185.143.75.81\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 15 00:50:25 relay postfix/smtpd\[10693\]: warning: unknown\[185.143.75.81\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 15 00:50:50 relay postfix/smtpd\[11987\]: warning: unknown\[185.143.75.81\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 15 00:51:01 relay postfix/smtpd\[27970\]: warning: unknown\[185.143.75.81\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 May 15 00:51:29 relay postfix/smtpd\[13415\]: warning: unknown\[185.143.75.81\]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 ...	2020-05-15 06:53:29
115.236.8.152	attack	Invalid user sentry from 115.236.8.152 port 47736	2020-05-15 06:51:52
217.175.35.72	attackspambots	Unauthorized IMAP connection attempt	2020-05-15 07:02:43

Recently Reported IPs

150.17.75.146	88.57.55.218	91.103.105.213	222.153.202.60
59.1.21.137	99.226.171.58	81.101.252.173	60.92.53.178
163.172.163.221	176.93.232.168	142.169.78.206	103.240.76.235
177.70.64.66	203.26.81.8	122.160.167.55	183.60.131.107
36.37.149.72	37.10.132.102	103.162.200.68	45.77.118.118