197.253.75.3 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Ghana

Internet Service Provider: Ghana Government

Hostname: unknown

Organization: unknown

Usage Type: Government

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Aug 22 04:32:47 sachi sshd\[420\]: Invalid user db2fenc1 from 197.253.75.3 Aug 22 04:32:47 sachi sshd\[420\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ir.parliament.gh Aug 22 04:32:50 sachi sshd\[420\]: Failed password for invalid user db2fenc1 from 197.253.75.3 port 53160 ssh2 Aug 22 04:37:44 sachi sshd\[947\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ir.parliament.gh user=backup Aug 22 04:37:46 sachi sshd\[947\]: Failed password for backup from 197.253.75.3 port 41460 ssh2	2019-08-22 22:42:06
attack	Aug 22 01:07:32 lnxmysql61 sshd[31326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.75.3	2019-08-22 08:29:16
attackbotsspam	2019-07-29T17:36:14.013653abusebot-4.cloudsearch.cf sshd\[22844\]: Invalid user eg from 197.253.75.3 port 46802	2019-07-30 06:55:36

Type

Details

Datetime

attackbots

Aug 22 04:32:47 sachi sshd\[420\]: Invalid user db2fenc1 from 197.253.75.3
Aug 22 04:32:47 sachi sshd\[420\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ir.parliament.gh
Aug 22 04:32:50 sachi sshd\[420\]: Failed password for invalid user db2fenc1 from 197.253.75.3 port 53160 ssh2
Aug 22 04:37:44 sachi sshd\[947\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ir.parliament.gh  user=backup
Aug 22 04:37:46 sachi sshd\[947\]: Failed password for backup from 197.253.75.3 port 41460 ssh2

2019-08-22 22:42:06

attack

Aug 22 01:07:32 lnxmysql61 sshd[31326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.75.3

2019-08-22 08:29:16

attackbotsspam

2019-07-29T17:36:14.013653abusebot-4.cloudsearch.cf sshd\[22844\]: Invalid user eg from 197.253.75.3 port 46802

2019-07-30 06:55:36

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.253.75.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12632
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;197.253.75.3.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019072901 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Jul 30 06:55:31 CST 2019
;; MSG SIZE  rcvd: 116

Host info

3.75.253.197.in-addr.arpa domain name pointer ir.parliament.gh.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
3.75.253.197.in-addr.arpa	name = ir.parliament.gh.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
118.107.130.93	attack	Sep 3 18:48:56 mellenthin postfix/smtpd[20979]: NOQUEUE: reject: RCPT from unknown[118.107.130.93]: 554 5.7.1 Service unavailable; Client host [118.107.130.93] blocked using zen.spamhaus.org; https://www.spamhaus.org/query/ip/118.107.130.93 / https://www.spamhaus.org/sbl/query/SBLCSS; from= to= proto=ESMTP helo=<118-107-130-91.snet.net.pk>	2020-09-04 22:26:28
54.209.204.136	attackspambots	SMTP Screen: 54.209.204.136 (United States): tried sending to 6 unknown recipients	2020-09-04 22:47:01
190.186.42.130	attackspam	Sep 4 16:39:25 lnxmysql61 sshd[4380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.186.42.130 Sep 4 16:39:25 lnxmysql61 sshd[4380]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.186.42.130 Sep 4 16:39:27 lnxmysql61 sshd[4380]: Failed password for invalid user admin from 190.186.42.130 port 16560 ssh2	2020-09-04 22:42:40
13.95.2.167	attackspam	port scan and connect, tcp 23 (telnet)	2020-09-04 22:53:55
175.157.93.47	attackbots	175.157.93.47 - - [03/Sep/2020:19:05:57 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 175.157.93.47 - - [03/Sep/2020:19:06:00 +0100] "POST /wp-login.php HTTP/1.1" 200 6170 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" 175.157.93.47 - - [03/Sep/2020:19:07:42 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)" ...	2020-09-04 22:17:28
46.229.168.161	attackbots	The IP has triggered Cloudflare WAF. CF-Ray: 5cccc2fddb99740d \| WAF_Rule_ID: 4c344d8609cf47c88674e7c5f743a22c \| WAF_Kind: firewall \| CF_Action: drop \| Country: US \| CF_IPClass: unknown \| Protocol: HTTP/1.1 \| Method: GET \| Host: www.wevg.org \| User-Agent: Mozilla/5.0 (compatible; SemrushBot/6~bl; +http://www.semrush.com/bot.html) \| CF_DC: IAD. Report generated by Cloudflare-WAF-to-AbuseIPDB (https://github.com/SukkaW/Cloudflare-WAF-to-AbuseIPDB).	2020-09-04 23:03:35
222.186.180.147	attackbots	Sep 4 16:41:18 server sshd[21616]: Failed none for root from 222.186.180.147 port 42060 ssh2 Sep 4 16:41:20 server sshd[21616]: Failed password for root from 222.186.180.147 port 42060 ssh2 Sep 4 16:41:25 server sshd[21616]: Failed password for root from 222.186.180.147 port 42060 ssh2	2020-09-04 22:42:12
212.60.66.145	attackspambots	WordPress Drone detected by safePassage	2020-09-04 22:19:39
51.103.142.75	attackbotsspam	(mod_security) mod_security (id:210492) triggered by 51.103.142.75 (CH/Switzerland/-): 5 in the last 3600 secs	2020-09-04 23:05:37
83.59.43.190	attack	Invalid user joel from 83.59.43.190 port 60372	2020-09-04 22:27:25
35.153.138.189	attack	via SMTP Screen: 35.153.138.189 (United States): tried sending to 6 unknown recipients	2020-09-04 23:04:29
190.181.86.212	attackbots	Sep 3 11:48:39 mailman postfix/smtpd[14029]: warning: unknown[190.181.86.212]: SASL PLAIN authentication failed: authentication failure	2020-09-04 22:45:26
41.232.149.241	attackspam	Port Scan detected! ...	2020-09-04 22:23:49
62.102.148.68	attack	Sep 4 09:34:46 www sshd\[13629\]: Invalid user admin from 62.102.148.68 Sep 4 09:34:48 www sshd\[13631\]: Invalid user admin from 62.102.148.68 ...	2020-09-04 22:43:02
183.237.191.186	attack	$f2bV_matches	2020-09-04 22:38:30

Recently Reported IPs

189.111.76.116	58.42.238.216	5.251.237.159	5.219.45.25
212.64.172.189	2.53.133.150	182.119.152.50	46.98.134.131
46.151.192.196	45.116.106.237	43.250.41.4	43.249.51.77
34.252.48.45	43.229.90.155	41.59.63.190	66.102.6.185
35.238.210.148	36.188.145.68	117.187.152.69	135.102.143.23