197.253.75.3 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Ghana

Internet Service Provider: Ghana Government

Hostname: unknown

Organization: unknown

Usage Type: Government

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbots	Aug 22 04:32:47 sachi sshd\[420\]: Invalid user db2fenc1 from 197.253.75.3 Aug 22 04:32:47 sachi sshd\[420\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ir.parliament.gh Aug 22 04:32:50 sachi sshd\[420\]: Failed password for invalid user db2fenc1 from 197.253.75.3 port 53160 ssh2 Aug 22 04:37:44 sachi sshd\[947\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ir.parliament.gh user=backup Aug 22 04:37:46 sachi sshd\[947\]: Failed password for backup from 197.253.75.3 port 41460 ssh2	2019-08-22 22:42:06
attack	Aug 22 01:07:32 lnxmysql61 sshd[31326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.75.3	2019-08-22 08:29:16
attackbotsspam	2019-07-29T17:36:14.013653abusebot-4.cloudsearch.cf sshd\[22844\]: Invalid user eg from 197.253.75.3 port 46802	2019-07-30 06:55:36

Type

Details

Datetime

attackbots

Aug 22 04:32:47 sachi sshd\[420\]: Invalid user db2fenc1 from 197.253.75.3
Aug 22 04:32:47 sachi sshd\[420\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ir.parliament.gh
Aug 22 04:32:50 sachi sshd\[420\]: Failed password for invalid user db2fenc1 from 197.253.75.3 port 53160 ssh2
Aug 22 04:37:44 sachi sshd\[947\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=ir.parliament.gh  user=backup
Aug 22 04:37:46 sachi sshd\[947\]: Failed password for backup from 197.253.75.3 port 41460 ssh2

2019-08-22 22:42:06

attack

Aug 22 01:07:32 lnxmysql61 sshd[31326]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=197.253.75.3

2019-08-22 08:29:16

attackbotsspam

2019-07-29T17:36:14.013653abusebot-4.cloudsearch.cf sshd\[22844\]: Invalid user eg from 197.253.75.3 port 46802

2019-07-30 06:55:36

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.253.75.3
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 12632
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;197.253.75.3.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019072901 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Jul 30 06:55:31 CST 2019
;; MSG SIZE  rcvd: 116

Host info

3.75.253.197.in-addr.arpa domain name pointer ir.parliament.gh.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
3.75.253.197.in-addr.arpa	name = ir.parliament.gh.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
66.249.155.245	attackspam	Dec 24 17:46:12 vps691689 sshd[22629]: Failed password for root from 66.249.155.245 port 58154 ssh2 Dec 24 17:48:16 vps691689 sshd[22640]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=66.249.155.245 ...	2019-12-25 04:12:31
115.79.141.10	attackbotsspam	Unauthorized connection attempt from IP address 115.79.141.10 on Port 445(SMB)	2019-12-25 04:22:52
156.220.233.243	attackspambots	Mirai and Reaper Exploitation Traffic	2019-12-25 04:24:02
195.154.119.75	attack	$f2bV_matches	2019-12-25 04:39:38
62.97.43.92	attack	firewall-block, port(s): 80/tcp	2019-12-25 04:43:13
104.131.178.223	attackbots	ssh failed login	2019-12-25 04:13:56
167.114.226.137	attack	Dec 24 20:42:08 srv206 sshd[16705]: Invalid user ingen from 167.114.226.137 ...	2019-12-25 04:35:41
185.183.120.29	attack	$f2bV_matches	2019-12-25 04:25:19
117.102.68.188	attackbotsspam	Dec 24 15:14:24 plusreed sshd[8226]: Invalid user jcarrion from 117.102.68.188 ...	2019-12-25 04:47:01
45.166.22.3	attackspambots	Unauthorized connection attempt from IP address 45.166.22.3 on Port 445(SMB)	2019-12-25 04:14:39
70.24.92.169	attack	firewall-block, port(s): 9000/tcp	2019-12-25 04:40:34
200.141.251.74	attackbots	Unauthorized connection attempt from IP address 200.141.251.74 on Port 445(SMB)	2019-12-25 04:33:56
165.22.35.21	attack	165.22.35.21 - - \[24/Dec/2019:17:41:26 +0100\] "POST /wp-login.php HTTP/1.0" 200 6597 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 165.22.35.21 - - \[24/Dec/2019:17:41:28 +0100\] "POST /wp-login.php HTTP/1.0" 200 6410 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 165.22.35.21 - - \[24/Dec/2019:17:41:29 +0100\] "POST /xmlrpc.php HTTP/1.0" 200 736 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-12-25 04:20:02
175.126.232.139	attackbotsspam	Time: Tue Dec 24 10:03:07 2019 -0500 IP: 175.126.232.139 (KR/South Korea/-) Failures: 20 (WordPressBruteForcePOST) Interval: 3600 seconds Blocked: Permanent Block	2019-12-25 04:42:57
169.255.4.8	attackbots	Unauthorized connection attempt from IP address 169.255.4.8 on Port 445(SMB)	2019-12-25 04:46:10

Recently Reported IPs

189.111.76.116	58.42.238.216	5.251.237.159	5.219.45.25
212.64.172.189	2.53.133.150	182.119.152.50	46.98.134.131
46.151.192.196	45.116.106.237	43.250.41.4	43.249.51.77
34.252.48.45	43.229.90.155	41.59.63.190	66.102.6.185
35.238.210.148	36.188.145.68	117.187.152.69	135.102.143.23