197.221.254.2 - IPInfo

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): Zimbabwe

运营商(isp): Telone Pvt Ltd

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): unknown

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspambots	Lines containing failures of 197.221.254.2 Jul 13 16:57:36 mellenthin postfix/smtpd[5323]: connect from unknown[197.221.254.2] Jul x@x Jul 13 16:57:45 mellenthin postfix/smtpd[5323]: lost connection after DATA from unknown[197.221.254.2] Jul 13 16:57:45 mellenthin postfix/smtpd[5323]: disconnect from unknown[197.221.254.2] ehlo=1 mail=1 rcpt=0/1 data=0/1 commands=2/4 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.2	2019-07-14 08:02:14

类型

评论内容

时间

attackspambots

Lines containing failures of 197.221.254.2
Jul 13 16:57:36 mellenthin postfix/smtpd[5323]: connect from unknown[197.221.254.2]
Jul x@x
Jul 13 16:57:45 mellenthin postfix/smtpd[5323]: lost connection after DATA from unknown[197.221.254.2]
Jul 13 16:57:45 mellenthin postfix/smtpd[5323]: disconnect from unknown[197.221.254.2] ehlo=1 mail=1 rcpt=0/1 data=0/1 commands=2/4


........
-----------------------------------------------
https://www.blocklist.de/en/view.html?ip=197.221.254.2

2019-07-14 08:02:14

相同子网IP讨论:

IP	类型	评论内容	时间
197.221.254.22	attack	Port Scan detected! ...	2020-07-14 08:05:45
197.221.254.235	attack	Logged onto my email	2020-07-05 03:55:10
197.221.254.235	attackspam	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-05-29 06:30:57
197.221.254.79	attack	Fail2Ban - HTTP Auth Bruteforce Attempt	2020-05-12 05:24:46
197.221.254.176	attackbotsspam	2019-03-12 20:37:49 H=$16.176.telone.co.zw$ \[197.221.254.176\]:25129 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-12 20:38:40 H=$16.176.telone.co.zw$ \[197.221.254.176\]:25137 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed 2019-03-12 20:39:11 H=$16.176.telone.co.zw$ \[197.221.254.176\]:25138 I=\[193.107.88.166\]:25 F=\ rejected RCPT \: Sender verify failed ...	2020-01-30 04:45:43
197.221.254.63	attack	Unauthorized connection attempt detected from IP address 197.221.254.63 to port 445	2019-12-11 21:32:25
197.221.254.96	attack	2019-11-20 14:13:49 H=(16.96.telone.co.zw) [197.221.254.96]:6050 I=[10.100.18.22]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.96) 2019-11-20 14:13:49 unexpected disconnection while reading SMTP command from (16.96.telone.co.zw) [197.221.254.96]:6050 I=[10.100.18.22]:25 (error: Connection reset by peer) 2019-11-20 15:33:34 H=(16.96.telone.co.zw) [197.221.254.96]:6523 I=[10.100.18.22]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.96) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.96	2019-11-21 00:42:21
197.221.254.6	attackspambots	2019-11-20 15:12:24 H=(16.6.telone.co.zw) [197.221.254.6]:31578 I=[10.100.18.25]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.6) 2019-11-20 15:12:25 unexpected disconnection while reading SMTP command from (16.6.telone.co.zw) [197.221.254.6]:31578 I=[10.100.18.25]:25 (error: Connection reset by peer) 2019-11-20 15:29:34 H=(16.6.telone.co.zw) [197.221.254.6]:31622 I=[10.100.18.25]:25 F=: Host/domain is listed in RBL cbl.abuseat.org (Blocked - see hxxp://www.abuseat.org/lookup.cgi?ip=197.221.254.6) ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=197.221.254.6	2019-11-20 22:54:01
197.221.254.40	attack	firewall-block, port(s): 1433/tcp	2019-11-20 00:40:13
197.221.254.172	attackspambots	Hello! As you may have noticed, I sent you an email from your account. This means that I have full access to your device. I've been watching you for a few months now. The fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I will explain. Trojan Virus gives me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have access to all your contacts and all your correspondence. Why your antivirus did not detect malware? Answer: My malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left half of the screen, and in the right half you see the video that you watched. With one click of the mouse, I can send this video to all your emails and contacts on social networks...	2019-10-13 06:30:27
197.221.254.157	attack	Spam	2019-08-14 23:36:14

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 197.221.254.2
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 18659
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;197.221.254.2.			IN	A

;; AUTHORITY SECTION:
.			2356	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019071301 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sun Jul 14 08:02:07 CST 2019
;; MSG SIZE  rcvd: 117

HOST信息:

2.254.221.197.in-addr.arpa domain name pointer 16.2.telone.co.zw.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
2.254.221.197.in-addr.arpa	name = 16.2.telone.co.zw.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
180.123.226.61	attack	$f2bV_matches	2019-08-03 14:10:54
200.241.37.82	attackspam	Aug 3 07:08:39 s64-1 sshd[11379]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.241.37.82 Aug 3 07:08:41 s64-1 sshd[11379]: Failed password for invalid user laboratory from 200.241.37.82 port 56002 ssh2 Aug 3 07:14:24 s64-1 sshd[11489]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.241.37.82 ...	2019-08-03 14:34:25
91.215.199.97	attackbotsspam	[portscan] Port scan	2019-08-03 14:06:12
185.220.101.7	attack	Aug 3 08:10:28 bouncer sshd\[11071\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=185.220.101.7 user=root Aug 3 08:10:30 bouncer sshd\[11071\]: Failed password for root from 185.220.101.7 port 36505 ssh2 Aug 3 08:10:32 bouncer sshd\[11071\]: Failed password for root from 185.220.101.7 port 36505 ssh2 ...	2019-08-03 14:31:54
41.190.153.35	attack	Aug 3 01:42:45 plusreed sshd[1203]: Invalid user egarcia from 41.190.153.35 ...	2019-08-03 14:09:24
185.200.118.73	attackspambots	1194/udp 1723/tcp 1080/tcp... [2019-06-28/08-03]36pkt,3pt.(tcp),1pt.(udp)	2019-08-03 14:23:45
217.41.31.72	attack	Invalid user reward from 217.41.31.72 port 35558	2019-08-03 14:20:19
119.109.149.253	attackspam	Unauthorised access (Aug 3) SRC=119.109.149.253 LEN=40 TTL=49 ID=43196 TCP DPT=23 WINDOW=51619 SYN	2019-08-03 14:49:58
195.3.147.47	attackbots	Aug 3 06:51:48 herz-der-gamer sshd[30787]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.3.147.47 user=root Aug 3 06:51:50 herz-der-gamer sshd[30787]: Failed password for root from 195.3.147.47 port 25263 ssh2 ...	2019-08-03 14:17:11
118.25.128.19	attackbots	Invalid user user from 118.25.128.19 port 50002	2019-08-03 14:20:56
59.125.53.191	attackbots	Portscan or hack attempt detected by psad/fwsnort	2019-08-03 14:12:46
168.63.44.201	attackbots	$f2bV_matches	2019-08-03 13:53:22
180.159.3.46	attackbotsspam	Aug 2 21:16:01 fv15 sshd[19510]: Failed password for invalid user toshi from 180.159.3.46 port 54716 ssh2 Aug 2 21:16:01 fv15 sshd[19510]: Received disconnect from 180.159.3.46: 11: Bye Bye [preauth] Aug 2 21:52:03 fv15 sshd[7669]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.159.3.46 user=r.r Aug 2 21:52:05 fv15 sshd[7669]: Failed password for r.r from 180.159.3.46 port 41518 ssh2 Aug 2 21:52:05 fv15 sshd[7669]: Received disconnect from 180.159.3.46: 11: Bye Bye [preauth] Aug 2 21:57:39 fv15 sshd[16899]: Failed password for invalid user usuario from 180.159.3.46 port 53878 ssh2 Aug 2 21:57:39 fv15 sshd[16899]: Received disconnect from 180.159.3.46: 11: Bye Bye [preauth] Aug 2 22:01:39 fv15 sshd[1170]: Failed password for invalid user gus from 180.159.3.46 port 37958 ssh2 Aug 2 22:01:39 fv15 sshd[1170]: Received disconnect from 180.159.3.46: 11: Bye Bye [preauth] Aug 2 22:05:30 fv15 sshd[1500]: Failed password fo........ -------------------------------	2019-08-03 14:13:58
195.64.213.136	attackspambots	[portscan] Port scan	2019-08-03 14:33:16
51.89.188.88	attack	Aug 2 18:38:00 plesk sshd[10703]: Invalid user weed from 51.89.188.88 Aug 2 18:38:03 plesk sshd[10703]: Failed password for invalid user weed from 51.89.188.88 port 35628 ssh2 Aug 2 18:38:03 plesk sshd[10703]: Received disconnect from 51.89.188.88: 11: Bye Bye [preauth] Aug 2 18:48:41 plesk sshd[11000]: Invalid user student01 from 51.89.188.88 Aug 2 18:48:43 plesk sshd[11000]: Failed password for invalid user student01 from 51.89.188.88 port 40906 ssh2 Aug 2 18:48:43 plesk sshd[11000]: Received disconnect from 51.89.188.88: 11: Bye Bye [preauth] Aug 2 18:53:30 plesk sshd[11091]: Invalid user db2prod from 51.89.188.88 Aug 2 18:53:32 plesk sshd[11091]: Failed password for invalid user db2prod from 51.89.188.88 port 37174 ssh2 Aug 2 18:53:32 plesk sshd[11091]: Received disconnect from 51.89.188.88: 11: Bye Bye [preauth] Aug 2 18:58:01 plesk sshd[11190]: Failed password for r.r from 51.89.188.88 port 33440 ssh2 Aug 2 18:58:01 plesk sshd[11190]: Received disconnec........ -------------------------------	2019-08-03 14:03:02

最近上报的IP列表

109.75.37.9	117.69.30.138	105.112.50.72	170.82.22.45
78.190.215.155	60.178.47.102	178.63.53.43	5.153.187.232
45.118.188.44	49.148.216.113	85.202.56.87	187.101.236.171
190.38.165.84	190.3.130.107	180.252.31.122	37.32.41.168
61.19.40.38	88.114.86.83	187.8.168.57	134.209.169.72