201.111.142.253

Basic Info

City: unknown

Region: unknown

Country: Mexico

Internet Service Provider: unknown

Hostname: unknown

Organization: unknown

Usage Type: unknown

Comments:

Make a comment on this IP

No discussion about this IP yet. Click above link to make one.

Comments on same subnet:

IP	Type	Details	Datetime
201.111.142.145	attackspambots	Invalid user smbguest from 201.111.142.145 port 49616	2020-05-30 07:24:31
201.111.142.145	attackspam	May 24 16:04:42 legacy sshd[454]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.111.142.145 May 24 16:04:44 legacy sshd[454]: Failed password for invalid user kfp from 201.111.142.145 port 43232 ssh2 May 24 16:09:15 legacy sshd[503]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.111.142.145 ...	2020-05-24 23:37:09
201.111.142.145	attack	May 23 20:19:13 dax sshd[20996]: warning: /etc/hosts.deny, line 15136: can't verify hostname: getaddrinfo(dup-201-111-142-145.prod-dial.com.mx, AF_INET) failed May 23 20:19:14 dax sshd[20996]: reveeclipse mapping checking getaddrinfo for dup-201-111-142-145.prod-dial.com.mx [201.111.142.145] failed - POSSIBLE BREAK-IN ATTEMPT! May 23 20:19:14 dax sshd[20996]: Invalid user vte from 201.111.142.145 May 23 20:19:14 dax sshd[20996]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=201.111.142.145 May 23 20:19:15 dax sshd[20996]: Failed password for invalid user vte from 201.111.142.145 port 50490 ssh2 May 23 20:19:16 dax sshd[20996]: Received disconnect from 201.111.142.145: 11: Bye Bye [preauth] May 23 20:31:15 dax sshd[22898]: warning: /etc/hosts.deny, line 15136: can't verify hostname: getaddrinfo(dup-201-111-142-145.prod-dial.com.mx, AF_INET) failed May 23 20:31:17 dax sshd[22898]: reveeclipse mapping checking getaddrinfo for dup-........ -------------------------------	2020-05-24 15:48:58
201.111.142.145	attackspambots	SSH/22 MH Probe, BF, Hack -	2020-05-24 06:18:18
201.111.142.131	attackbotsspam	SMB Server BruteForce Attack	2019-08-10 19:04:16

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 201.111.142.253
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 1349
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;201.111.142.253.		IN	A

;; AUTHORITY SECTION:
.			595	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2022021300 1800 900 604800 86400

;; Query time: 59 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Feb 13 16:33:23 CST 2022
;; MSG SIZE  rcvd: 108

Host info

253.142.111.201.in-addr.arpa domain name pointer dup-201-111-142-253.prod-dial.com.mx.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
253.142.111.201.in-addr.arpa	name = dup-201-111-142-253.prod-dial.com.mx.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
222.186.180.6	attack	May 1 01:12:22 pve1 sshd[5430]: Failed password for root from 222.186.180.6 port 52296 ssh2 May 1 01:12:27 pve1 sshd[5430]: Failed password for root from 222.186.180.6 port 52296 ssh2 ...	2020-05-01 07:26:06
112.85.42.89	attackspam	May 1 00:38:19 PorscheCustomer sshd[31400]: Failed password for root from 112.85.42.89 port 30447 ssh2 May 1 00:42:11 PorscheCustomer sshd[31486]: Failed password for root from 112.85.42.89 port 50578 ssh2 ...	2020-05-01 07:41:12
181.48.70.246	attackbots	Honeypot attack, port: 445, PTR: PTR record not found	2020-05-01 07:12:01
13.66.16.96	attack	Apr 29 17:29:03 ntop sshd[14256]: Did not receive identification string from 13.66.16.96 port 38688 Apr 29 17:29:54 ntop sshd[14538]: User r.r from 13.66.16.96 not allowed because not listed in AllowUsers Apr 29 17:29:54 ntop sshd[14538]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.66.16.96 user=r.r Apr 29 17:29:56 ntop sshd[14538]: Failed password for invalid user r.r from 13.66.16.96 port 48008 ssh2 Apr 29 17:29:57 ntop sshd[14538]: Received disconnect from 13.66.16.96 port 48008:11: Normal Shutdown, Thank you for playing [preauth] Apr 29 17:29:57 ntop sshd[14538]: Disconnected from invalid user r.r 13.66.16.96 port 48008 [preauth] Apr 29 17:31:26 ntop sshd[15300]: User r.r from 13.66.16.96 not allowed because not listed in AllowUsers Apr 29 17:31:26 ntop sshd[15300]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=13.66.16.96 user=r.r Apr 29 17:31:28 ntop sshd[15300]: Failed pass........ -------------------------------	2020-05-01 07:44:27
198.55.96.147	attack	Brute-force attempt banned	2020-05-01 07:38:41
193.112.191.228	attack	May 1 00:28:58 Ubuntu-1404-trusty-64-minimal sshd\[20039\]: Invalid user mongodb from 193.112.191.228 May 1 00:28:58 Ubuntu-1404-trusty-64-minimal sshd\[20039\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.191.228 May 1 00:29:00 Ubuntu-1404-trusty-64-minimal sshd\[20039\]: Failed password for invalid user mongodb from 193.112.191.228 port 40510 ssh2 May 1 00:37:34 Ubuntu-1404-trusty-64-minimal sshd\[28358\]: Invalid user dal from 193.112.191.228 May 1 00:37:34 Ubuntu-1404-trusty-64-minimal sshd\[28358\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.112.191.228	2020-05-01 07:25:04
49.235.218.147	attack	SSH brute force attempt	2020-05-01 07:45:41
110.93.200.118	attack	SSH bruteforce	2020-05-01 07:17:30
213.180.203.176	attackbots	[Fri May 01 03:53:10.021279 2020] [:error] [pid 26085:tid 140125603071744] [client 213.180.203.176:53658] [client 213.180.203.176] ModSecurity: Access denied with code 403 (phase 2). Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/etc/modsecurity/owasp-modsecurity-crs-3.2.0/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "696"] [id "920350"] [msg "Host header is a numeric IP address"] [data "103.27.207.197"] [severity "WARNING"] [ver "OWASP_CRS/3.2.0"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "OWASP_CRS"] [tag "OWASP_CRS/PROTOCOL_VIOLATION/IP_HOST"] [tag "WASCTC/WASC-21"] [tag "OWASP_TOP_10/A7"] [tag "PCI/6.5.10"] [hostname "103.27.207.197"] [uri "/"] [unique_id "Xqs6tvMlxl4BPw63518gsQAAAfE"] ...	2020-05-01 07:13:56
195.3.146.113	attackbots	Multiport scan : 43 ports scanned 1112 1222 2008 2327 3304 3334 3336 3401 4010 4490 4501 4541 4545 4577 4949 4991 5003 5151 5231 5400 5476 5923 5960 6265 6746 6827 7003 7782 8005 9033 10004 10100 11110 11117 11986 12222 15412 33803 33806 33877 33881 50389 51111	2020-05-01 07:19:19
41.65.138.3	attackbotsspam	445/tcp 445/tcp [2020-03-23/04-30]2pkt	2020-05-01 07:14:24
167.172.153.137	attackbotsspam	2020-05-01T00:46:54.895754struts4.enskede.local sshd\[7237\]: Invalid user nagios from 167.172.153.137 port 38936 2020-05-01T00:46:54.902478struts4.enskede.local sshd\[7237\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.137 2020-05-01T00:46:58.244050struts4.enskede.local sshd\[7237\]: Failed password for invalid user nagios from 167.172.153.137 port 38936 ssh2 2020-05-01T00:53:58.328832struts4.enskede.local sshd\[7251\]: Invalid user Lobby from 167.172.153.137 port 51162 2020-05-01T00:53:58.337646struts4.enskede.local sshd\[7251\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=167.172.153.137 ...	2020-05-01 07:46:23
45.238.65.178	attackspam	445/tcp 445/tcp 445/tcp [2020-04-23/30]3pkt	2020-05-01 07:13:05
91.82.61.167	attackspam	Automatic report - Port Scan Attack	2020-05-01 07:39:53
122.51.209.252	attack	May 1 00:49:54 mout sshd[8523]: Invalid user marjorie from 122.51.209.252 port 56108	2020-05-01 07:37:00

Recently Reported IPs

201.113.121.147	201.116.146.98	201.116.145.194	201.111.97.120
201.111.92.146	201.114.44.212	201.121.112.249	201.121.155.168
201.123.133.123	201.122.44.69	201.121.80.181	201.121.25.130
201.123.60.240	201.123.198.244	201.124.173.141	201.127.128.227
201.124.47.188	201.123.233.63	201.127.36.242	201.128.130.87