201.149.12.249

Basic Info

City: Mexico City

Region: Mexico City

Country: Mexico

Internet Service Provider: Megacable Comunicaciones de Mexico S.A. de C.V.

Hostname: unknown

Organization: Megacable Comunicaciones de Mexico, S.A. de C.V.

Usage Type: Fixed Line ISP

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	Oct 6 07:49:41 localhost kernel: [4100400.740219] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=201.149.12.249 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27914 PROTO=TCP SPT=46810 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 Oct 6 07:49:41 localhost kernel: [4100400.740254] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=201.149.12.249 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27914 PROTO=TCP SPT=46810 DPT=445 SEQ=2518224073 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0	2019-10-06 20:06:51

Type

Details

Datetime

attack

Oct  6 07:49:41 localhost kernel: [4100400.740219] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=201.149.12.249 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27914 PROTO=TCP SPT=46810 DPT=445 WINDOW=1024 RES=0x00 SYN URGP=0 
Oct  6 07:49:41 localhost kernel: [4100400.740254] iptables_INPUT_denied: IN=eth0 OUT= MAC=f2:3c:91:84:83:95:84:78:ac:57:a8:41:08:00 SRC=201.149.12.249 DST=[mungedIP2] LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=27914 PROTO=TCP SPT=46810 DPT=445 SEQ=2518224073 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0

2019-10-06 20:06:51

Comments on same subnet:

IP	Type	Details	Datetime
201.149.127.58	attackbotsspam	Port Scan	2019-10-23 20:45:54
201.149.12.242	attack	445/tcp 445/tcp 445/tcp... [2019-04-27/06-26]15pkt,1pt.(tcp)	2019-06-26 23:08:39

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 201.149.12.249
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61130
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;201.149.12.249.			IN	A

;; AUTHORITY SECTION:
.			2945	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019032800 1800 900 604800 86400

;; Query time: 242 msec
;; SERVER: 183.60.82.98#53(183.60.82.98)
;; WHEN: Fri Mar 29 02:05:15 CST 2019
;; MSG SIZE  rcvd: 118

Host info

249.12.149.201.in-addr.arpa domain name pointer 249.12.149.201.in-addr.arpa.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
249.12.149.201.in-addr.arpa	name = 249.12.149.201.in-addr.arpa.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
195.154.191.180	attackspam	attempted connection to ports 443, 808, 8123	2020-03-08 14:10:56
104.131.58.179	attackspam	CMS (WordPress or Joomla) login attempt.	2020-03-08 14:25:42
150.136.236.53	attackbots	Mar 7 20:04:24 tdfoods sshd\[24098\]: Invalid user server from 150.136.236.53 Mar 7 20:04:24 tdfoods sshd\[24098\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.136.236.53 Mar 7 20:04:26 tdfoods sshd\[24098\]: Failed password for invalid user server from 150.136.236.53 port 58984 ssh2 Mar 7 20:08:59 tdfoods sshd\[24501\]: Invalid user youtube from 150.136.236.53 Mar 7 20:08:59 tdfoods sshd\[24501\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.136.236.53	2020-03-08 14:16:11
125.212.203.113	attack	Mar 8 07:47:31 server sshd\[15756\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.212.203.113 user=root Mar 8 07:47:32 server sshd\[15756\]: Failed password for root from 125.212.203.113 port 47930 ssh2 Mar 8 07:57:19 server sshd\[17662\]: Invalid user proftpd from 125.212.203.113 Mar 8 07:57:19 server sshd\[17662\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=125.212.203.113 Mar 8 07:57:21 server sshd\[17662\]: Failed password for invalid user proftpd from 125.212.203.113 port 35494 ssh2 ...	2020-03-08 14:38:01
165.227.26.69	attackbots	Mar 8 05:58:02 vpn01 sshd[5751]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.227.26.69 Mar 8 05:58:03 vpn01 sshd[5751]: Failed password for invalid user 123qqq from 165.227.26.69 port 51182 ssh2 ...	2020-03-08 14:11:20
157.230.244.13	attackbotsspam	Mar 7 22:50:10 dallas01 sshd[6305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.244.13 Mar 7 22:50:12 dallas01 sshd[6305]: Failed password for invalid user server from 157.230.244.13 port 50416 ssh2 Mar 7 22:56:48 dallas01 sshd[7119]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.244.13	2020-03-08 14:53:21
49.88.112.72	attack	Mar 8 07:09:30 eventyay sshd[22200]: Failed password for root from 49.88.112.72 port 34352 ssh2 Mar 8 07:10:22 eventyay sshd[22204]: Failed password for root from 49.88.112.72 port 22529 ssh2 ...	2020-03-08 14:44:10
95.70.9.33	attack	Brute force attempt	2020-03-08 14:19:18
37.59.57.87	attackspambots	WordPress login Brute force / Web App Attack on client site.	2020-03-08 14:47:50
222.128.14.106	attack	Mar 4 06:58:14 mout sshd[3889]: Invalid user guest from 222.128.14.106 port 65276 Mar 4 06:58:16 mout sshd[3889]: Failed password for invalid user guest from 222.128.14.106 port 65276 ssh2 Mar 8 05:58:02 mout sshd[9736]: Invalid user administrator from 222.128.14.106 port 11216	2020-03-08 14:12:52
61.53.232.2	attack	" "	2020-03-08 14:27:02
157.245.158.214	attackbotsspam	SSH login attempts.	2020-03-08 14:43:48
78.128.112.38	attack	03/07/2020-23:57:24.515251 78.128.112.38 Protocol: 6 ET SCAN NMAP -sS window 1024	2020-03-08 14:37:02
187.207.188.181	attackspam	Mar 7 23:55:30 ACSRAD auth.info sshd[26103]: Invalid user fabian from 187.207.188.181 port 37151 Mar 7 23:55:30 ACSRAD auth.info sshd[26103]: Failed password for invalid user fabian from 187.207.188.181 port 37151 ssh2 Mar 7 23:55:30 ACSRAD auth.info sshd[26103]: Received disconnect from 187.207.188.181 port 37151:11: Bye Bye [preauth] Mar 7 23:55:30 ACSRAD auth.info sshd[26103]: Disconnected from 187.207.188.181 port 37151 [preauth] Mar 7 23:55:31 ACSRAD auth.notice sshguard[1605]: Attack from "187.207.188.181" on service 100 whostnameh danger 10. Mar 7 23:55:31 ACSRAD auth.notice sshguard[1605]: Attack from "187.207.188.181" on service 100 whostnameh danger 10. Mar 7 23:55:31 ACSRAD auth.notice sshguard[1605]: Attack from "187.207.188.181" on service 100 whostnameh danger 10. Mar 7 23:55:31 ACSRAD auth.warn sshguard[1605]: Blocking "187.207.188.181/32" forever (3 attacks in 0 secs, after 2 abuses over 506 secs.) ........ ----------------------------------------------- https://www.blocklist.de/en/v	2020-03-08 14:43:16
222.186.180.17	attackspambots	Mar 8 05:58:08 ip-172-31-62-245 sshd\[1172\]: Failed password for root from 222.186.180.17 port 6702 ssh2\ Mar 8 05:58:12 ip-172-31-62-245 sshd\[1172\]: Failed password for root from 222.186.180.17 port 6702 ssh2\ Mar 8 05:58:15 ip-172-31-62-245 sshd\[1172\]: Failed password for root from 222.186.180.17 port 6702 ssh2\ Mar 8 05:58:19 ip-172-31-62-245 sshd\[1172\]: Failed password for root from 222.186.180.17 port 6702 ssh2\ Mar 8 05:58:22 ip-172-31-62-245 sshd\[1172\]: Failed password for root from 222.186.180.17 port 6702 ssh2\	2020-03-08 14:08:03

Recently Reported IPs

145.249.106.107	187.146.104.128	51.38.137.124	23.237.38.210
201.244.36.148	193.70.91.115	165.227.77.120	145.249.107.134
51.219.58.141	193.165.247.107	197.51.132.142	78.193.122.129
41.214.20.60	159.89.194.160	104.248.117.10	76.186.18.74
106.58.218.102	37.144.111.151	193.39.187.110	185.208.209.6