IP address

Passive DNS

Tags: Static IP IP in hostname Login attempts

IP blacklists

UCEPROTECT L1

201.149.53.243 is listed on the UCEPROTECT L1 blacklist.

Description: UCEPROTECT-NETWORK list of spam IPs.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-15 07:45:00.775000
Was present on blacklist at: 2025-05-11 23:45, 2025-05-12 07:45, 2025-05-12 15:45, 2025-05-12 23:45, 2025-05-13 07:45, 2025-05-13 15:45, 2025-05-13 23:45, 2025-05-14 07:45, 2025-05-14 15:45, 2025-05-14 23:45, 2025-05-15 07:45

DataPlane SSH login

201.149.53.243 is listed on the DataPlane SSH login blacklist.

Description: DataPlane.org is a community-powered Internet data, feeds,<br>and measurement resource for operators, by operators. IPs trying<br>an unsolicited login to a host using SSH password authentication.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-15 10:10:01.206000
Was present on blacklist at: 2025-05-13 02:10, 2025-05-13 06:10, 2025-05-13 10:10, 2025-05-13 14:10, 2025-05-13 18:10, 2025-05-13 22:10, 2025-05-14 02:10, 2025-05-14 06:10, 2025-05-14 10:10, 2025-05-14 14:10, 2025-05-14 18:10, 2025-05-14 22:10, 2025-05-15 02:10, 2025-05-15 06:10, 2025-05-15 10:10

blocklist.de SSH

201.149.53.243 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2025-05-15 10:05:05.430000
Was present on blacklist at: 2025-05-13 22:05, 2025-05-14 04:05, 2025-05-14 10:05, 2025-05-14 16:05, 2025-05-14 22:05, 2025-05-15 04:05, 2025-05-15 10:05

Spamhaus SBL CSS

201.149.53.243 is listed on the Spamhaus SBL CSS blacklist.

Description: The Spamhaus CSS is part of the SBL. CSS listings will have return code 127.0.0.3 to differentiate from regular SBL listings, which have return code 127.0.0.2.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-05-15 01:39:00.031000
Was present on blacklist at: 2025-05-15 01:39

Spamhaus XBL CBL

201.149.53.243 is listed on the Spamhaus XBL CBL blacklist.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2025-05-15 01:39:00.031000
Was present on blacklist at: 2025-05-15 01:39

Warden events (11)

2025-05-12: AttemptLogin (node.ce2b59): 2
2025-05-11: AttemptLogin (node.ce2b59): 5
2025-05-10: AttemptLogin (node.ce2b59): 2
2025-05-09: AttemptLogin (node.ce2b59): 1
2025-05-08: AttemptLogin (node.00aee5): 1

DShield reports (IP summary, reports)

2025-05-12: Number of reports: 23; Distinct targets: 10
2025-05-13: Number of reports: 28; Distinct targets: 14
2025-05-14: Number of reports: 34; Distinct targets: 20

Origin AS: AS14178 - LACNIC-14178
BGP Prefix: 201.149.52.0/23
geo: Mexico, Benito Juarez; 🕑 America/Mexico_City
hostname: service-static-149.53.243.mcm-telecom.com.mx
hostname_class: ['ip_in_hostname', 'static']
Address block ('inetnum' or 'NetRange' in whois database): 201.149.32.0 - 201.149.63.255
last_activity: 2025-05-12 17:04:22
last_warden_event: 2025-05-12 17:04:22
rep: 0.1532738095238095
reserved_range: 0
Shodan's InternetDB: Open ports: 21, 22, 111, 443, 5060; Tags: –; CPEs: cpe:/a:openssl:openssl:1.0.2k, cpe:/a:apache:http_server:2.4.6, cpe:/a:jquery:jquery, cpe:/a:openbsd:openssh:7.4
ts_added: 2025-05-08 01:38:52.460000
ts_last_update: 2025-05-15 10:15:23.026000

Warden event timeline

DShield event timeline

Presence on blacklists