149.129.74.9 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Hong Kong

Internet Service Provider: AliCloud

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	WordPress wp-login brute force :: 149.129.74.9 0.060 BYPASS [21/Dec/2019:22:56:36 0000] [censored_4] "POST /wp-login.php HTTP/1.1" 200 2100 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-12-22 09:19:02
attackbots	149.129.74.9 - - [10/Dec/2019:10:52:08 +0100] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.129.74.9 - - [10/Dec/2019:10:52:10 +0100] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.129.74.9 - - [10/Dec/2019:10:52:11 +0100] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.129.74.9 - - [10/Dec/2019:10:52:12 +0100] "POST /wp-login.php HTTP/1.1" 200 1489 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.129.74.9 - - [10/Dec/2019:10:52:13 +0100] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.129.74.9 - - [10/Dec/2019:10:52:14 +0100] "POST /wp-login.php HTTP/1.1" 200 1491 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-12-10 20:23:46
attackspam	Automatic report - XMLRPC Attack	2019-12-08 19:50:24
attackbots	149.129.74.9 - - \[11/Nov/2019:09:13:54 +0100\] "POST /wp-login.php HTTP/1.0" 200 5269 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 149.129.74.9 - - \[11/Nov/2019:09:13:58 +0100\] "POST /wp-login.php HTTP/1.0" 200 5099 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 149.129.74.9 - - \[11/Nov/2019:09:14:02 +0100\] "POST /wp-login.php HTTP/1.0" 200 5093 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-11-11 18:16:54
attack	Detected by ModSecurity. Request URI: /wp-login.php/ip-redirect/	2019-10-18 16:13:47

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 149.129.74.9
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48315
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;149.129.74.9.			IN	A

;; AUTHORITY SECTION:
.			600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019101800 1800 900 604800 86400

;; Query time: 88 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Fri Oct 18 16:13:43 CST 2019
;; MSG SIZE  rcvd: 116

Host info

Host 9.74.129.149.in-addr.arpa. not found: 3(NXDOMAIN)

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

** server can't find 9.74.129.149.in-addr.arpa: NXDOMAIN

Related IP info:

Related comments:

IP	Type	Details	Datetime
194.181.146.66	attackbots	16.07.2019 02:03:44 SSH access blocked by firewall	2019-07-16 11:35:29
139.59.239.185	attackspambots	Jul 16 05:04:38 legacy sshd[30977]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.239.185 Jul 16 05:04:40 legacy sshd[30977]: Failed password for invalid user g from 139.59.239.185 port 39898 ssh2 Jul 16 05:13:03 legacy sshd[31197]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.59.239.185 ...	2019-07-16 11:32:20
80.211.238.5	attack	Jul 16 04:07:28 microserver sshd[7803]: Invalid user vargas from 80.211.238.5 port 47642 Jul 16 04:07:28 microserver sshd[7803]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.238.5 Jul 16 04:07:30 microserver sshd[7803]: Failed password for invalid user vargas from 80.211.238.5 port 47642 ssh2 Jul 16 04:14:32 microserver sshd[8881]: Invalid user deploy from 80.211.238.5 port 44834 Jul 16 04:14:32 microserver sshd[8881]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.238.5 Jul 16 04:28:45 microserver sshd[11305]: Invalid user git from 80.211.238.5 port 39206 Jul 16 04:28:45 microserver sshd[11305]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=80.211.238.5 Jul 16 04:28:48 microserver sshd[11305]: Failed password for invalid user git from 80.211.238.5 port 39206 ssh2 Jul 16 04:35:39 microserver sshd[12685]: Invalid user qiao from 80.211.238.5 port 36396 Jul 16 04:35:39 micro	2019-07-16 11:26:24
51.145.51.215	attackspambots	3389BruteforceFW22	2019-07-16 11:22:53
206.189.137.113	attackspam	Jul 16 05:14:08 mail sshd[19313]: Invalid user teamspeak from 206.189.137.113 ...	2019-07-16 11:18:29
23.228.101.194	attackspambots	PHP Injection Attack: Variables Found Matched phrase "$_POST" at ARGS:refiles[1]. PHP Injection Attack: High-Risk PHP Function Call Found Pattern match "(?i)\\b(?:s(?:e(?:t(?:_(?:e(?:xception\|rror)_handler\|magic_quotes_runtime\|include_path)\|defaultstub)\|ssion_s(?:et_save_handler\|tart))\|qlite_(?:(?:(?:unbuffered\|single\|array)_)?query\|create_(?:aggregate\|function)\|p?open\|exec)\|tr(?:eam_(?:context_create\| ..." at ARGS:refiles[1]. SQL Injection Attack Detected via libinjection Matched Data: sc found within REQUEST_HEADERS:Referer: 554fcae493e564ee0dc75bdf2ebf94caads\|a:2:{s:3:\x22num\x22;s:288:\x22/ union select 1,0x272f2a,3,4,5,6,7,8,0x7b24617364275D3B617373657274286261736536345F6465636F646528275A6D6C735A56397764585266593239756447567564484D6F4A325A6B5A334575634768774A79776E50443977614841675A585A686243676B583142505531526262475678645630704F79412F506963702729293B2F2F7D787878,10-- -\x22;s:2:\x22id\x22;s:3:\x22'/\x22;} PHP Injection Attack: PHP Open Tag Found Pattern ma	2019-07-16 11:06:20
185.153.198.204	attack	Restricted File Access Attempt Matched phrase "/.git/" at REQUEST_FILENAME.	2019-07-16 11:09:00
196.223.63.21	attack	Brute force RDP, port 3389	2019-07-16 11:11:07
174.138.56.93	attackspam	Attempted SSH login	2019-07-16 11:14:40
114.33.233.226	attackbotsspam	Jul 16 05:42:18 MK-Soft-Root2 sshd\[30143\]: Invalid user ht from 114.33.233.226 port 52686 Jul 16 05:42:18 MK-Soft-Root2 sshd\[30143\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=114.33.233.226 Jul 16 05:42:20 MK-Soft-Root2 sshd\[30143\]: Failed password for invalid user ht from 114.33.233.226 port 52686 ssh2 ...	2019-07-16 11:43:37
111.198.158.100	attackspambots	Web application attack detected by fail2ban	2019-07-16 11:16:00
91.213.240.200	attack	RDP Brute-Force (Grieskirchen RZ2)	2019-07-16 11:23:11
54.38.192.96	attackspam	Jul 16 05:05:49 SilenceServices sshd[29493]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.192.96 Jul 16 05:05:51 SilenceServices sshd[29493]: Failed password for invalid user web2 from 54.38.192.96 port 39668 ssh2 Jul 16 05:10:27 SilenceServices sshd[32420]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.38.192.96	2019-07-16 11:16:34
196.43.196.108	attackbotsspam	Jul 16 08:38:01 areeb-Workstation sshd\[25070\]: Invalid user he from 196.43.196.108 Jul 16 08:38:01 areeb-Workstation sshd\[25070\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=196.43.196.108 Jul 16 08:38:03 areeb-Workstation sshd\[25070\]: Failed password for invalid user he from 196.43.196.108 port 52070 ssh2 ...	2019-07-16 11:45:52
129.204.91.238	attackspam	port scan and connect, tcp 80 (http)	2019-07-16 11:37:18

Recently Reported IPs

196.75.234.229	60.29.190.202	89.228.227.213	14.207.66.162
150.223.5.3	195.154.102.209	185.54.154.25	46.98.48.122
151.31.216.41	50.47.109.245	111.17.171.198	200.107.236.167
118.190.103.114	52.221.54.107	118.78.53.150	203.81.71.183
94.64.83.34	159.89.19.171	113.107.67.122	162.158.167.192