149.56.30.149 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Canada

Internet Service Provider: OVH Hosting Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	wp-login.php	2019-09-22 04:13:49
attack	149.56.30.149 - - [17/Sep/2019:18:00:29 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.56.30.149 - - [17/Sep/2019:18:00:30 +0200] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.56.30.149 - - [17/Sep/2019:18:00:30 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "POST /wp-login.php HTTP/1.1" 200 1489 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "POST /wp-login.php HTTP/1.1" 200 1491 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-09-18 00:03:06

Type

Details

Datetime

attack

wp-login.php

2019-09-22 04:13:49

attack

149.56.30.149 - - [17/Sep/2019:18:00:29 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.56.30.149 - - [17/Sep/2019:18:00:30 +0200] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.56.30.149 - - [17/Sep/2019:18:00:30 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "POST /wp-login.php HTTP/1.1" 200 1489 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "POST /wp-login.php HTTP/1.1" 200 1491 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

2019-09-18 00:03:06

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 149.56.30.149
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36347
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;149.56.30.149.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091700 1800 900 604800 86400

;; Query time: 87 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Sep 18 00:02:46 CST 2019
;; MSG SIZE  rcvd: 117

Host info

149.30.56.149.in-addr.arpa domain name pointer 149-56-30-149.ip.parts.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
149.30.56.149.in-addr.arpa	name = 149-56-30-149.ip.parts.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
218.18.101.84	attack	Jun 25 06:03:55 vmd17057 sshd[4425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.18.101.84 Jun 25 06:03:57 vmd17057 sshd[4425]: Failed password for invalid user ag from 218.18.101.84 port 37994 ssh2 ...	2020-06-25 14:50:10
198.181.45.215	attackspambots	Jun 24 22:51:49 server1 sshd\[32459\]: Invalid user business from 198.181.45.215 Jun 24 22:51:49 server1 sshd\[32459\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.181.45.215 Jun 24 22:51:51 server1 sshd\[32459\]: Failed password for invalid user business from 198.181.45.215 port 49602 ssh2 Jun 24 22:58:43 server1 sshd\[4671\]: Invalid user saroj from 198.181.45.215 Jun 24 22:58:43 server1 sshd\[4671\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=198.181.45.215 ...	2020-06-25 14:08:34
52.187.200.207	attackspambots	Jun 25 07:44:57 abendstille sshd\[5901\]: Invalid user jenkins from 52.187.200.207 Jun 25 07:44:57 abendstille sshd\[5901\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.200.207 Jun 25 07:44:59 abendstille sshd\[5901\]: Failed password for invalid user jenkins from 52.187.200.207 port 42682 ssh2 Jun 25 07:49:17 abendstille sshd\[10673\]: Invalid user admin from 52.187.200.207 Jun 25 07:49:17 abendstille sshd\[10673\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=52.187.200.207 ...	2020-06-25 14:14:14
140.143.247.30	attack	Jun 25 00:54:15 firewall sshd[30558]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.247.30 Jun 25 00:54:15 firewall sshd[30558]: Invalid user omnix from 140.143.247.30 Jun 25 00:54:17 firewall sshd[30558]: Failed password for invalid user omnix from 140.143.247.30 port 39984 ssh2 ...	2020-06-25 14:39:51
182.75.216.74	attack	Invalid user lene from 182.75.216.74 port 28030	2020-06-25 14:45:59
187.85.159.147	attackspam	Automatic report - Port Scan Attack	2020-06-25 14:21:04
20.185.106.195	attackspambots	SSH_attack	2020-06-25 14:29:45
128.199.197.161	attackbotsspam	Jun 25 13:27:49 webhost01 sshd[18575]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=128.199.197.161 Jun 25 13:27:51 webhost01 sshd[18575]: Failed password for invalid user ftpadmin from 128.199.197.161 port 49052 ssh2 ...	2020-06-25 14:36:45
145.239.196.14	attackspambots	Jun 25 04:57:01 ip-172-31-61-156 sshd[23219]: Failed password for invalid user user0 from 145.239.196.14 port 48630 ssh2 Jun 25 04:56:59 ip-172-31-61-156 sshd[23219]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=145.239.196.14 Jun 25 04:56:59 ip-172-31-61-156 sshd[23219]: Invalid user user0 from 145.239.196.14 Jun 25 04:57:01 ip-172-31-61-156 sshd[23219]: Failed password for invalid user user0 from 145.239.196.14 port 48630 ssh2 Jun 25 04:59:55 ip-172-31-61-156 sshd[23298]: Invalid user ftpuser1 from 145.239.196.14 ...	2020-06-25 14:07:23
45.6.26.13	attackbots	Suspicious access to SMTP/POP/IMAP services.	2020-06-25 14:41:38
185.53.88.247	attack	Port scanning [3 denied]	2020-06-25 14:19:34
141.98.9.156	attackspambots	Bruteforce, DDOS, Scanning Port, SSH Bruteforce every second using random IP.	2020-06-25 14:18:59
61.160.96.90	attack	Jun 25 07:51:16 nextcloud sshd\[9711\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.96.90 user=root Jun 25 07:51:18 nextcloud sshd\[9711\]: Failed password for root from 61.160.96.90 port 6114 ssh2 Jun 25 07:54:10 nextcloud sshd\[13149\]: Invalid user hanson from 61.160.96.90 Jun 25 07:54:10 nextcloud sshd\[13149\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=61.160.96.90	2020-06-25 14:35:31
56.169.25.6	normal	Everything ok	2020-06-25 14:40:33
49.233.183.15	attack	Jun 25 05:54:14 santamaria sshd\[7364\]: Invalid user csc from 49.233.183.15 Jun 25 05:54:14 santamaria sshd\[7364\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.233.183.15 Jun 25 05:54:16 santamaria sshd\[7364\]: Failed password for invalid user csc from 49.233.183.15 port 58058 ssh2 ...	2020-06-25 14:40:52

Recently Reported IPs

51.91.37.17	200.6.232.202	190.89.111.166	191.189.30.241
30.170.58.229	116.52.20.193	178.62.77.224	42.58.207.210
85.70.99.16	156.81.166.88	108.166.33.21	211.159.3.253
18.116.114.83	180.120.192.106	65.18.122.228	149.154.65.180
34.66.213.132	95.183.53.13	183.83.5.1	123.36.26.255