149.56.30.149 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: Canada

Internet Service Provider: OVH Hosting Inc.

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attack	wp-login.php	2019-09-22 04:13:49
attack	149.56.30.149 - - [17/Sep/2019:18:00:29 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.56.30.149 - - [17/Sep/2019:18:00:30 +0200] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.56.30.149 - - [17/Sep/2019:18:00:30 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "POST /wp-login.php HTTP/1.1" 200 1489 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "POST /wp-login.php HTTP/1.1" 200 1491 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-09-18 00:03:06

Type

Details

Datetime

attack

wp-login.php

2019-09-22 04:13:49

attack

149.56.30.149 - - [17/Sep/2019:18:00:29 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.56.30.149 - - [17/Sep/2019:18:00:30 +0200] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.56.30.149 - - [17/Sep/2019:18:00:30 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "POST /wp-login.php HTTP/1.1" 200 1489 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
149.56.30.149 - - [17/Sep/2019:18:00:31 +0200] "POST /wp-login.php HTTP/1.1" 200 1491 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

2019-09-18 00:03:06

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 149.56.30.149
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 36347
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;149.56.30.149.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019091700 1800 900 604800 86400

;; Query time: 87 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Sep 18 00:02:46 CST 2019
;; MSG SIZE  rcvd: 117

Host info

149.30.56.149.in-addr.arpa domain name pointer 149-56-30-149.ip.parts.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
149.30.56.149.in-addr.arpa	name = 149-56-30-149.ip.parts.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
165.227.122.251	attack	2019-11-16T16:22:05.066254abusebot-5.cloudsearch.cf sshd\[30206\]: Invalid user applmgr from 165.227.122.251 port 50298	2019-11-17 06:14:18
103.106.32.230	attack	proto=tcp . spt=56339 . dpt=25 . (Found on Blocklist de Nov 15) (623)	2019-11-17 05:58:36
180.68.177.15	attackbotsspam	2019-11-16 20:49:07,104 fail2ban.actions \[14488\]: NOTICE \[sshd\] Ban 180.68.177.15 2019-11-16 21:20:12,670 fail2ban.actions \[14488\]: NOTICE \[sshd\] Ban 180.68.177.15 2019-11-16 21:55:16,616 fail2ban.actions \[14488\]: NOTICE \[sshd\] Ban 180.68.177.15 2019-11-16 22:27:55,221 fail2ban.actions \[14488\]: NOTICE \[sshd\] Ban 180.68.177.15 2019-11-16 23:06:18,221 fail2ban.actions \[14488\]: NOTICE \[sshd\] Ban 180.68.177.15 ...	2019-11-17 06:08:28
70.65.174.69	attack	SSH bruteforce	2019-11-17 06:30:20
203.160.174.214	attack	2019-11-16T21:33:32.668577abusebot-5.cloudsearch.cf sshd\[32171\]: Invalid user woju from 203.160.174.214 port 58314	2019-11-17 06:21:31
113.162.190.106	attack	Nov 16 15:45:03 MK-Soft-VM4 sshd[23122]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.162.190.106 Nov 16 15:45:04 MK-Soft-VM4 sshd[23122]: Failed password for invalid user admin from 113.162.190.106 port 58872 ssh2 ...	2019-11-17 05:52:32
140.143.157.207	attackspam	Nov 16 19:33:42 server sshd\[11868\]: Invalid user heimo from 140.143.157.207 Nov 16 19:33:42 server sshd\[11868\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.157.207 Nov 16 19:33:44 server sshd\[11868\]: Failed password for invalid user heimo from 140.143.157.207 port 34256 ssh2 Nov 16 19:49:30 server sshd\[15840\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=140.143.157.207 user=root Nov 16 19:49:33 server sshd\[15840\]: Failed password for root from 140.143.157.207 port 51940 ssh2 ...	2019-11-17 06:01:01
148.66.135.178	attackspam	Invalid user oobc from 148.66.135.178 port 42216 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.66.135.178 Failed password for invalid user oobc from 148.66.135.178 port 42216 ssh2 Invalid user nesa from 148.66.135.178 port 50176 pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=148.66.135.178	2019-11-17 06:17:25
59.180.235.3	attack	Automatic report - Banned IP Access	2019-11-17 05:57:30
112.230.76.167	attack	Nov 16 15:44:01 ks10 sshd[4897]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.230.76.167 ...	2019-11-17 06:27:36
96.57.28.210	attack	sshd jail - ssh hack attempt	2019-11-17 06:10:35
81.171.85.101	attackspambots	\[2019-11-16 16:44:27\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:60009' - Wrong password \[2019-11-16 16:44:27\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-16T16:44:27.956-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="9220",SessionID="0x7fdf2c4868a8",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85.101/60009",Challenge="7b97aa0b",ReceivedChallenge="7b97aa0b",ReceivedHash="de79b1b6a07d89c28a93ac3bc27be57c" \[2019-11-16 16:44:28\] NOTICE\[2601\] chan_sip.c: Registration from '\' failed for '81.171.85.101:60403' - Wrong password \[2019-11-16 16:44:28\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-16T16:44:28.990-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="9993",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/81.171.85	2019-11-17 05:59:43
180.215.209.212	attack	Nov 16 15:42:49 Invalid user web from 180.215.209.212 port 50644	2019-11-17 05:53:18
149.56.141.193	attack	Nov 16 10:05:34 hpm sshd\[5704\]: Invalid user stamos from 149.56.141.193 Nov 16 10:05:34 hpm sshd\[5704\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.ip-149-56-141.net Nov 16 10:05:36 hpm sshd\[5704\]: Failed password for invalid user stamos from 149.56.141.193 port 46544 ssh2 Nov 16 10:09:12 hpm sshd\[6085\]: Invalid user ts from 149.56.141.193 Nov 16 10:09:12 hpm sshd\[6085\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=193.ip-149-56-141.net	2019-11-17 06:27:10
223.145.127.194	attackspam	IP Ban Report : https://help-dysk.pl/wordpress-firewall-plugins/ip/223.145.127.194/ CN - 1H : (652) Protection Against DDoS WordPress plugin : "odzyskiwanie danych help-dysk" IP Address Ranges by Country : CN NAME ASN : ASN4134 IP : 223.145.127.194 CIDR : 223.144.0.0/12 PREFIX COUNT : 5430 UNIQUE IP COUNT : 106919680 ATTACKS DETECTED ASN4134 : 1H - 12 3H - 25 6H - 61 12H - 140 24H - 284 DateTime : 2019-11-16 15:44:08 INFO : Port Scan TELNET Detected and Blocked by ADMIN - data recovery	2019-11-17 06:23:17

Recently Reported IPs

51.91.37.17	200.6.232.202	190.89.111.166	191.189.30.241
30.170.58.229	116.52.20.193	178.62.77.224	42.58.207.210
85.70.99.16	156.81.166.88	108.166.33.21	211.159.3.253
18.116.114.83	180.120.192.106	65.18.122.228	149.154.65.180
34.66.213.132	95.183.53.13	183.83.5.1	123.36.26.255