173.249.49.134

Basic Info

City: unknown

Region: unknown

Country: Germany

Internet Service Provider: Contabo GmbH

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackbotsspam	Automatic report - Web App Attack	2019-07-01 01:10:08
attackbots	173.249.49.134 - - \[24/Jun/2019:06:45:59 +0200\] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 173.249.49.134 - - \[24/Jun/2019:06:45:59 +0200\] "POST /wp-login.php HTTP/1.1" 200 1704 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 173.249.49.134 - - \[24/Jun/2019:06:45:59 +0200\] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 173.249.49.134 - - \[24/Jun/2019:06:46:00 +0200\] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 173.249.49.134 - - \[24/Jun/2019:06:46:00 +0200\] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 173.249.49.134 - - \[24/Jun/2019:06:46:00 +0200\] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:6	2019-06-24 18:29:13
attackspam	[munged]::443 173.249.49.134 - - [23/Jun/2019:02:23:40 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 173.249.49.134 - - [23/Jun/2019:02:23:42 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 173.249.49.134 - - [23/Jun/2019:02:23:44 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 173.249.49.134 - - [23/Jun/2019:02:23:46 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 173.249.49.134 - - [23/Jun/2019:02:23:48 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 173.249.49.134 - - [23/Jun/2019:02:23:50 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11	2019-06-23 08:25:46
attackbots	173.249.49.134 - - \[21/Jun/2019:06:42:13 +0200\] "GET /wp-login.php HTTP/1.1" 200 1129 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 173.249.49.134 - - \[21/Jun/2019:06:42:14 +0200\] "POST /wp-login.php HTTP/1.1" 200 1524 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 173.249.49.134 - - \[21/Jun/2019:06:42:14 +0200\] "GET /wp-login.php HTTP/1.1" 200 1129 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 173.249.49.134 - - \[21/Jun/2019:06:42:14 +0200\] "POST /wp-login.php HTTP/1.1" 200 1507 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 173.249.49.134 - - \[21/Jun/2019:06:42:15 +0200\] "GET /wp-login.php HTTP/1.1" 200 1129 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" 173.249.49.134 - - \[21/Jun/2019:06:42:15 +0200\] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:6	2019-06-21 14:51:54

Comments on same subnet:

IP	Type	Details	Datetime
173.249.49.166	attackspam	firewall-block, port(s): 22/tcp	2020-05-22 23:43:51
173.249.49.120	attackbots	Automatic report - XMLRPC Attack	2020-02-11 19:04:53
173.249.49.120	attackspam	$f2bV_matches	2020-02-07 09:12:31
173.249.49.151	attackspambots	[Fri Nov 29 20:20:05.459328 2019] [:error] [pid 35864] [client 173.249.49.151:61000] [client 173.249.49.151] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "91"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "ws22vmsma01.ufn.edu.br"] [uri "/"] [unique_id "XeGnpZICVRuEv9IETbcuWwAAAAU"] ...	2019-11-30 08:09:20
173.249.49.151	attackbotsspam	Masscan Port Scanning Tool Detection (56115) PA	2019-11-29 16:10:53
173.249.49.1	attackspambots	web Attack on Website	2019-11-19 00:51:51
173.249.49.151	attack	MultiHost/MultiPort Probe, Scan, Hack -	2019-11-13 00:10:27
173.249.49.151	attack	Masscan Port Scanning Tool Detection	2019-11-12 04:13:35
173.249.49.151	attackspam	WEB Masscan Scanner Activity	2019-11-10 21:55:07
173.249.49.151	attackbots	WEB Masscan Scanner Activity	2019-11-06 05:57:37
173.249.49.99	attack	Sep 7 04:39:51 friendsofhawaii sshd\[15863\]: Invalid user 1 from 173.249.49.99 Sep 7 04:39:51 friendsofhawaii sshd\[15863\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.249.49.99 Sep 7 04:39:53 friendsofhawaii sshd\[15863\]: Failed password for invalid user 1 from 173.249.49.99 port 56020 ssh2 Sep 7 04:44:40 friendsofhawaii sshd\[16270\]: Invalid user 1q2w3e4r5t6y from 173.249.49.99 Sep 7 04:44:40 friendsofhawaii sshd\[16270\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.249.49.99	2019-09-07 23:08:58

Whois info:

Dig info:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 173.249.49.134
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 8927
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;173.249.49.134.			IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019061100 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Tue Jun 11 14:08:21 CST 2019
;; MSG SIZE  rcvd: 118

Host info

134.49.249.173.in-addr.arpa domain name pointer vmi182226.contaboserver.net.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
134.49.249.173.in-addr.arpa	name = vmi182226.contaboserver.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
190.1.137.236	attack	$f2bV_matches	2019-11-10 22:37:49
173.249.28.191	attackbots	WEB Masscan Scanner Activity	2019-11-10 22:38:10
173.239.37.139	attackbots	Nov 10 05:52:36 mail sshd\[34777\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=173.239.37.139 user=root ...	2019-11-10 21:57:32
178.128.236.202	attack	Wordpress login attempts	2019-11-10 22:42:40
41.223.58.67	attackbotsspam	2019-11-10T13:24:45.734714abusebot-8.cloudsearch.cf sshd\[19678\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.223.58.67 user=root	2019-11-10 21:57:08
132.232.93.195	attack	Nov 10 14:29:02 cp sshd[936]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=132.232.93.195	2019-11-10 22:22:16
182.61.185.144	attack	Nov 10 09:35:22 vps01 sshd[16444]: Failed password for root from 182.61.185.144 port 49260 ssh2	2019-11-10 22:01:13
167.250.48.1	attack	WEB Masscan Scanner Activity	2019-11-10 22:30:02
144.91.95.208	attack	144.91.95.208 was recorded 5 times by 2 hosts attempting to connect to the following ports: 5555,8888,3333,22222,4444. Incident counter (4h, 24h, all-time): 5, 5, 10	2019-11-10 21:59:04
45.143.220.37	attackspam	\[2019-11-10 09:10:49\] NOTICE\[2601\] chan_sip.c: Registration from '682 \' failed for '45.143.220.37:5060' - Wrong password \[2019-11-10 09:10:49\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-10T09:10:49.498-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="682",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.143.220.37/5060",Challenge="5b52b65d",ReceivedChallenge="5b52b65d",ReceivedHash="1fb9b1cc5074a64420f428d670ed9e9d" \[2019-11-10 09:11:52\] NOTICE\[2601\] chan_sip.c: Registration from '685 \' failed for '45.143.220.37:5060' - Wrong password \[2019-11-10 09:11:52\] SECURITY\[2634\] res_security_log.c: SecurityEvent="InvalidPassword",EventTV="2019-11-10T09:11:52.474-0500",Severity="Error",Service="SIP",EventVersion="2",AccountID="685",SessionID="0x7fdf2c003608",LocalAddress="IPV4/UDP/192.168.244.6/5060",RemoteAddress="IPV4/UDP/45.143.2	2019-11-10 22:18:36
71.183.100.76	attack	SPAM Delivery Attempt	2019-11-10 22:36:40
54.39.51.31	attackbots	Nov 10 17:04:42 gw1 sshd[15892]: Failed password for root from 54.39.51.31 port 49170 ssh2 Nov 10 17:08:13 gw1 sshd[15961]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=54.39.51.31 ...	2019-11-10 22:11:59
49.247.132.79	attackbots	Nov 10 11:35:38 hosting sshd[18674]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=49.247.132.79 user=root Nov 10 11:35:41 hosting sshd[18674]: Failed password for root from 49.247.132.79 port 57814 ssh2 ...	2019-11-10 22:05:09
182.71.127.252	attack	$f2bV_matches	2019-11-10 22:21:32
150.223.27.65	attackspambots	Nov 10 09:33:11 vmanager6029 sshd\[23783\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.223.27.65 user=root Nov 10 09:33:13 vmanager6029 sshd\[23783\]: Failed password for root from 150.223.27.65 port 58281 ssh2 Nov 10 09:37:38 vmanager6029 sshd\[23844\]: Invalid user uv from 150.223.27.65 port 43184 Nov 10 09:37:38 vmanager6029 sshd\[23844\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=150.223.27.65	2019-11-10 22:15:51

Recently Reported IPs

61.161.209.134	230.22.50.97	77.247.110.68	23.89.17.76
233.52.191.224	83.230.33.125	128.106.142.38	129.69.149.212
238.97.17.203	81.66.19.60	187.78.60.157	103.1.110.136
251.128.214.149	206.153.194.41	252.93.177.92	35.241.188.34
180.30.226.94	19.160.177.28	9.227.250.102	124.248.168.18