132.148.105.132

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): GoDaddy.com LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	WordPress (CMS) attack attempts. Date: 2020 Feb 08. 16:27:47 Source IP: 132.148.105.132 Portion of the log(s): 132.148.105.132 - [08/Feb/2020:16:27:46 +0100] "POST /wp-login.php HTTP/1.1" 200 2389 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:44 +0100] "POST /wp-login.php HTTP/1.1" 200 2388 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:42 +0100] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2394 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ....	2020-02-09 08:45:18
attack	Automatic report - XMLRPC Attack	2020-01-30 22:23:40
attackspambots	132.148.105.132 - - [28/Dec/2019:06:25:57 +0000] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [28/Dec/2019:06:25:57 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-12-28 17:34:54
attack	This client attempted to login to an administrator account on a Website, or abused from another resource.	2019-12-23 01:59:56
attackbots	xmlrpc attack	2019-12-04 20:15:02
attackbotsspam	132.148.105.132 - - [01/Aug/2019:15:23:04 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:05 +0200] "POST /wp-login.php HTTP/1.1" 200 1704 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:05 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:06 +0200] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:06 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:07 +0200] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" .	2019-08-02 01:35:53
attackspam	fail2ban honeypot	2019-07-28 21:38:59
attackbotsspam	132.148.105.132 - - [26/Jul/2019:01:04:25 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:25 +0200] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:26 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:27 +0200] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:27 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:28 +0200] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" .	2019-07-26 11:30:07
spambotsattack	Attemps multiple logins and sign ups on websites.	2019-07-06 13:10:57
attack	jannisjulius.de 132.148.105.132 \[04/Jul/2019:18:47:58 +0200\] "POST /wp-login.php HTTP/1.1" 200 6117 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" jannisjulius.de 132.148.105.132 \[04/Jul/2019:18:47:59 +0200\] "POST /wp-login.php HTTP/1.1" 200 6119 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-07-05 01:26:10
attackspambots	[munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:31 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:33 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:33 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:36 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:36 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:39 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.	2019-06-23 14:02:22

相同子网IP讨论:

IP	类型	评论内容	时间
132.148.105.129	attackspam	Attempt to hack Wordpress Login, XMLRPC or other login	2020-02-10 18:20:20
132.148.105.129	attack	$f2bV_matches	2020-02-09 21:06:13
132.148.105.129	attackspam	Automatic report - XMLRPC Attack	2020-01-03 16:41:28
132.148.105.129	attackspam	132.148.105.129 - - [02/Jan/2020:06:28:42 +0000] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.129 - - [02/Jan/2020:06:28:43 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-01-02 16:19:36
132.148.105.133	attack	fail2ban honeypot	2019-12-28 06:44:24
132.148.105.138	attackspam	Automatic report - XMLRPC Attack	2019-10-30 01:25:45
132.148.105.133	attackbots	Automatic report - XMLRPC Attack	2019-10-05 00:00:38
132.148.105.129	attack	WordPress XMLRPC scan :: 132.148.105.129 0.052 BYPASS [02/Aug/2019:09:24:40 1000] [censored_4] "POST /xmlrpc.php HTTP/1.1" 200 413 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-08-02 09:07:22
132.148.105.133	attackbotsspam	WP Authentication failure	2019-07-06 02:08:17

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 132.148.105.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31406
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;132.148.105.132.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019060800 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jun 08 19:36:04 CST 2019
;; MSG SIZE  rcvd: 119

HOST信息:

132.105.148.132.in-addr.arpa domain name pointer p3nlhg2166.shr.prod.phx3.secureserver.net.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
132.105.148.132.in-addr.arpa	name = p3nlhg2166.shr.prod.phx3.secureserver.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
31.46.16.95	attackbotsspam	Dec 13 19:58:56 lnxmysql61 sshd[8702]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=31.46.16.95	2019-12-14 03:07:49
106.12.10.203	attackspambots	DLink DSL Remote OS Command Injection Vulnerability, PTR: PTR record not found	2019-12-14 02:46:06
159.203.143.58	attackspam	Dec 13 16:27:37 XXX sshd[36004]: Invalid user www from 159.203.143.58 port 39894	2019-12-14 03:20:07
106.13.18.86	attack	Dec 14 00:13:48 areeb-Workstation sshd[2001]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.13.18.86 Dec 14 00:13:50 areeb-Workstation sshd[2001]: Failed password for invalid user humboldt from 106.13.18.86 port 45952 ssh2 ...	2019-12-14 03:20:43
128.199.218.137	attackspam	detected by Fail2Ban	2019-12-14 03:18:16
104.244.72.106	attackspam	19/12/13@13:34:05: FAIL: IoT-SSH address from=104.244.72.106 ...	2019-12-14 02:42:49
109.201.197.98	attackspam	Fail2Ban Ban Triggered	2019-12-14 02:50:06
176.107.10.89	attackspam	Dec 13 18:57:00 debian-2gb-vpn-nbg1-1 kernel: [630997.600065] [UFW BLOCK] IN=eth0 OUT= MAC=96:00:00:38:96:44:d2:74:7f:6e:37:e3:08:00 SRC=176.107.10.89 DST=78.46.192.101 LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=13715 DF PROTO=TCP SPT=49645 DPT=1433 WINDOW=8192 RES=0x00 SYN URGP=0	2019-12-14 03:19:46
51.83.98.104	attack	Dec 13 16:51:55 h2177944 sshd\[23193\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.104 user=daemon Dec 13 16:51:57 h2177944 sshd\[23193\]: Failed password for daemon from 51.83.98.104 port 53620 ssh2 Dec 13 16:57:12 h2177944 sshd\[23306\]: Invalid user macmartin from 51.83.98.104 port 33942 Dec 13 16:57:12 h2177944 sshd\[23306\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=51.83.98.104 ...	2019-12-14 03:11:35
222.186.180.223	attack	Dec 13 19:13:29 ip-172-31-62-245 sshd\[27941\]: Failed password for root from 222.186.180.223 port 14160 ssh2\ Dec 13 19:13:33 ip-172-31-62-245 sshd\[27941\]: Failed password for root from 222.186.180.223 port 14160 ssh2\ Dec 13 19:13:36 ip-172-31-62-245 sshd\[27941\]: Failed password for root from 222.186.180.223 port 14160 ssh2\ Dec 13 19:13:40 ip-172-31-62-245 sshd\[27941\]: Failed password for root from 222.186.180.223 port 14160 ssh2\ Dec 13 19:13:42 ip-172-31-62-245 sshd\[27941\]: Failed password for root from 222.186.180.223 port 14160 ssh2\	2019-12-14 03:15:25
106.12.100.73	attackbotsspam	Dec 13 20:06:50 MK-Soft-VM3 sshd[3425]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.100.73 Dec 13 20:06:52 MK-Soft-VM3 sshd[3425]: Failed password for invalid user guest from 106.12.100.73 port 42878 ssh2 ...	2019-12-14 03:17:05
129.211.99.69	attack	Dec 13 19:16:35 lnxmysql61 sshd[3946]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=129.211.99.69	2019-12-14 02:55:36
200.85.48.30	attackbotsspam	Dec 13 23:51:41 vibhu-HP-Z238-Microtower-Workstation sshd\[17406\]: Invalid user george87 from 200.85.48.30 Dec 13 23:51:41 vibhu-HP-Z238-Microtower-Workstation sshd\[17406\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.48.30 Dec 13 23:51:43 vibhu-HP-Z238-Microtower-Workstation sshd\[17406\]: Failed password for invalid user george87 from 200.85.48.30 port 56910 ssh2 Dec 14 00:00:02 vibhu-HP-Z238-Microtower-Workstation sshd\[19202\]: Invalid user ytrewqhgfdsa from 200.85.48.30 Dec 14 00:00:02 vibhu-HP-Z238-Microtower-Workstation sshd\[19202\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.85.48.30 ...	2019-12-14 02:41:06
175.207.13.200	attackbotsspam	Dec 13 23:35:18 gw1 sshd[13859]: Failed password for root from 175.207.13.200 port 58860 ssh2 ...	2019-12-14 03:08:29
195.22.239.238	attackbotsspam	xmlrpc attack	2019-12-14 03:12:52

最近上报的IP列表

130.220.207.43	209.76.18.230	91.121.112.70	107.203.166.184
182.127.91.175	62.59.172.247	77.225.26.65	60.2.195.213
216.223.49.139	46.66.62.224	2a03:3c00:a002:225::1	84.116.192.23
181.125.22.230	188.68.62.251	161.230.19.16	213.45.52.251
59.206.81.190	128.56.222.148	245.216.57.44	207.46.13.176