132.148.105.132

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): GoDaddy.com LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attack	WordPress (CMS) attack attempts. Date: 2020 Feb 08. 16:27:47 Source IP: 132.148.105.132 Portion of the log(s): 132.148.105.132 - [08/Feb/2020:16:27:46 +0100] "POST /wp-login.php HTTP/1.1" 200 2389 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:44 +0100] "POST /wp-login.php HTTP/1.1" 200 2388 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:42 +0100] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2394 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ....	2020-02-09 08:45:18
attack	Automatic report - XMLRPC Attack	2020-01-30 22:23:40
attackspambots	132.148.105.132 - - [28/Dec/2019:06:25:57 +0000] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [28/Dec/2019:06:25:57 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-12-28 17:34:54
attack	This client attempted to login to an administrator account on a Website, or abused from another resource.	2019-12-23 01:59:56
attackbots	xmlrpc attack	2019-12-04 20:15:02
attackbotsspam	132.148.105.132 - - [01/Aug/2019:15:23:04 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:05 +0200] "POST /wp-login.php HTTP/1.1" 200 1704 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:05 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:06 +0200] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:06 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:07 +0200] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" .	2019-08-02 01:35:53
attackspam	fail2ban honeypot	2019-07-28 21:38:59
attackbotsspam	132.148.105.132 - - [26/Jul/2019:01:04:25 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:25 +0200] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:26 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:27 +0200] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:27 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:28 +0200] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" .	2019-07-26 11:30:07
spambotsattack	Attemps multiple logins and sign ups on websites.	2019-07-06 13:10:57
attack	jannisjulius.de 132.148.105.132 \[04/Jul/2019:18:47:58 +0200\] "POST /wp-login.php HTTP/1.1" 200 6117 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0" jannisjulius.de 132.148.105.132 \[04/Jul/2019:18:47:59 +0200\] "POST /wp-login.php HTTP/1.1" 200 6119 "-" "Mozilla/5.0 $X11\; Ubuntu\; Linux x86_64\; rv:62.0$ Gecko/20100101 Firefox/62.0"	2019-07-05 01:26:10
attackspambots	[munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:31 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:33 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:33 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:36 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:36 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.105.132 - - [23/Jun/2019:06:24:39 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.	2019-06-23 14:02:22

相同子网IP讨论:

IP	类型	评论内容	时间
132.148.105.129	attackspam	Attempt to hack Wordpress Login, XMLRPC or other login	2020-02-10 18:20:20
132.148.105.129	attack	$f2bV_matches	2020-02-09 21:06:13
132.148.105.129	attackspam	Automatic report - XMLRPC Attack	2020-01-03 16:41:28
132.148.105.129	attackspam	132.148.105.129 - - [02/Jan/2020:06:28:42 +0000] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.129 - - [02/Jan/2020:06:28:43 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-01-02 16:19:36
132.148.105.133	attack	fail2ban honeypot	2019-12-28 06:44:24
132.148.105.138	attackspam	Automatic report - XMLRPC Attack	2019-10-30 01:25:45
132.148.105.133	attackbots	Automatic report - XMLRPC Attack	2019-10-05 00:00:38
132.148.105.129	attack	WordPress XMLRPC scan :: 132.148.105.129 0.052 BYPASS [02/Aug/2019:09:24:40 1000] [censored_4] "POST /xmlrpc.php HTTP/1.1" 200 413 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-08-02 09:07:22
132.148.105.133	attackbotsspam	WP Authentication failure	2019-07-06 02:08:17

WHOIS信息:

DIG信息:


; <<>> DiG 9.10.3-P4-Ubuntu <<>> 132.148.105.132
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 31406
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;132.148.105.132.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019060800 1800 900 604800 86400

;; Query time: 2 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Sat Jun 08 19:36:04 CST 2019
;; MSG SIZE  rcvd: 119

HOST信息:

132.105.148.132.in-addr.arpa domain name pointer p3nlhg2166.shr.prod.phx3.secureserver.net.

NSLOOKUP信息:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
132.105.148.132.in-addr.arpa	name = p3nlhg2166.shr.prod.phx3.secureserver.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
190.42.120.167	attackspam	1561378193 - 06/24/2019 19:09:53 Host: 190.42.120.167/190.42.120.167 Port: 23 TCP Blocked ...	2019-06-24 21:41:26
194.60.213.122	attack	Jun 24 13:52:47 tux postfix/smtpd[5371]: warning: hostname 122.213-net.prewifi.hostname does not resolve to address 194.60.213.122: Name or service not known Jun 24 13:52:47 tux postfix/smtpd[5371]: connect from unknown[194.60.213.122] Jun x@x Jun 24 13:52:49 tux postfix/smtpd[5371]: lost connection after RCPT from unknown[194.60.213.122] Jun 24 13:52:49 tux postfix/smtpd[5371]: disconnect from unknown[194.60.213.122] ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=194.60.213.122	2019-06-24 22:18:11
2.179.218.86	attackspambots	DATE:2019-06-24_14:08:31, IP:2.179.218.86, PORT:telnet Telnet brute force auth on honeypot server (honey-neo-dc)	2019-06-24 22:11:39
219.129.237.27	attack	445/tcp 445/tcp 445/tcp... [2019-05-29/06-24]8pkt,1pt.(tcp)	2019-06-24 21:30:17
107.170.249.231	attackbotsspam	24.06.2019 12:08:36 Connection to port 62063 blocked by firewall	2019-06-24 22:10:06
27.254.82.228	attack	WordPress login Brute force / Web App Attack on client site.	2019-06-24 22:20:50
103.206.118.95	attackbotsspam	Jun 24 13:50:25 mxgate1 postfix/postscreen[3075]: CONNECT from [103.206.118.95]:43686 to [176.31.12.44]:25 Jun 24 13:50:25 mxgate1 postfix/dnsblog[3078]: addr 103.206.118.95 listed by domain ix.dnsbl.xxxxxx.net as 127.0.0.2 Jun 24 13:50:25 mxgate1 postfix/dnsblog[3077]: addr 103.206.118.95 listed by domain zen.spamhaus.org as 127.0.0.11 Jun 24 13:50:25 mxgate1 postfix/dnsblog[3077]: addr 103.206.118.95 listed by domain zen.spamhaus.org as 127.0.0.4 Jun 24 13:50:25 mxgate1 postfix/dnsblog[3077]: addr 103.206.118.95 listed by domain zen.spamhaus.org as 127.0.0.3 Jun 24 13:50:25 mxgate1 postfix/dnsblog[3079]: addr 103.206.118.95 listed by domain cbl.abuseat.org as 127.0.0.2 Jun 24 13:50:25 mxgate1 postfix/dnsblog[3076]: addr 103.206.118.95 listed by domain bl.spamcop.net as 127.0.0.2 Jun 24 13:50:25 mxgate1 postfix/dnsblog[3080]: addr 103.206.118.95 listed by domain b.barracudacentral.org as 127.0.0.2 Jun 24 13:50:26 mxgate1 postfix/postscreen[3075]: PREGREET 17 after 0.49........ -------------------------------	2019-06-24 22:17:06
81.22.45.29	attackbots	Port scan on 8 port(s): 33340 33341 33343 33344 33348 33349 33350 33351	2019-06-24 22:22:11
218.102.211.235	attackbots	Jun 24 14:44:04 mail sshd\[6237\]: Invalid user developer from 218.102.211.235 Jun 24 14:44:04 mail sshd\[6237\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=218.102.211.235 Jun 24 14:44:05 mail sshd\[6237\]: Failed password for invalid user developer from 218.102.211.235 port 14392 ssh2 ...	2019-06-24 22:14:03
92.247.4.170	attack	NAME : SPNET CIDR : 92.247.0.0/21 \| STATUS : 200 ROBOT {Looking for resource vulnerabilities} DDoS Attack Bulgaria - block certain countries :) IP: 92.247.4.170 Denial-of-Service Attack (DoS) Detected and Blocked by ADMIN - data recovery https://help-dysk.pl	2019-06-24 22:01:08
200.117.185.230	attack	SSH-Bruteforce	2019-06-24 22:24:47
141.98.80.54	attackbots	2019-06-24 14:06:35 dovecot_login authenticator failed for $\[141.98.80.54\]$ \[141.98.80.54\]: 535 Incorrect authentication data $set_id=no-reply@opso.it$ 2019-06-24 14:06:47 dovecot_login authenticator failed for $\[141.98.80.54\]$ \[141.98.80.54\]: 535 Incorrect authentication data $set_id=no-reply$ 2019-06-24 14:11:23 dovecot_login authenticator failed for $\[141.98.80.54\]$ \[141.98.80.54\]: 535 Incorrect authentication data $set_id=no-reply@opso.it$ 2019-06-24 14:11:40 dovecot_login authenticator failed for $\[141.98.80.54\]$ \[141.98.80.54\]: 535 Incorrect authentication data $set_id=no-reply$ 2019-06-24 14:15:49 dovecot_login authenticator failed for $\[141.98.80.54\]$ \[141.98.80.54\]: 535 Incorrect authentication data $set_id=sales@opso.it$	2019-06-24 21:38:08
191.53.222.178	attackbotsspam	Jun 24 08:08:21 web1 postfix/smtpd[26703]: warning: unknown[191.53.222.178]: SASL PLAIN authentication failed: authentication failure ...	2019-06-24 22:15:45
41.84.131.10	attackspam	Jun 24 14:00:31 localhost sshd\[32292\]: Invalid user anu from 41.84.131.10 port 64854 Jun 24 14:00:31 localhost sshd\[32292\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=41.84.131.10 ...	2019-06-24 21:59:23
182.87.139.140	attackspambots	2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x 2019-06-24 x@x ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=182.87.139.140	2019-06-24 22:06:03

最近上报的IP列表

130.220.207.43	209.76.18.230	91.121.112.70	107.203.166.184
182.127.91.175	62.59.172.247	77.225.26.65	60.2.195.213
216.223.49.139	46.66.62.224	2a03:3c00:a002:225::1	84.116.192.23
181.125.22.230	188.68.62.251	161.230.19.16	213.45.52.251
59.206.81.190	128.56.222.148	245.216.57.44	207.46.13.176