132.148.105.138

基本信息:

城市(city): unknown

省份(region): unknown

国家(country): United States

运营商(isp): GoDaddy.com LLC

主机名(hostname): unknown

机构(organization): unknown

使用类型(Usage Type): Data Center/Web Hosting/Transit

用户上报:

点此参与IP信息讨论

类型	评论内容	时间
attackspam	Automatic report - XMLRPC Attack	2019-10-30 01:25:45

相同子网IP讨论:

IP	类型	评论内容	时间
132.148.105.129	attackspam	Attempt to hack Wordpress Login, XMLRPC or other login	2020-02-10 18:20:20
132.148.105.129	attack	$f2bV_matches	2020-02-09 21:06:13
132.148.105.132	attack	WordPress (CMS) attack attempts. Date: 2020 Feb 08. 16:27:47 Source IP: 132.148.105.132 Portion of the log(s): 132.148.105.132 - [08/Feb/2020:16:27:46 +0100] "POST /wp-login.php HTTP/1.1" 200 2389 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:44 +0100] "POST /wp-login.php HTTP/1.1" 200 2388 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:42 +0100] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:40 +0100] "POST /wp-login.php HTTP/1.1" 200 2394 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - [08/Feb/2020:16:27:38 +0100] "POST /wp-login.php HTTP/1.1" 200 2385 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ....	2020-02-09 08:45:18
132.148.105.132	attack	Automatic report - XMLRPC Attack	2020-01-30 22:23:40
132.148.105.129	attackspam	Automatic report - XMLRPC Attack	2020-01-03 16:41:28
132.148.105.129	attackspam	132.148.105.129 - - [02/Jan/2020:06:28:42 +0000] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.129 - - [02/Jan/2020:06:28:43 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-01-02 16:19:36
132.148.105.132	attackspambots	132.148.105.132 - - [28/Dec/2019:06:25:57 +0000] "POST /wp-login.php HTTP/1.1" 200 6393 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [28/Dec/2019:06:25:57 +0000] "POST /xmlrpc.php HTTP/1.1" 200 403 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2019-12-28 17:34:54
132.148.105.133	attack	fail2ban honeypot	2019-12-28 06:44:24
132.148.105.132	attack	This client attempted to login to an administrator account on a Website, or abused from another resource.	2019-12-23 01:59:56
132.148.105.132	attackbots	xmlrpc attack	2019-12-04 20:15:02
132.148.105.133	attackbots	Automatic report - XMLRPC Attack	2019-10-05 00:00:38
132.148.105.129	attack	WordPress XMLRPC scan :: 132.148.105.129 0.052 BYPASS [02/Aug/2019:09:24:40 1000] [censored_4] "POST /xmlrpc.php HTTP/1.1" 200 413 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2019-08-02 09:07:22
132.148.105.132	attackbotsspam	132.148.105.132 - - [01/Aug/2019:15:23:04 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:05 +0200] "POST /wp-login.php HTTP/1.1" 200 1704 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:05 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:06 +0200] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:06 +0200] "GET /wp-login.php HTTP/1.1" 200 1301 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [01/Aug/2019:15:23:07 +0200] "POST /wp-login.php HTTP/1.1" 200 1710 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" .	2019-08-02 01:35:53
132.148.105.132	attackspam	fail2ban honeypot	2019-07-28 21:38:59
132.148.105.132	attackbotsspam	132.148.105.132 - - [26/Jul/2019:01:04:25 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:25 +0200] "POST /wp-login.php HTTP/1.1" 200 1503 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:26 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:27 +0200] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:27 +0200] "GET /wp-login.php HTTP/1.1" 200 1122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.105.132 - - [26/Jul/2019:01:04:28 +0200] "POST /wp-login.php HTTP/1.1" 200 1486 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" .	2019-07-26 11:30:07

WHOIS信息:

DIG信息:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 132.148.105.138
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 23183
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;132.148.105.138.		IN	A

;; AUTHORITY SECTION:
.			597	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019102901 1800 900 604800 86400

;; Query time: 110 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 30 01:25:40 CST 2019
;; MSG SIZE  rcvd: 119

HOST信息:

138.105.148.132.in-addr.arpa domain name pointer p3nlhg2172.shr.prod.phx3.secureserver.net.

NSLOOKUP信息:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
138.105.148.132.in-addr.arpa	name = p3nlhg2172.shr.prod.phx3.secureserver.net.

Authoritative answers can be found from:

最新评论:

IP	类型	评论内容	时间
49.236.195.48	attack	Nov 6 00:52:18 vpn01 sshd[15943]: Failed password for root from 49.236.195.48 port 52128 ssh2 ...	2019-11-06 08:04:41
45.136.110.24	attackbots	Nov 6 00:05:40 h2177944 kernel: \[5870782.767611\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.110.24 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=8035 PROTO=TCP SPT=47877 DPT=47289 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 6 00:18:02 h2177944 kernel: \[5871524.668095\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.110.24 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=50604 PROTO=TCP SPT=47877 DPT=58689 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 6 00:20:39 h2177944 kernel: \[5871682.443339\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.110.24 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=249 ID=25753 PROTO=TCP SPT=47877 DPT=29689 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 6 00:30:37 h2177944 kernel: \[5872279.736712\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.110.24 DST=85.214.117.9 LEN=40 TOS=0x00 PREC=0x00 TTL=248 ID=63283 PROTO=TCP SPT=47877 DPT=35089 WINDOW=1024 RES=0x00 SYN URGP=0 Nov 6 00:48:46 h2177944 kernel: \[5873368.569353\] \[UFW BLOCK\] IN=venet0 OUT= MAC= SRC=45.136.110.24 DST=85.214.11	2019-11-06 08:05:55
81.22.45.159	attackbotsspam	81.22.45.159 was recorded 5 times by 4 hosts attempting to connect to the following ports: 62358,62390,62327,62357,62313. Incident counter (4h, 24h, all-time): 5, 35, 123	2019-11-06 08:07:24
165.22.148.76	attack	Nov 5 17:48:24 ny01 sshd[12912]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.148.76 Nov 5 17:48:26 ny01 sshd[12912]: Failed password for invalid user Green@123 from 165.22.148.76 port 40604 ssh2 Nov 5 17:52:20 ny01 sshd[13251]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.148.76	2019-11-06 08:05:13
213.32.28.162	attack	Nov 6 00:20:00 vps01 sshd[25275]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.32.28.162 Nov 6 00:20:02 vps01 sshd[25275]: Failed password for invalid user cyrus from 213.32.28.162 port 56352 ssh2	2019-11-06 08:35:17
123.234.219.226	attack	2019-11-05T22:36:45.266866abusebot-5.cloudsearch.cf sshd\[31672\]: Invalid user lee from 123.234.219.226 port 33586	2019-11-06 08:09:06
222.186.180.223	attackspam	Nov 5 13:54:40 web1 sshd\[17302\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.223 user=root Nov 5 13:54:42 web1 sshd\[17302\]: Failed password for root from 222.186.180.223 port 20858 ssh2 Nov 5 13:54:46 web1 sshd\[17302\]: Failed password for root from 222.186.180.223 port 20858 ssh2 Nov 5 13:54:50 web1 sshd\[17302\]: Failed password for root from 222.186.180.223 port 20858 ssh2 Nov 5 13:55:06 web1 sshd\[17345\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.186.180.223 user=root	2019-11-06 07:56:57
222.127.97.91	attackbotsspam	Nov 5 17:35:52 srv3 sshd\[5296\]: Invalid user bandit from 222.127.97.91 Nov 5 17:35:52 srv3 sshd\[5296\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=222.127.97.91 Nov 5 17:35:54 srv3 sshd\[5296\]: Failed password for invalid user bandit from 222.127.97.91 port 14520 ssh2 ...	2019-11-06 08:36:07
119.10.115.36	attackbotsspam	2019-11-06T00:06:26.040056shield sshd\[26444\]: Invalid user cactiuser from 119.10.115.36 port 54715 2019-11-06T00:06:26.044147shield sshd\[26444\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.115.36 2019-11-06T00:06:27.958076shield sshd\[26444\]: Failed password for invalid user cactiuser from 119.10.115.36 port 54715 ssh2 2019-11-06T00:11:50.624167shield sshd\[27407\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=119.10.115.36 user=root 2019-11-06T00:11:52.352252shield sshd\[27407\]: Failed password for root from 119.10.115.36 port 39963 ssh2	2019-11-06 08:33:57
119.205.220.98	attackspam	Nov 6 00:36:58 * sshd[16874]: Failed password for root from 119.205.220.98 port 58436 ssh2	2019-11-06 08:11:43
190.246.155.29	attack	Nov 5 13:48:50 web1 sshd\[16782\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.246.155.29 user=root Nov 5 13:48:52 web1 sshd\[16782\]: Failed password for root from 190.246.155.29 port 37930 ssh2 Nov 5 13:53:26 web1 sshd\[17208\]: Invalid user pe from 190.246.155.29 Nov 5 13:53:26 web1 sshd\[17208\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=190.246.155.29 Nov 5 13:53:27 web1 sshd\[17208\]: Failed password for invalid user pe from 190.246.155.29 port 47428 ssh2	2019-11-06 08:03:02
200.166.197.34	attackspambots	Nov 5 23:06:53 mh1361109 sshd[33837]: Invalid user teamspeak from 200.166.197.34 Nov 5 23:06:53 mh1361109 sshd[33837]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.166.197.34 Nov 5 23:06:55 mh1361109 sshd[33837]: Failed password for invalid user teamspeak from 200.166.197.34 port 53680 ssh2 Nov 5 23:29:40 mh1361109 sshd[35363]: Invalid user database from 200.166.197.34 Nov 5 23:29:40 mh1361109 sshd[35363]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=200.166.197.34 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=200.166.197.34	2019-11-06 08:08:18
104.40.8.62	attackbots	Nov 5 18:04:21 ny01 sshd[15017]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.40.8.62 Nov 5 18:04:23 ny01 sshd[15017]: Failed password for invalid user Ar$$2016 from 104.40.8.62 port 20480 ssh2 Nov 5 18:08:20 ny01 sshd[15388]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=104.40.8.62	2019-11-06 08:25:53
113.193.30.98	attackspambots	Nov 5 14:12:13 hpm sshd\[1068\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.193.30.98 user=root Nov 5 14:12:15 hpm sshd\[1068\]: Failed password for root from 113.193.30.98 port 29413 ssh2 Nov 5 14:16:03 hpm sshd\[1403\]: Invalid user mc2server from 113.193.30.98 Nov 5 14:16:03 hpm sshd\[1403\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=113.193.30.98 Nov 5 14:16:05 hpm sshd\[1403\]: Failed password for invalid user mc2server from 113.193.30.98 port 37321 ssh2	2019-11-06 08:23:28
221.217.52.21	attackbots	F2B jail: sshd. Time: 2019-11-06 00:49:01, Reported by: VKReport	2019-11-06 08:11:17

最近上报的IP列表

10.88.242.67	227.41.54.79	25.111.211.254	210.178.68.70
190.1.250.72	83.135.232.138	5.13.67.180	126.62.234.173
165.135.9.79	60.231.114.2	43.208.133.8	108.246.59.74
52.155.10.48	222.206.224.222	13.196.33.136	132.101.21.13
184.24.154.190	2604:a880:2:d1::9c:e001	172.222.9.9	135.185.202.62