132.148.141.147

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: GoDaddy.com LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspambots	Attempt to hack Wordpress Login, XMLRPC or other login	2020-08-27 20:33:12
attackspam	Website login hacking attempts.	2020-08-26 22:47:17
attackbotsspam	132.148.141.147 - - [26/Aug/2020:10:58:04 +0100] "POST /wp/wp-login.php HTTP/1.1" 200 1865 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [26/Aug/2020:10:58:11 +0100] "POST /wp/wp-login.php HTTP/1.1" 200 1857 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [26/Aug/2020:10:58:12 +0100] "POST /wp/xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-26 18:10:54
attack	132.148.141.147 - - [15/Aug/2020:15:28:12 +0100] "POST /wp-login.php HTTP/1.1" 200 1969 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [15/Aug/2020:15:28:14 +0100] "POST /wp-login.php HTTP/1.1" 200 1977 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [15/Aug/2020:15:28:16 +0100] "POST /wp-login.php HTTP/1.1" 200 1972 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-08-16 00:10:53
attackspambots	/wp-login.php	2020-08-15 00:25:01
attackbotsspam	notenfalter.de 132.148.141.147 [08/Aug/2020:12:34:39 +0200] "POST /wp-login.php HTTP/1.1" 200 6193 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" notenfalter.de 132.148.141.147 [08/Aug/2020:12:34:40 +0200] "POST /xmlrpc.php HTTP/1.1" 200 4122 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-08-08 19:44:28
attackbotsspam	Trolling for resource vulnerabilities	2020-07-25 06:42:05
attackbots	Trolling for resource vulnerabilities	2020-07-21 13:33:57
attackbotsspam	CMS (WordPress or Joomla) login attempt.	2020-07-07 15:47:25
attackbotsspam	132.148.141.147 - - [04/Jul/2020:19:53:50 +0100] "POST /wp-login.php HTTP/1.1" 200 1998 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [04/Jul/2020:19:53:53 +0100] "POST /wp-login.php HTTP/1.1" 200 2046 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [04/Jul/2020:19:54:06 +0100] "POST /wp-login.php HTTP/1.1" 200 2048 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-05 04:03:04
attackbots	132.148.141.147 - - [03/Jul/2020:14:02:39 +0200] "POST /xmlrpc.php HTTP/1.1" 403 613 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [03/Jul/2020:14:16:06 +0200] "POST /xmlrpc.php HTTP/1.1" 403 15231 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-07-04 00:33:19
attackbots	"XSS Attack Detected via libinjection - Matched Data: XSS data found within ARGS_NAMES:	2020-06-30 01:04:18
attackbots	132.148.141.147 - - [27/Jun/2020:12:16:04 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [27/Jun/2020:12:16:05 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [27/Jun/2020:12:16:06 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-27 20:02:07
attack	132.148.141.147 - - [24/Jun/2020:09:26:17 +0200] "GET /wp-login.php HTTP/1.1" 200 6060 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [24/Jun/2020:09:26:18 +0200] "POST /wp-login.php HTTP/1.1" 200 6311 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [24/Jun/2020:09:26:20 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-06-24 17:30:27
attackbots	Automatic report - XMLRPC Attack	2020-06-16 01:31:20
attackbots	Automatic report - XMLRPC Attack	2020-06-01 08:00:32
attackspam	CMS (WordPress or Joomla) login attempt.	2020-05-22 07:46:49
attackspambots	xmlrpc attack	2020-05-10 06:47:53
attackspam	Automatic report - Banned IP Access	2020-04-27 07:02:39
attackspambots	132.148.141.147 - - [26/Apr/2020:14:03:54 +0200] "GET /wp-login.php HTTP/1.1" 200 5686 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [26/Apr/2020:14:03:57 +0200] "POST /wp-login.php HTTP/1.1" 200 5937 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.141.147 - - [26/Apr/2020:14:03:59 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-04-26 20:37:40
attack	HTTP/80/443/8080 Probe, BF, WP, Hack -	2020-04-20 04:37:35
attack	Automatic report - WordPress Brute Force	2020-04-13 13:51:29
attack	WordPress login Brute force / Web App Attack on client site.	2020-02-25 20:59:35
attackbots	Automatic report - XMLRPC Attack	2019-12-10 16:37:04
attackbotsspam	Automatic report - XMLRPC Attack	2019-12-09 00:38:45
attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2019-11-08 16:48:35
attackbotsspam	WordPress login Brute force / Web App Attack on client site.	2019-11-02 00:07:54
attack	fail2ban honeypot	2019-10-23 19:57:45
attackbots	Looking for resource vulnerabilities	2019-10-20 05:51:44
attack	xmlrpc attack	2019-09-20 08:30:01

Comments on same subnet:

IP	Type	Details	Datetime
132.148.141.93	attackspam	wp xmlrpc	2019-08-20 10:00:09

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 132.148.141.147
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47366
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;132.148.141.147.		IN	A

;; AUTHORITY SECTION:
.			3600	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019082701 1800 900 604800 86400

;; Query time: 3 msec
;; SERVER: 67.207.67.2#53(67.207.67.2)
;; WHEN: Wed Aug 28 04:37:27 CST 2019
;; MSG SIZE  rcvd: 119

Host info

147.141.148.132.in-addr.arpa domain name pointer ip-132-148-141-147.ip.secureserver.net.

Nslookup info:

Server:		67.207.67.2
Address:	67.207.67.2#53

Non-authoritative answer:
147.141.148.132.in-addr.arpa	name = ip-132-148-141-147.ip.secureserver.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
211.22.158.74	attackbotsspam	SCAN: Host Sweep CloudCIX Reconnaissance Scan Detected, PTR: 211-22-158-74.HINET-IP.hinet.net.	2020-09-04 18:26:22
128.199.223.178	attack	128.199.223.178 - - [04/Sep/2020:11:29:22 +0100] "POST /wp-login.php HTTP/1.1" 200 2230 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 128.199.223.178 - - [04/Sep/2020:11:29:25 +0100] "POST /wp-login.php HTTP/1.1" 200 2181 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 128.199.223.178 - - [04/Sep/2020:11:29:27 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-04 18:47:19
106.54.133.103	attackspam	Invalid user prueba from 106.54.133.103 port 38544	2020-09-04 18:36:28
194.67.210.77	attackspambots	Automated report (2020-09-04T13:25:33+08:00). Faked user agent detected.	2020-09-04 18:58:34
213.141.131.22	attackspambots	2020-09-04T14:17:06.914543paragon sshd[123011]: Invalid user xavier from 213.141.131.22 port 60208 2020-09-04T14:17:06.918693paragon sshd[123011]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=213.141.131.22 2020-09-04T14:17:06.914543paragon sshd[123011]: Invalid user xavier from 213.141.131.22 port 60208 2020-09-04T14:17:08.742066paragon sshd[123011]: Failed password for invalid user xavier from 213.141.131.22 port 60208 ssh2 2020-09-04T14:19:36.854548paragon sshd[123059]: Invalid user usuario from 213.141.131.22 port 44834 ...	2020-09-04 18:41:19
47.74.3.113	attackspam	TCP ports : 13650 / 14534 / 24922 / 28538	2020-09-04 19:02:32
190.203.28.182	attackbots	Honeypot attack, port: 445, PTR: 190-203-28-182.dyn.dsl.cantv.net.	2020-09-04 18:31:53
43.224.130.146	attackbotsspam	Sep 4 09:49:17 sso sshd[16056]: Failed password for root from 43.224.130.146 port 14318 ssh2 ...	2020-09-04 19:01:24
201.63.224.82	attack	Honeypot attack, port: 445, PTR: 201-63-224-82.customer.tdatabrasil.net.br.	2020-09-04 18:42:22
38.111.56.4	attackspam	Honeypot attack, port: 445, PTR: PTR record not found	2020-09-04 18:27:26
121.204.120.214	attack	Sep 3 21:21:54 m3 sshd[22254]: Failed password for r.r from 121.204.120.214 port 54144 ssh2 Sep 3 21:35:50 m3 sshd[23812]: Invalid user sispac from 121.204.120.214 Sep 3 21:35:53 m3 sshd[23812]: Failed password for invalid user sispac from 121.204.120.214 port 52848 ssh2 ........ ----------------------------------------------- https://www.blocklist.de/en/view.html?ip=121.204.120.214	2020-09-04 19:07:06
142.93.122.161	attack	142.93.122.161 - - [04/Sep/2020:11:18:48 +0100] "POST /wp-login.php HTTP/1.1" 200 2261 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.122.161 - - [04/Sep/2020:11:18:51 +0100] "POST /wp-login.php HTTP/1.1" 200 2210 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 142.93.122.161 - - [04/Sep/2020:11:18:51 +0100] "POST /xmlrpc.php HTTP/1.1" 403 219 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-09-04 19:08:05
45.148.10.28	attackbots	Scanner : /boaform/admin/formLogin	2020-09-04 18:46:41
185.26.156.91	attack	Cluster member 67.227.229.95 (US/United States/host.cjthedj97.me) said, DENY 185.26.156.91, Reason:[(mod_security) mod_security (id:340004) triggered by 185.26.156.91 (DE/Germany/kohoutek.uberspace.de): 1 in the last 3600 secs]; Ports: *; Direction: inout; Trigger: LF_CLUSTER	2020-09-04 18:34:42
61.178.108.175	attackspambots	TCP (SYN) 61.178.108.175:43492 -> port 445, len 44	2020-09-04 18:35:32

Recently Reported IPs

81.66.126.56	177.8.154.182	173.249.45.96	24.23.147.166
134.209.248.63	138.186.197.87	61.220.176.221	212.92.115.37
122.118.219.156	196.218.97.223	149.28.170.11	109.171.47.60
138.186.115.195	37.34.255.201	41.203.78.232	83.11.166.194
201.232.224.233	109.203.218.226	122.142.220.198	49.71.101.60