132.148.142.61

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: GoDaddy.com LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	[munged]::443 132.148.142.61 - - [05/Oct/2019:21:40:59 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.142.61 - - [05/Oct/2019:21:41:01 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.142.61 - - [05/Oct/2019:21:41:04 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.142.61 - - [05/Oct/2019:21:41:06 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.142.61 - - [05/Oct/2019:21:41:08 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" [munged]::443 132.148.142.61 - - [05/Oct/2019:21:41:10 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11	2019-10-06 04:21:20

Type

Details

Datetime

attackspam

[munged]::443 132.148.142.61 - - [05/Oct/2019:21:40:59 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[munged]::443 132.148.142.61 - - [05/Oct/2019:21:41:01 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[munged]::443 132.148.142.61 - - [05/Oct/2019:21:41:04 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[munged]::443 132.148.142.61 - - [05/Oct/2019:21:41:06 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[munged]::443 132.148.142.61 - - [05/Oct/2019:21:41:08 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
[munged]::443 132.148.142.61 - - [05/Oct/2019:21:41:10 +0200] "POST /[munged]: HTTP/1.1" 200 9079 "-" "Mozilla/5.0 (X11

2019-10-06 04:21:20

Comments on same subnet:

IP	Type	Details	Datetime
132.148.142.246	attackbots	Port Scan: TCP/445	2019-08-17 00:10:45
132.148.142.117	attackbots	132.148.142.117 - - [23/Jul/2019:23:14:34 +0200] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.142.117 - - [23/Jul/2019:23:14:35 +0200] "POST /wp-login.php HTTP/1.1" 200 1632 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.142.117 - - [23/Jul/2019:23:14:35 +0200] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.142.117 - - [23/Jul/2019:23:14:35 +0200] "POST /wp-login.php HTTP/1.1" 200 1607 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.142.117 - - [23/Jul/2019:23:14:36 +0200] "GET /wp-login.php HTTP/1.1" 200 1237 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.142.117 - - [23/Jul/2019:23:14:36 +0200] "POST /wp-login.php HTTP/1.1" 200 1608 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" .	2019-07-24 08:50:27
132.148.142.117	attackbots	www.ft-1848-basketball.de 132.148.142.117 \[12/Jul/2019:14:44:23 +0200\] "POST /wp-login.php HTTP/1.1" 200 2174 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" www.ft-1848-basketball.de 132.148.142.117 \[12/Jul/2019:14:44:24 +0200\] "POST /wp-login.php HTTP/1.1" 200 2144 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" www.ft-1848-basketball.de 132.148.142.117 \[12/Jul/2019:14:44:26 +0200\] "POST /wp-login.php HTTP/1.1" 200 2131 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-07-12 21:35:55
132.148.142.117	attack	WordPress login Brute force / Web App Attack on client site.	2019-07-09 20:44:25
132.148.142.117	attack	belitungshipwreck.org 132.148.142.117 \[22/Jun/2019:17:02:48 +0200\] "POST /wp-login.php HTTP/1.1" 200 5597 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0" belitungshipwreck.org 132.148.142.117 \[22/Jun/2019:17:02:49 +0200\] "POST /wp-login.php HTTP/1.1" 200 5575 "-" "Mozilla/5.0 \(X11\; Ubuntu\; Linux x86_64\; rv:62.0\) Gecko/20100101 Firefox/62.0"	2019-06-23 07:20:42

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 132.148.142.61
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51080
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;132.148.142.61.			IN	A

;; AUTHORITY SECTION:
.			239	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2019100501 1800 900 604800 86400

;; Query time: 92 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Sun Oct 06 04:21:17 CST 2019
;; MSG SIZE  rcvd: 118

Host info

61.142.148.132.in-addr.arpa domain name pointer ip-132-148-142-61.ip.secureserver.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
61.142.148.132.in-addr.arpa	name = ip-132-148-142-61.ip.secureserver.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
193.70.0.93	attackspam	Sep 11 10:18:23 sachi sshd\[27703\]: Invalid user git from 193.70.0.93 Sep 11 10:18:23 sachi sshd\[27703\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.ip-193-70-0.eu Sep 11 10:18:25 sachi sshd\[27703\]: Failed password for invalid user git from 193.70.0.93 port 35504 ssh2 Sep 11 10:24:28 sachi sshd\[28273\]: Invalid user git from 193.70.0.93 Sep 11 10:24:28 sachi sshd\[28273\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=93.ip-193-70-0.eu	2019-09-12 04:27:52
81.22.45.252	attackspam	09/11/2019-16:39:01.392270 81.22.45.252 Protocol: 6 ET CINS Active Threat Intelligence Poor Reputation IP group 85	2019-09-12 04:40:32
165.22.99.94	attack	Sep 11 22:09:42 dev0-dcfr-rnet sshd[8247]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.99.94 Sep 11 22:09:45 dev0-dcfr-rnet sshd[8247]: Failed password for invalid user admin from 165.22.99.94 port 42512 ssh2 Sep 11 22:15:57 dev0-dcfr-rnet sshd[8268]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=165.22.99.94	2019-09-12 04:29:02
129.204.202.89	attack	Sep 11 20:58:30 srv206 sshd[29697]: Invalid user sinus from 129.204.202.89 ...	2019-09-12 04:17:51
139.198.18.73	attack	Sep 11 09:57:30 lcprod sshd\[6817\]: Invalid user miusuario from 139.198.18.73 Sep 11 09:57:30 lcprod sshd\[6817\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.198.18.73 Sep 11 09:57:31 lcprod sshd\[6817\]: Failed password for invalid user miusuario from 139.198.18.73 port 40818 ssh2 Sep 11 10:02:51 lcprod sshd\[7301\]: Invalid user vbox from 139.198.18.73 Sep 11 10:02:51 lcprod sshd\[7301\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=139.198.18.73	2019-09-12 04:11:30
128.14.209.242	attack	Microsoft Windows HTTP.sys Remote Code Execution Vulnerability, PTR: survey.internet-census.org.	2019-09-12 04:23:54
112.169.9.150	attackspambots	Sep 11 21:57:13 eventyay sshd[10796]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.169.9.150 Sep 11 21:57:15 eventyay sshd[10796]: Failed password for invalid user vbox from 112.169.9.150 port 52913 ssh2 Sep 11 22:04:36 eventyay sshd[11024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=112.169.9.150 ...	2019-09-12 04:20:09
150.140.189.33	attackbotsspam	Sep 11 22:19:04 core sshd[26280]: Invalid user admin from 150.140.189.33 port 50162 Sep 11 22:19:06 core sshd[26280]: Failed password for invalid user admin from 150.140.189.33 port 50162 ssh2 ...	2019-09-12 04:44:34
101.96.113.50	attack	Sep 11 10:16:41 hpm sshd\[17855\]: Invalid user user1 from 101.96.113.50 Sep 11 10:16:41 hpm sshd\[17855\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.96.113.50 Sep 11 10:16:44 hpm sshd\[17855\]: Failed password for invalid user user1 from 101.96.113.50 port 37056 ssh2 Sep 11 10:23:56 hpm sshd\[18550\]: Invalid user ubuntu from 101.96.113.50 Sep 11 10:23:56 hpm sshd\[18550\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=101.96.113.50	2019-09-12 04:38:54
103.39.133.110	attack	Sep 11 22:09:20 eventyay sshd[11139]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.39.133.110 Sep 11 22:09:22 eventyay sshd[11139]: Failed password for invalid user nagios from 103.39.133.110 port 40156 ssh2 Sep 11 22:15:45 eventyay sshd[11299]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=103.39.133.110 ...	2019-09-12 04:34:09
202.170.119.28	attackbots	Scanning random ports - tries to find possible vulnerable services	2019-09-12 04:11:15
51.75.248.127	attackbotsspam	Sep 11 10:27:03 php2 sshd\[29450\]: Invalid user test from 51.75.248.127 Sep 11 10:27:03 php2 sshd\[29450\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.ip-51-75-248.eu Sep 11 10:27:04 php2 sshd\[29450\]: Failed password for invalid user test from 51.75.248.127 port 51980 ssh2 Sep 11 10:32:19 php2 sshd\[30335\]: Invalid user student4 from 51.75.248.127 Sep 11 10:32:19 php2 sshd\[30335\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=127.ip-51-75-248.eu	2019-09-12 04:33:37
134.209.13.209	attack	Sep 11 10:07:09 kapalua sshd\[11585\]: Invalid user guest from 134.209.13.209 Sep 11 10:07:09 kapalua sshd\[11585\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.13.209 Sep 11 10:07:10 kapalua sshd\[11585\]: Failed password for invalid user guest from 134.209.13.209 port 55192 ssh2 Sep 11 10:12:42 kapalua sshd\[12268\]: Invalid user admin from 134.209.13.209 Sep 11 10:12:42 kapalua sshd\[12268\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=134.209.13.209	2019-09-12 04:22:33
104.168.145.233	attack	mail relay > 100 attempts 019-09-11 14:55:04 SMTP connection from [104.168.145.233]:61346 (TCP/IP connection count = 1) 2019:09:11-14:55:05 exim-in[11624]: 2019-09-11 14:55:05 H=hwsrv-574506.hostwindsdns.com (hwc-hwp-4966180) [104.168.145.233]:61346 F= rejected RCPT : Relay not permitted 2019:09:11-14:55:05 exim-in[11624]: 2019-09-11 14:55:05 SMTP connection from hwsrv-574506.hostwindsdns.com (hwc-hwp-4966180) [104.168.145.233]:61346 closed by DROP in ACL	2019-09-12 04:12:07
128.14.209.154	attack	Microsoft Windows HTTP.sys Remote Code Execution Vulnerability, PTR: survey.internet-census.org.	2019-09-12 04:21:32

Recently Reported IPs

32.0.126.11	146.45.122.248	94.210.167.130	224.165.196.83
239.12.4.249	231.190.119.125	19.233.233.180	132.232.159.71
148.66.134.112	189.26.193.235	182.253.107.139	104.168.201.55
179.154.7.133	23.91.100.73	193.188.22.212	222.91.150.226
181.171.156.103	138.97.146.1	81.30.201.186	77.56.184.47