132.148.22.54 - IPInfo

Basic Info

City: unknown

Region: unknown

Country: United States

Internet Service Provider: GoDaddy.com LLC

Hostname: unknown

Organization: unknown

Usage Type: Data Center/Web Hosting/Transit

Comments:

Make a comment on this IP

Type	Details	Datetime
attackspam	132.148.22.54 - - [13/Oct/2020:20:01:19 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.22.54 - - [13/Oct/2020:20:01:21 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.22.54 - - [13/Oct/2020:20:01:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"	2020-10-14 04:48:41
attackbots	132.148.22.54 - - [13/Oct/2020:12:47:12 +0100] "POST /wp-login.php HTTP/1.1" 200 2176 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.22.54 - - [13/Oct/2020:12:47:13 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 132.148.22.54 - - [13/Oct/2020:12:59:39 +0100] "POST /wp-login.php HTTP/1.1" 200 2223 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" ...	2020-10-13 20:18:46

Type

Details

Datetime

attackspam

132.148.22.54 - - [13/Oct/2020:20:01:19 +0200] "GET /wp-login.php HTTP/1.1" 200 8558 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
132.148.22.54 - - [13/Oct/2020:20:01:21 +0200] "POST /wp-login.php HTTP/1.1" 200 8809 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
132.148.22.54 - - [13/Oct/2020:20:01:22 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"

2020-10-14 04:48:41

attackbots

132.148.22.54 - - [13/Oct/2020:12:47:12 +0100] "POST /wp-login.php HTTP/1.1" 200 2176 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
132.148.22.54 - - [13/Oct/2020:12:47:13 +0100] "POST /xmlrpc.php HTTP/1.1" 200 247 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
132.148.22.54 - - [13/Oct/2020:12:59:39 +0100] "POST /wp-login.php HTTP/1.1" 200 2223 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0"
...

2020-10-13 20:18:46

Comments on same subnet:

No discussion about this subnet yet..

Whois info:

Dig info:

; <<>> DiG 9.10.3-P4-Ubuntu <<>> 132.148.22.54
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 59299
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;132.148.22.54.			IN	A

;; AUTHORITY SECTION:
.			290	IN	SOA	a.root-servers.net. nstld.verisign-grs.com. 2020101300 1800 900 604800 86400

;; Query time: 18 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Tue Oct 13 20:18:43 CST 2020
;; MSG SIZE  rcvd: 117

Host info

54.22.148.132.in-addr.arpa domain name pointer ip-132-148-22-54.ip.secureserver.net.

Nslookup info:

Server:		183.60.83.19
Address:	183.60.83.19#53

Non-authoritative answer:
54.22.148.132.in-addr.arpa	name = ip-132-148-22-54.ip.secureserver.net.

Authoritative answers can be found from:

Related IP info:

Related comments:

IP	Type	Details	Datetime
85.209.0.102	attackbotsspam	Sep 30 22:58:53 *** sshd[22127]: Did not receive identification string from 85.209.0.102	2020-10-01 07:14:40
66.240.205.34	attack	TCP (SYN) 66.240.205.34:18081 -> port 1800, len 44	2020-10-01 06:51:58
112.91.154.114	attackbots	DATE:2020-09-30 07:17:03, IP:112.91.154.114, PORT:1433 - MSSQL brute force auth on a honeypot server (epe-dc)	2020-10-01 07:06:10
195.246.57.116	attackbotsspam	ET SCAN Suspicious inbound to MSSQL port 1433 - port: 1433 proto: tcp cat: Potentially Bad Trafficbytes: 60	2020-10-01 06:59:36
89.248.160.178	attackspam	scans 8 times in preceeding hours on the ports (in chronological order) 25999 22555 22222 21163 3533 5114 25005 3074 resulting in total of 70 scans from 89.248.160.0-89.248.174.255 block.	2020-10-01 06:48:04
156.96.112.211	attackspam	[29/Sep/2020:15:18:47 -0400] "GET / HTTP/1.1" Blank UA [29/Sep/2020:16:41:19 -0400] "GET / HTTP/1.1" Blank UA [29/Sep/2020:16:42:38 -0400] "GET / HTTP/1.1" Blank UA	2020-10-01 07:04:48
88.214.26.53	attackbots	1743/tcp 23456/tcp 3456/tcp... [2020-07-30/09-30]297pkt,44pt.(tcp)	2020-10-01 06:49:06
89.248.168.220	attackbots	scans 3 times in preceeding hours on the ports (in chronological order) 11443 11443 11609 resulting in total of 70 scans from 89.248.160.0-89.248.174.255 block.	2020-10-01 06:47:39
141.98.81.141	attackbots	Cowrie Honeypot: Unauthorised SSH/Telnet login attempt with user "root" at 2020-09-30T22:54:10Z	2020-10-01 07:05:12
104.206.128.26	attackbotsspam	5060/tcp 1433/tcp 23/tcp... [2020-07-31/09-30]27pkt,8pt.(tcp),1pt.(udp)	2020-10-01 07:08:14
45.129.33.100	attackspam	ET DROP Dshield Block Listed Source group 1 - port: 9202 proto: tcp cat: Misc Attackbytes: 60	2020-10-01 07:20:20
42.112.37.242	attackspam	TCP (SYN) 42.112.37.242:49422 -> port 6016, len 44	2020-10-01 06:57:17
89.248.160.150	attack	scans 6 times in preceeding hours on the ports (in chronological order) 41202 41278 45261 49157 49169 49182 resulting in total of 70 scans from 89.248.160.0-89.248.174.255 block.	2020-10-01 06:48:27
60.251.183.90	attack	SSH login attempts.	2020-10-01 06:52:49
111.40.7.84	attack	TCP (SYN) 111.40.7.84:57925 -> port 1433, len 44	2020-10-01 07:06:36

Recently Reported IPs

14.185.180.118	84.43.233.12	12.229.215.19	177.42.216.164
61.144.20.176	180.249.165.62	166.175.184.45	103.78.115.220
54.162.69.2	36.238.52.62	85.187.87.136	216.58.202.206
123.11.36.58	202.80.216.168	221.15.23.98	3.81.233.178
50.47.108.211	176.59.48.206	60.110.138.101	216.12.61.6