City: Santa Rita
Region: Paraiba
Country: Brazil
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2025, American Registry for Internet Numbers, Ltd.
#
NetRange: 131.196.0.0 - 131.196.255.255
CIDR: 131.196.0.0/16
NetName: LACNIC-ERX-131-196-0-0
NetHandle: NET-131-196-0-0-1
Parent: NET131 (NET-131-0-0-0-0)
NetType: Transferred to LACNIC
OriginAS:
Organization: Latin American and Caribbean IP address Regional Registry (LACNIC)
RegDate: 2015-09-04
Updated: 2015-09-04
Comment: This IP address range is under LACNIC responsibility
Comment: for further allocations to users in LACNIC region.
Comment: Please see http://www.lacnic.net/ for further details,
Comment: or check the WHOIS server located at http://whois.lacnic.net
Ref: https://rdap.arin.net/registry/ip/131.196.0.0
ResourceLink: http://lacnic.net/cgi-bin/lacnic/whois
ResourceLink: whois.lacnic.net
OrgName: Latin American and Caribbean IP address Regional Registry
OrgId: LACNIC
Address: Rambla Republica de Mexico 6125
City: Montevideo
StateProv:
PostalCode: 11400
Country: UY
RegDate: 2002-07-27
Updated: 2018-03-15
Ref: https://rdap.arin.net/registry/entity/LACNIC
ReferralServer: whois://whois.lacnic.net
ResourceLink: http://lacnic.net/cgi-bin/lacnic/whois
OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Whois Info
OrgTechPhone: +598-2604-2222
OrgTechEmail: whois-contact@lacnic.net
OrgTechRef: https://rdap.arin.net/registry/entity/LACNIC-ARIN
OrgAbuseHandle: LWI100-ARIN
OrgAbuseName: LACNIC Whois Info
OrgAbusePhone: +598-2604-2222
OrgAbuseEmail: abuse@lacnic.net
OrgAbuseRef: https://rdap.arin.net/registry/entity/LWI100-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2025, American Registry for Internet Numbers, Ltd.
#
Found a referral to whois.lacnic.net.
% IP Client: 124.223.158.242
% Copyright (c) Nic.br - Use of this data is governed by the Use and
% Privacy Policy at https://registro.br/upp . Distribution,
% commercialization, reproduction, and use for advertising or similar
% purposes are expressly prohibited.
% 2025-10-08T01:56:59-03:00 - 124.223.158.242
inetnum: 131.196.48.0/22
aut-num: AS265894
abuse-c: SALSI130
owner: Portal.com STI eirele
ownerid: 11.386.402/0001-92
responsible: Saul Lima da Silva
owner-c: SALSI130
tech-c: SALSI130
inetrev: 131.196.48.0/22
nserver: ns1.portalcom.inf.br
nsstat: 20251007 AA
nslastaa: 20251007
nserver: ns2.portalcom.inf.br
nsstat: 20251007 AA
nslastaa: 20251007
created: 20170626
changed: 20170626
nic-hdl-br: SALSI130
person: SAUL LIMA DA SILVA
created: 20170322
changed: 20250930
% Security and mail abuse issues should also be addressed to cert.br,
% respectivelly to cert@cert.br and mail-abuse@cert.br
%
% whois.registro.br only accepts exact match queries for domains,
% registrants, contacts, tickets, providers, IPs, and ASNs.; <<>> DiG 9.10.3-P4-Ubuntu <<>> 131.196.48.84
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 42332
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;131.196.48.84. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2025100702 1800 900 604800 86400
;; Query time: 16 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Wed Oct 08 12:38:33 CST 2025
;; MSG SIZE rcvd: 10684.48.196.131.in-addr.arpa domain name pointer 84.48.196.131.portalcom.inf.br.Server: 183.60.83.19
Address: 183.60.83.19#53
Non-authoritative answer:
84.48.196.131.in-addr.arpa name = 84.48.196.131.portalcom.inf.br.
Authoritative answers can be found from:| IP | Type | Details | Datetime |
|---|---|---|---|
| 170.254.195.104 | attackbots | May 9 03:30:02 pornomens sshd\[1294\]: Invalid user transfer from 170.254.195.104 port 45126 May 9 03:30:02 pornomens sshd\[1294\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=170.254.195.104 May 9 03:30:04 pornomens sshd\[1294\]: Failed password for invalid user transfer from 170.254.195.104 port 45126 ssh2 ... |
2020-05-09 19:29:02 |
| 123.30.236.149 | attackspam | May 9 05:37:46 hosting sshd[23136]: Invalid user sendmail from 123.30.236.149 port 44316 May 9 05:37:46 hosting sshd[23136]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=123.30.236.149 May 9 05:37:46 hosting sshd[23136]: Invalid user sendmail from 123.30.236.149 port 44316 May 9 05:37:48 hosting sshd[23136]: Failed password for invalid user sendmail from 123.30.236.149 port 44316 ssh2 May 9 05:53:16 hosting sshd[25241]: Invalid user user from 123.30.236.149 port 44402 ... |
2020-05-09 19:30:50 |
| 60.160.225.39 | attackbotsspam | May 9 02:16:43 mailserver sshd\[29768\]: Invalid user daniel from 60.160.225.39 ... |
2020-05-09 19:12:58 |
| 118.113.145.225 | attack | $f2bV_matches |
2020-05-09 19:20:42 |
| 165.227.26.69 | attackbots | Bruteforce detected by fail2ban |
2020-05-09 18:48:31 |
| 157.230.40.72 | attackspambots | May 9 02:48:05 game-panel sshd[27987]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.40.72 May 9 02:48:08 game-panel sshd[27987]: Failed password for invalid user annamarie from 157.230.40.72 port 49166 ssh2 May 9 02:51:52 game-panel sshd[28121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=157.230.40.72 |
2020-05-09 18:49:45 |
| 195.54.167.15 | attackspam | May 9 04:57:10 debian-2gb-nbg1-2 kernel: \[11251908.156003\] \[UFW BLOCK\] IN=eth0 OUT= MAC=96:00:00:0e:18:f4:d2:74:7f:6e:37:e3:08:00 SRC=195.54.167.15 DST=195.201.40.59 LEN=40 TOS=0x00 PREC=0x00 TTL=244 ID=20838 PROTO=TCP SPT=55791 DPT=19866 WINDOW=1024 RES=0x00 SYN URGP=0 |
2020-05-09 18:51:05 |
| 183.89.212.114 | attackspam | Brute Force - Dovecot |
2020-05-09 19:28:05 |
| 118.35.184.185 | attackspam | Port scan(s) denied |
2020-05-09 19:22:21 |
| 106.12.146.9 | attack | May 9 05:34:47 lukav-desktop sshd\[18738\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.146.9 user=root May 9 05:34:49 lukav-desktop sshd\[18738\]: Failed password for root from 106.12.146.9 port 33348 ssh2 May 9 05:39:26 lukav-desktop sshd\[18914\]: Invalid user back from 106.12.146.9 May 9 05:39:26 lukav-desktop sshd\[18914\]: pam_unix\(sshd:auth\): authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.12.146.9 May 9 05:39:28 lukav-desktop sshd\[18914\]: Failed password for invalid user back from 106.12.146.9 port 37872 ssh2 |
2020-05-09 19:18:21 |
| 157.230.249.90 | attackspam | SSH invalid-user multiple login try |
2020-05-09 19:23:46 |
| 36.37.123.5 | attackspambots | Honeypot attack, port: 445, PTR: PTR record not found |
2020-05-09 19:22:58 |
| 112.74.186.78 | attack | 112.74.186.78 - - [08/May/2020:14:50:26 +0300] "GET /console HTTP/1.0" 403 1460 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" 112.74.186.78 - - [08/May/2020:14:50:32 +0300] "GET / HTTP/1.0" 403 1460 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" 112.74.186.78 - - [08/May/2020:14:50:33 +0300] "GET /horde/imp/test.php HTTP/1.0" 403 1460 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0" ... |
2020-05-09 19:29:30 |
| 77.109.173.12 | attackbots | 5x Failed Password |
2020-05-09 19:25:51 |
| 184.185.2.57 | attack | Dovecot Invalid User Login Attempt. |
2020-05-09 19:11:03 |