City: unknown
Region: unknown
Country: United States
Internet Service Provider: unknown
Hostname: unknown
Organization: unknown
Usage Type: unknown
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2026, American Registry for Internet Numbers, Ltd.
#
NetRange: 4.0.0.0 - 4.127.255.255
CIDR: 4.0.0.0/9
NetName: LVLT-ORG-4-8
NetHandle: NET-4-0-0-0-1
Parent: NET4 (NET-4-0-0-0-0)
NetType: Direct Allocation
OriginAS:
Organization: Level 3 Parent, LLC (LPL-141)
RegDate: 1992-12-01
Updated: 2019-07-17
Ref: https://rdap.arin.net/registry/ip/4.0.0.0
OrgName: Level 3 Parent, LLC
OrgId: LPL-141
Address: 100 CenturyLink Drive
City: Monroe
StateProv: LA
PostalCode: 71203
Country: US
RegDate: 2018-02-06
Updated: 2024-06-17
Comment: USAGE OF IP SPACE MUST COMPLY WITH OUR ACCEPTABLE USE POLICY:
Comment: https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html
Comment:
Comment: ADDRESSES COVERED BY THIS ORG-ID ARE NON-PORTABLE ANY ISP ANNOUNCING OR TRANSITING PORTIONS WITHIN OUR RANGES SHOULD NOT RELY ON PRESENTED LOA'S OR OLD WHOIS UNLESS THOSE RANGES ARE ALSO ACTIVELY DIRECTLY ANNOUNCED TO A LUMEN ASN. WITH ALL LOA'S THESE CONDITIONS APPLY:
Comment:
Comment: 1. You are permitted to route the Lumen IP prefixes listed via Public BGP to your alternate ISP from the designated ASN. Any other ASN originating the prefix listed is forbidden.
Comment: 2. The Lumen IP prefixes listed can be routed via Public BGP to your alternate ISP as long as you remain an active customer with Lumen and continue to route the prefixes over at least one Lumen Internet circuit without significant traffic engineering.
Comment: 3. Should your Internet services with Lumen be discontinued, Lumen reserves the right to have your alternate ISP terminate the routing of the Lumen IP prefixes without advanced notification, should you fail to do so.
Comment: 4. All IP Addresses assigned or allocated by Lumen to an end-user (customer or ISP) shall be considered non-portable and will be reclaimed by Lumen upon service termination.
Comment: 5. Lumen reserves the right to conduct audits to ensure the LOA conditions are being met.
Comment: 6. Usage of IP space must comply with our AUP https://www.lumen.com/en-us/about/legal/acceptable-use-policy.html
Comment:
Comment: Our looking glass is located at: https://lookingglass.centurylink.com/
Comment:
Comment: For subpoena or court order please fax 844.254.5800 or refer to our Trust & Safety page:
Comment: https://www.lumen.com/en-us/about/legal/trust-center/trust-and-safety.html
Comment:
Comment: For abuse issues, please email abuse@aup.lumen.com
Comment: All abuse reports MUST include:
Comment: * src IP
Comment: * dest IP (your IP)
Comment: * dest port
Comment: * Accurate date/timestamp and timezone of activity
Comment: * Intensity/frequency (short log extracts)
Comment: * Your contact details (phone and email)
Comment: Without these we will be unable to identify the correct owner of the IP address at that point in time.
Ref: https://rdap.arin.net/registry/entity/LPL-141
OrgAbuseHandle: LAC56-ARIN
OrgAbuseName: L3 Abuse Contact
OrgAbusePhone: +1-877-453-8353
OrgAbuseEmail: abuse@level3.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/LAC56-ARIN
OrgRoutingHandle: RPKIR-ARIN
OrgRoutingName: RPKI-ROA
OrgRoutingPhone: +1-877-886-6515
OrgRoutingEmail: rpki-roa@lumen.com
OrgRoutingRef: https://rdap.arin.net/registry/entity/RPKIR-ARIN
OrgTechHandle: APL7-ARIN
OrgTechName: ADMIN POC LVLT
OrgTechPhone: +1-877-453-8353
OrgTechEmail: ipadmin@lumen.com
OrgTechRef: https://rdap.arin.net/registry/entity/APL7-ARIN
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/resources/registry/whois/tou/
#
# If you see inaccuracies in the results, please report at
# https://www.arin.net/resources/registry/whois/inaccuracy_reporting/
#
# Copyright 1997-2026, American Registry for Internet Numbers, Ltd.
#; <<>> DiG 9.10.3-P4-Ubuntu <<>> 4.24.25.75
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64404
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;4.24.25.75. IN A
;; AUTHORITY SECTION:
. 30 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2026040501 1800 900 604800 86400
;; Query time: 7 msec
;; SERVER: 183.60.83.19#53(183.60.83.19)
;; WHEN: Mon Apr 06 12:17:55 CST 2026
;; MSG SIZE rcvd: 103Host 75.25.24.4.in-addr.arpa. not found: 3(NXDOMAIN)Server: 183.60.83.19
Address: 183.60.83.19#53
** server can't find 75.25.24.4.in-addr.arpa: NXDOMAIN| IP | Type | Details | Datetime |
|---|---|---|---|
| 112.85.42.176 | attack | Aug 30 00:24:27 minden010 sshd[7269]: Failed password for root from 112.85.42.176 port 35755 ssh2 Aug 30 00:24:30 minden010 sshd[7269]: Failed password for root from 112.85.42.176 port 35755 ssh2 Aug 30 00:24:42 minden010 sshd[7269]: error: maximum authentication attempts exceeded for root from 112.85.42.176 port 35755 ssh2 [preauth] ... |
2020-08-30 06:48:33 |
| 77.216.121.251 | attack | Fail2Ban Ban Triggered Wordpress Sniffing |
2020-08-30 06:29:21 |
| 104.140.80.221 | attackspambots | (From eric@talkwithwebvisitor.com) Hey, this is Eric and I ran across guarinochiropractic.com a few minutes ago. Looks great… but now what? By that I mean, when someone like me finds your website – either through Search or just bouncing around – what happens next? Do you get a lot of leads from your site, or at least enough to make you happy? Honestly, most business websites fall a bit short when it comes to generating paying customers. Studies show that 70% of a site’s visitors disappear and are gone forever after just a moment. Here’s an idea… How about making it really EASY for every visitor who shows up to get a personal phone call you as soon as they hit your site… You can – Talk With Web Visitor is a software widget that’s works on your site, ready to capture any visitor’s Name, Email address and Phone Number. It signals you the moment they let you know they’re interested – so that you can talk to that lead while they’re literally looking over your site. CLICK HERE http://w |
2020-08-30 06:54:55 |
| 222.186.173.201 | attackbots | Aug 29 22:39:58 scw-6657dc sshd[9764]: Failed password for root from 222.186.173.201 port 33414 ssh2 Aug 29 22:39:58 scw-6657dc sshd[9764]: Failed password for root from 222.186.173.201 port 33414 ssh2 Aug 29 22:40:01 scw-6657dc sshd[9764]: Failed password for root from 222.186.173.201 port 33414 ssh2 ... |
2020-08-30 06:47:37 |
| 118.25.44.66 | attackbots | Aug 29 13:22:59 pixelmemory sshd[1223355]: Failed password for root from 118.25.44.66 port 51948 ssh2 Aug 29 13:25:28 pixelmemory sshd[1223721]: Invalid user process from 118.25.44.66 port 51208 Aug 29 13:25:28 pixelmemory sshd[1223721]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=118.25.44.66 Aug 29 13:25:28 pixelmemory sshd[1223721]: Invalid user process from 118.25.44.66 port 51208 Aug 29 13:25:30 pixelmemory sshd[1223721]: Failed password for invalid user process from 118.25.44.66 port 51208 ssh2 ... |
2020-08-30 06:26:03 |
| 72.49.197.119 | attackbots | Invalid user admin from 72.49.197.119 |
2020-08-30 06:30:29 |
| 185.57.152.70 | attack | 185.57.152.70 - - [29/Aug/2020:22:58:07 +0200] "GET /wp-login.php HTTP/1.1" 200 9040 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 185.57.152.70 - - [29/Aug/2020:22:58:09 +0200] "POST /wp-login.php HTTP/1.1" 200 9291 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" 185.57.152.70 - - [29/Aug/2020:22:58:10 +0200] "POST /xmlrpc.php HTTP/1.1" 200 427 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" |
2020-08-30 06:14:28 |
| 62.210.172.8 | attackspam | ET CINS Active Threat Intelligence Poor Reputation IP group 54 - port: 5070 proto: udp cat: Misc Attackbytes: 454 |
2020-08-30 06:33:46 |
| 131.100.137.154 | attackbots | Attempted Brute Force (dovecot) |
2020-08-30 06:47:11 |
| 116.196.108.9 | attack | SMTP Bruteforce attempt |
2020-08-30 06:23:14 |
| 114.231.42.212 | attackspam | Aug 29 20:24:03 *** sshd[14788]: Invalid user postgres from 114.231.42.212 |
2020-08-30 06:54:30 |
| 218.92.0.207 | attackbots | Aug 30 00:01:53 eventyay sshd[29032]: Failed password for root from 218.92.0.207 port 20409 ssh2 Aug 30 00:02:59 eventyay sshd[29038]: Failed password for root from 218.92.0.207 port 32692 ssh2 ... |
2020-08-30 06:16:30 |
| 222.186.42.213 | attack | Aug 29 18:50:11 NPSTNNYC01T sshd[27937]: Failed password for root from 222.186.42.213 port 49434 ssh2 Aug 29 18:50:19 NPSTNNYC01T sshd[27942]: Failed password for root from 222.186.42.213 port 37798 ssh2 ... |
2020-08-30 06:57:18 |
| 180.71.58.82 | attackspam | 2020-08-29T17:44:22.209672morrigan.ad5gb.com sshd[168825]: Connection closed by 180.71.58.82 port 47105 [preauth] 2020-08-29T17:44:22.210792morrigan.ad5gb.com sshd[168826]: Connection closed by 180.71.58.82 port 46499 [preauth] |
2020-08-30 06:51:43 |
| 171.109.5.102 | attackspambots | Port Scan ... |
2020-08-30 06:53:56 |