JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 131.196.7.238

131.196.7.238 was found in our database!

This IP was reported 21 times. Confidence of Abuse is 0%: ?

ISP	GR SOLUCOES TELECOM LTDA - ME
Usage Type	Fixed Line ISP
ASN	AS265890
Hostname(s)	static-131-196-7-238.grsolucoestelecom.com.br
Domain Name	grsolucoestelecom.com.br
Country	🇧🇷 Brazil
City	Caruaru, Pernambuco

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 131.196.7.238

Whois 131.196.7.238

IP Abuse Reports for 131.196.7.238:

This IP address has been reported a total of 21 times from 15 distinct sources. 131.196.7.238 was first reported on March 19th 2025, and the most recent report was 6 months ago.

Old Reports: The most recent abuse report for this IP address is from 6 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇸🇪 KIDOS	2025-11-12 07:55:53 (6 months ago)	malicious activity, botnet	Web App Attack
🇬🇧 Silly Development	2025-09-28 15:16:45 (8 months ago)	Malicious activity detected from 265890 GR SOLUCOES TELECOM LTDA - ME towards host paid.sillydev.co. ... show more Malicious activity detected from 265890 GR SOLUCOES TELECOM LTDA - ME towards host paid.sillydev.co.uk (GET HTTP/1.1) @ 2025-09-28T15:16:45Z (6 occurrences) show less	DDoS Attack Exploited Host
🇩🇪 Packets-Decreaser.NET	2025-09-25 16:31:39 (8 months ago)	Incoming Layer 7 Flood Detected	DDoS Attack Web Spam
🇺🇸 TPI-Abuse	2025-09-12 19:01:55 (8 months ago)	(mod_security) mod_security (id:225170) triggered by 131.196.7.238 (static-131-196-7-238.grsolucoest ... show more (mod_security) mod_security (id:225170) triggered by 131.196.7.238 (static-131-196-7-238.grsolucoestelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Sep 12 15:01:49.398838 2025] [security2:error] [pid 18033:tid 18033] [client 131.196.7.238:36786] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|barigby.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "barigby.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aMRuHZcd9Tm1QB8vUEWMVgAAABA"], referer: https://barigby.com/wp-json/wp/v2/users/ show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 antikirra	2025-09-05 18:10:29 (8 months ago)	Proxy Port Scanning	Port Scan
🇨🇭 backslash	2025-09-03 16:53:59 (9 months ago)		DDoS Attack
🇩🇪 FeG Deutschland	2025-08-23 21:14:14 (9 months ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 27	Exploited Host Web App Attack
🇩🇪 LRob.fr	2025-08-21 16:30:06 (9 months ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-08-20 17:19:10 (9 months ago)	(mod_security) mod_security (id:225170) triggered by 131.196.7.238 (static-131-196-7-238.grsolucoest ... show more (mod_security) mod_security (id:225170) triggered by 131.196.7.238 (static-131-196-7-238.grsolucoestelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Aug 20 13:19:02.566431 2025] [security2:error] [pid 19457:tid 19479] [client 131.196.7.238:45325] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|mindgardens.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "mindgardens.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aKYDhnhwpKANWg5HZAxmTAAAABQ"], referer: https://mindgardens.com/wp-json/wp/v2/users/ show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-16 02:40:12 (9 months ago)	(mod_security) mod_security (id:225170) triggered by 131.196.7.238 (static-131-196-7-238.grsolucoest ... show more (mod_security) mod_security (id:225170) triggered by 131.196.7.238 (static-131-196-7-238.grsolucoestelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 15 22:40:06.429050 2025] [security2:error] [pid 16946:tid 16946] [client 131.196.7.238:50626] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|schmitzcomm.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "schmitzcomm.net"] [uri "/wp-json/wp/v2/users/"] [unique_id "aJ_vhos2biY0rmXfxQ5ixAAAAAM"], referer: https://schmitzcomm.net/wp-json/wp/v2/users/ show less	Brute-Force Bad Web Bot Web App Attack
🇳🇱 hostmaster.stream	2025-08-02 07:19:43 (10 months ago)	Honeypot triggered on newsletter form. Web spam detected via newsletter signup form. Honeypot field ... show more Honeypot triggered on newsletter form. Web spam detected via newsletter signup form. Honeypot field was filled. show less	Web Spam
🇺🇸 TPI-Abuse	2025-06-23 23:49:42 (11 months ago)	(mod_security) mod_security (id:225170) triggered by 131.196.7.238 (static-131-196-7-238.grsolucoest ... show more (mod_security) mod_security (id:225170) triggered by 131.196.7.238 (static-131-196-7-238.grsolucoestelecom.com.br): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 23 19:49:38.405499 2025] [security2:error] [pid 947205:tid 947205] [client 131.196.7.238:54700] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|harwoodmechanical.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "harwoodmechanical.com"] [uri "/wp-json/wp/v2/users/"] [unique_id "aFnoEok0CK1qM6MSRpcWvwAAAAo"], referer: https://harwoodmechanical.com/wp-json/wp/v2/users/ show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-06-18 10:45:10 (11 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
Anonymous	2025-06-14 01:55:41 (11 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇩🇪 Savvii	2025-05-27 05:12:35 (1 year ago)	10 attempts against mh-mag-customerspam-ban on web	Web App Attack

Showing 1 to 15 of 21 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 193.26.115.243

🇨🇳 123.145.21.151

🇨🇳 14.103.105.40

🇺🇸 216.25.89.93

🇨🇳 175.19.75.213

🇮🇩 103.147.159.91

🇮🇳 103.68.52.125

🇳🇬 102.91.104.198

🇷🇴 92.118.39.236

🇧🇪 34.38.234.240

🇮🇳 2401:4900:889f:d19a:b1bc:5e71:11c1:dd67

🇭🇰 121.202.148.19

🇸🇬 104.233.43.172

🇨🇳 60.166.31.198

🇩🇪 45.135.195.139

🇪🇬 41.128.181.199

🇧🇪 34.140.246.46

🇺🇸 20.106.195.185

🇻🇳 2402:800:6340:f6d4:e824:759:a1c1:f516

🇧🇷 200.219.9.51