AbuseIPDB » 128.31.0.13

128.31.0.13 was found in our database!

This IP was reported 5,851 times. Confidence of Abuse is 43%: ?

43%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	Massachusetts Institute of Technology
Usage Type	University/College/School
ASN	AS3
Hostname(s)	tor-exit.csail.mit.edu
Domain Name	mit.edu
Country	United States of America
City	Cambridge, Massachusetts

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 128.31.0.13

Whois 128.31.0.13

IP Abuse Reports for 128.31.0.13:

This IP address has been reported a total of 5,851 times from 473 distinct sources. 128.31.0.13 was first reported on November 21st 2020, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
ipblock.com	2025-03-14 21:22:00 (3 months ago)	IPBlock protected site ID [4055-d][s=07]. Major crawler impostor. Mozilla/5.0 (compati ... show moreIPBlock protected site ID [4055-d][s=07]. Major crawler impostor. Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) show less	Bad Web Bot
Anonymous	2025-03-13 07:01:28 (3 months ago)	Action: Block, Reason: DDOS attack detected	DDoS Attack
ipblock.com	2025-03-09 07:28:00 (3 months ago)	IPBlock protected site ID [4055-d][s=04]. Major crawler impostor. Mozilla/5.0 (compati ... show moreIPBlock protected site ID [4055-d][s=04]. Major crawler impostor. Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html) show less	Bad Web Bot
NetworkOperationsTeam	2025-03-05 22:57:09 (3 months ago)	SMS Bombing. Trying to authenticate. API Abuse rate limit exceeded	Hacking Brute-Force Web App Attack
paissangroup	2025-03-05 00:56:07 (3 months ago)	Multiple WAF Violations	Web App Attack
Anonymous	2025-03-02 19:28:13 (3 months ago)	(mod_security) mod_security triggered on hostname [redacted] 128.31.0.13 (US/United States/tor-exit. ... show more(mod_security) mod_security triggered on hostname [redacted] 128.31.0.13 (US/United States/tor-exit.csail.mit.edu) show less	SQL Injection
oncord	2025-03-01 19:15:50 (3 months ago)	Form spam	Web Spam
Anonymous	2025-02-27 02:35:28 (3 months ago)	few-Joomla User : try to access forms...	Hacking
LTM	2025-02-17 07:20:01 (3 months ago)	WebServer - Attempts to exploit	Hacking Brute-Force Web App Attack
Anonymous	2025-02-16 14:03:22 (3 months ago)	Action: Block, Reason: DDOS attack detected	DDoS Attack
TPI-Abuse	2025-02-12 07:22:33 (4 months ago)	(mod_security) mod_security (id:210730) triggered by 128.31.0.13 (tor-exit.csail.mit.edu): 1 in the ... show more(mod_security) mod_security (id:210730) triggered by 128.31.0.13 (tor-exit.csail.mit.edu): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Feb 12 02:22:28.731384 2025] [security2:error] [pid 2089278:tid 2089278] [client 128.31.0.13:38892] [client 128.31.0.13] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy||leolion.net|F|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "leolion.net"] [uri "/backup.sql"] [unique_id "Z6xMNKuKFl9udlaK7b-CXgAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
el-brujo	2025-02-10 02:20:59 (4 months ago)	DDoS Attack Layer 7 Silent Bot	DDoS Attack
london2038.com	2025-01-30 06:59:48 (4 months ago)	Malformed or malicious web request 128.31.0.13 - - [30/Jan/2025:07:59:44 +0100] "GET / HXXP/1. ... show moreMalformed or malicious web request 128.31.0.13 - - [30/Jan/2025:07:59:44 +0100] "GET / HXXP/1.1" 400 157 "-" "-" show less	Hacking Web App Attack
strzonnek	2025-01-26 17:44:57 (4 months ago)	attack on webform	Brute-Force Web App Attack
strzonnek	2025-01-24 20:43:44 (4 months ago)	attack on webform	Brute-Force Web App Attack

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩