JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 31.223.189.146

31.223.189.146 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 0%: ?

ISP	HostRoyale Technologies Pvt Ltd
Usage Type	Data Center/Web Hosting/Transit
ASN	AS44144
Domain Name	hostroyale.com
Country	🇵🇹 Portugal
City	Lisbon, Lisbon

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 31.223.189.146

Whois 31.223.189.146

IP Abuse Reports for 31.223.189.146:

This IP address has been reported a total of 11 times from 5 distinct sources. 31.223.189.146 was first reported on February 2nd 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
Anonymous	2026-02-16 01:44:18 (4 months ago)	Malicious activity detected	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 03:25:41 (5 months ago)	(mod_security) mod_security (id:210730) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 22:25:37.071879 2026] [security2:error] [pid 27805:tid 27805] [client 31.223.189.146:44577] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.nbcnewsradio.com\|F\|2"] [data ".old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.nbcnewsradio.com"] [uri "/.ssh/known_hosts.old"] [unique_id "aWsBMcpJgeMGa_WTOSNRBwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-03 02:02:04 (6 months ago)	(mod_security) mod_security (id:217200) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:217200) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Dec 02 21:01:57.177308 2025] [security2:error] [pid 4828:tid 4828] [client 31.223.189.146:38127] ModSecurity: Access denied with code 403 (phase 1). Match of "endsWith /wp-cron.php" against "REQUEST_FILENAME" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "103"] [id "217200"] [rev "2"] [msg "COMODO WAF: HTTP/1.1 POST request missing Content-Length Header\|\|webdisk.farmers123.com:80\|F\|2"] [data "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [severity "CRITICAL"] [tag "CWAF"] [tag "Protocol"] [hostname "webdisk.farmers123.com"] [uri "/cgi-bin/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/%%32%65%%32%65/bin/sh"] [unique_id "aS-aFVXJbR--xCTKIk3i_wAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇹 Erpelstolz	2025-11-25 14:21:38 (7 months ago)	VM 131: 31.223.189.146 - - [25/Nov/2025:15:21:37 +0100] "GET /admin/log/error.log HTTP/1.1" 301 729	Web App Attack
Anonymous	2025-11-17 12:16:00 (7 months ago)	\| Common web attack.	Hacking SQL Injection Web App Attack
🇺🇸 TPI-Abuse	2025-10-28 23:00:25 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Oct 28 19:00:20.605906 2025] [security2:error] [pid 13500:tid 13500] [client 31.223.189.146:43177] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.nbcnewsradio.com"] [uri "/htaccess_for_page_not_found_redirects.htaccess"] [unique_id "aQFLBF7k0CVV-37l7EYl2wAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-01 15:03:09 (8 months ago)	(mod_security) mod_security (id:212620) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:212620) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:03:03.137654 2025] [security2:error] [pid 9487:tid 9527] [client 31.223.189.146:51483] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /?s=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kettlehill.com"] [uri "/"] [unique_id "aN1Cp0vyOqnYEaX7Ie4bIwAAANI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-05 23:38:33 (10 months ago)	(mod_security) mod_security (id:210730) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210730) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Aug 05 19:38:26.781279 2025] [security2:error] [pid 32162:tid 32162] [client 31.223.189.146:58981] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.nbcnewsradio.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.nbcnewsradio.com"] [uri "/admin/errors.log"] [unique_id "aJKV8kjaJTjf8lPq2QFviAAAABI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-01 06:41:40 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:210492) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 01 02:41:33.271551 2025] [security2:error] [pid 3332372:tid 3332398] [client 31.223.189.146:56455] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.kettlehill.com"] [uri "/wp-config.php.dist"] [unique_id "aIxhnR33aKcnOojmIbhTLgAAApg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-06-01 05:54:34 (1 year ago)	(mod_security) mod_security (id:218420) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Por ... show more (mod_security) mod_security (id:218420) triggered by 31.223.189.146 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 01 01:54:30.244955 2025] [security2:error] [pid 2636838:tid 2636912] [client 31.223.189.146:36733] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "kettlehill.kettlehill.com"] [uri "/cgi-bin/php.exe"] [unique_id "aDvrFjvwu3ccjH5oiKH9WwAAAIM"] show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 rafix	2025-02-02 09:36:32 (1 year ago)	User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/ ... show more User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36; Referer: https://google.com/ show less	DDoS Attack Bad Web Bot

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 37.120.191.97

🇬🇧 217.146.80.107

🇳🇱 185.242.226.103

🇫🇷 178.238.234.184

🇺🇸 165.227.124.44

🇺🇸 146.190.63.248

🇰🇷 121.189.226.81

🇧🇬 78.128.113.46

🇩🇪 43.131.36.84

🇹🇿 41.93.28.23

🇯🇵 40.74.68.49

🇺🇸 20.172.153.86

🇳🇱 185.223.235.45

🇰🇷 125.139.124.120

🇨🇳 124.115.66.104

🇺🇸 66.132.186.246

🇳🇱 35.204.137.163

🇸🇬 114.119.136.95

🇨🇳 112.74.242.167

🇮🇳 103.156.168.170