JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 31.56.137.104

31.56.137.104 was found in our database!

This IP was reported 9 times. Confidence of Abuse is 17%: ?

17%

ISP	AE-GOLDIP
Usage Type	Data Center/Web Hosting/Transit
ASN	AS9009
Domain Name	goldipv4.com
Country	🇨🇦 Canada
City	Montreal, Quebec

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 31.56.137.104

Whois 31.56.137.104

IP Abuse Reports for 31.56.137.104:

This IP address has been reported a total of 9 times from 4 distinct sources. 31.56.137.104 was first reported on May 4th 2025, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 Blue Pumpkin	2026-06-16 23:31:12 (1 week ago)	31.56.137.104 - - [16/Jun/2026:23:31:09 +0000] "GET /component/comprofiler/userprofile/Jessicaxo HTT ... show more 31.56.137.104 - - [16/Jun/2026:23:31:09 +0000] "GET /component/comprofiler/userprofile/Jessicaxo HTTP/1.1" 200 13299 "-" "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" ... show less	Brute-Force
🇫🇷 bigorre.org	2026-06-02 03:59:28 (3 weeks ago)	Excessive crawling : exceed crawl-delay defined in robots.txt	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-01 02:57:37 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:57:29.013702 2026] [security2:error] [pid 7732:tid 7753] [client 31.56.137.104:43407] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.kettlehill.com\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.kettlehill.com"] [uri "/log/error.log"] [unique_id "ahz1GSKq_i-FrRbJEDIQ0QAAAUc"], referer: http://www.kettlehill.com/log/error.log show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 11:26:37 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 06:26:30.371625 2026] [security2:error] [pid 15770:tid 15770] [client 31.56.137.104:33251] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/.env.prod"] [unique_id "aWtx5qfpA0RXMxjeGNAKnwAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 17:43:32 (5 months ago)	(mod_security) mod_security (id:212620) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:212620) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 12:42:18.513011 2025] [security2:error] [pid 27849:tid 28220] [client 31.56.137.104:39535] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|kettlehill.kettlehill.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /?s=</script><script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "kettlehill.kettlehill.com"] [uri "/"] [unique_id "aVK9elQ7a22kNO2lY86tIgAAANQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-11 21:15:37 (7 months ago)	(mod_security) mod_security (id:210492) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Nov 11 16:15:23.886562 2025] [security2:error] [pid 2464:tid 2464] [client 31.56.137.104:57247] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.nbcnewsradio.com"] [uri "/assets../.git/config"] [unique_id "aROna37fKt09oGwOb9aFVwAAABo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-07-27 01:39:46 (11 months ago)	(mod_security) mod_security (id:210492) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 21:39:42.945414 2025] [security2:error] [pid 729657:tid 729699] [client 31.56.137.104:54509] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/.env.bak"] [unique_id "aIWDXhUVDjlJfvQpjEJTWgAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-30 00:26:15 (1 year ago)	(mod_security) mod_security (id:221260) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:221260) triggered by 31.56.137.104 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 20:26:09.127038 2025] [security2:error] [pid 3833499:tid 3833499] [client 31.56.137.104:37829] ModSecurity: Access denied with code 403 (phase 1). Pattern match "^(?:\\\\'\\\\w+?=)?\\\\(\\\\)\\\\s{" at MATCHED_VAR. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "77"] [id "221260"] [rev "3"] [msg "COMODO WAF: Shellshock Command Injection Vulnerabilities in GNU Bash through 4.3 bash43-026 (CVE-2014-7187, CVE-2014-7186, CVE-2014-7169, CVE-2014-6278, CVE-2014-6277, CVE-2014-6271)\|\|cpcalendars.farmers123.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.farmers123.com"] [uri "/cgi-bin/status"] [unique_id "aDj7IQMhqim9uow_aVtXUwAAABI"], referer: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-05-04 18:10:01 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 9 of 9 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 2a01:4f8:1c1e:6687::1

🇬🇪 212.58.112.247

🇵🇱 194.180.48.33

🇺🇸 162.243.147.237

🇫🇮 130.49.113.188

🇺🇸 104.234.53.40

🇺🇸 104.234.53.34

🇲🇳 103.229.121.173

🇧🇬 79.124.56.138

🇨🇳 61.185.179.148

🇹🇷 37.202.55.115

🇺🇸 20.168.122.3

🇫🇷 5.196.13.47

🇭🇰 2a09:bac5:398b:2646::3d0:4f

🇮🇹 2a00:6d43:b02:b600:b565:359f:8ccd:12a9

🇮🇹 2a00:6d43:b02:b600:4d16:5ba6:94bd:e1e7

🇺🇸 216.73.160.212

🇺🇸 216.73.160.47

🇪🇹 196.189.56.25

🇳🇱 195.178.110.232