JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 31.56.145.212

31.56.145.212 was found in our database!

This IP was reported 8 times. Confidence of Abuse is 0%: ?

ISP	AE-GOLDIP
Usage Type	Data Center/Web Hosting/Transit
ASN	AS20853
Domain Name	goldipv4.com
Country	🇵🇱 Poland
City	Warsaw, Mazovia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 31.56.145.212

Whois 31.56.145.212

IP Abuse Reports for 31.56.145.212:

This IP address has been reported a total of 8 times from 5 distinct sources. 31.56.145.212 was first reported on January 15th 2025, and the most recent report was 4 months ago.

Old Reports: The most recent abuse report for this IP address is from 4 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-01-27 03:00:07 (4 months ago)	(mod_security) mod_security (id:210492) triggered by 31.56.145.212 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 31.56.145.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jan 26 22:00:02.578096 2026] [security2:error] [pid 16656:tid 16672] [client 31.56.145.212:40521] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.kettlehill.com"] [uri "/.env.live"] [unique_id "aXgqMj4D1upuVdMC6K4NnwAAAE0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 07:15:28 (5 months ago)	(mod_security) mod_security (id:210492) triggered by 31.56.145.212 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 31.56.145.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jan 17 02:15:21.078796 2026] [security2:error] [pid 11364:tid 11364] [client 31.56.145.212:45651] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcalendars.nbcnewsradio.com"] [uri "/wp-config.php-backup"] [unique_id "aWs3CXScFdhTAPJ7GF63TwAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 SCHAPPY	2025-08-25 18:30:07 (9 months ago)	IP was involved in L7 DDoS attack.	DDoS Attack
🇺🇸 TPI-Abuse	2025-07-26 23:10:59 (10 months ago)	(mod_security) mod_security (id:218420) triggered by 31.56.145.212 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:218420) triggered by 31.56.145.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 19:08:52.147756 2025] [security2:error] [pid 19500:tid 19521] [client 31.56.145.212:57885] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|ftp.kettlehill.net\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:-d allow_url_include=on -d auto_prepend_file=php://input: -d allow_url_include=on -d auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "ftp.kettlehill.net"] [uri "/index.php"] [unique_id "aIVgBC-82AcwFY0KVGEYsQAAAE4"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-29 15:31:32 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 31.56.145.212 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 31.56.145.212 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 29 11:31:24.403630 2025] [security2:error] [pid 2876248:tid 2876248] [client 31.56.145.212:59989] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|autodiscover.farmers123.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "autodiscover.farmers123.com"] [uri "/file=http:/example.com"] [unique_id "aDh9zHY-Vb5JVnLYnd1VlwAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Vincent Helmus	2025-05-16 17:40:18 (1 year ago)	ALL	DNS Compromise DNS Poisoning Fraud Orders DDoS Attack FTP Brute-Force Ping of Death Phishing Fraud VoIP Open Proxy Web Spam Email Spam Blog Spam VPN IP Port Scan Hacking SQL Injection Spoofing Brute-Force Bad Web Bot Exploited Host Web App Attack SSH IoT Targeted
Anonymous	2025-03-29 05:40:18 (1 year ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
Anonymous	2025-01-15 06:10:15 (1 year ago)	\| Common web attack.	Hacking SQL Injection Web App Attack

Showing 1 to 8 of 8 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 195.178.110.30

🇰🇷 121.129.75.178

🇮🇩 103.186.31.247

🇺🇸 91.230.168.141

🇲🇰 79.125.162.32

🇳🇱 217.60.195.150

🇦🇷 201.235.180.33

🇭🇰 199.45.154.150

🇨🇱 186.103.169.12

🇺🇸 162.216.150.49

🇺🇸 154.83.197.61

🇺🇸 147.185.132.223

🇵🇱 95.214.53.157

🇺🇸 91.230.168.88

🇨🇳 81.68.238.92

🇺🇸 68.193.105.223

🇮🇶 65.20.153.146

🇳🇱 45.148.10.151

🇧🇪 207.175.14.104

🇳🇱 195.178.110.199