AbuseIPDB » 31.57.42.148
31.57.42.148 was found in our database!
This IP was reported 6 times. Confidence of
Abuse
is 2%: ?
| ISP |
GOLD IP L.L.C-FZ
|
| Usage Type |
Data Center/Web Hosting/Transit
|
| ASN |
AS9009
|
| Domain Name |
goldipv4.com
|
| Country |
π¨π¦
Canada
|
| City |
Montreal, Quebec
|
IP info including ISP, Usage Type, and Location provided
by IPInfo. Updated weekly.
IP Abuse Reports for 31.57.42.148:
This IP address has been reported a total of
6
times from
3 distinct
sources.
31.57.42.148 was first reported on
, and the most recent report was
.
Old Reports:
The most recent abuse report for this IP address is from
. It is possible that this IP is no longer involved in abusive activities.
| Reporter |
IoA Timestamp (UTC)
|
Comment |
Categories |
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210492) triggered by 31.57.42.148 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210492) triggered by 31.57.42.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 22:08:57.070440 2026] [security2:error] [pid 12707:tid 12723] [client 31.57.42.148:41919] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "wp-config.php" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "kettlehill.com"] [uri "/wp-config.php.swp"] [unique_id "ahzpufr1zQOtbkd9viUoSAAAAAw"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
[Thu Jan 01 06:22:01.342840 2026] [:error] [pid 91731:tid 91731] [client 31.57.42.148:43501] ModSecu ...
show more
[Thu Jan 01 06:22:01.342840 2026] [:error] [pid 91731:tid 91731] [client 31.57.42.148:43501] ModSecurity: Warning. Matched "Operator `Rx' with parameter `^\\(\\s*\\)\\s+\\{' against variable `REQUEST_HEADERS:Shellshock' (Value: `() { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd' ) [file "/usr/local/modsecurity-crs/rules/REQUEST-932-APPLICATION-ATTACK-RCE.conf"] [line "662"] [id "932170"] [rev ""] [msg "Remote Command Execution: Shellshock (CVE-2014-6271)"] [data "Matched Data: () { found within REQUEST_HEADERS:Shellshock: () { ignored; }; echo Content-Type: text/html; echo ; /bin/cat /etc/passwd"] [severity "2"] [ver "OWASP_CRS/4.22.0-dev"] [maturity "0"] [accuracy "0"] [tag "application-multi"] [tag "language-shell"] [tag "platform-unix"] [tag "attack-rce"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "OWASP_CRS/ATTACK-RCE"] [tag "capec/1000/152/248/88"] [uri "//cgi-bin/stats"] [unique_id "176724492156.620389"] [ref "o0,4v203,74t:urlD
...
show less
|
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:210730) triggered by 31.57.42.148 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:210730) triggered by 31.57.42.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Nov 12 04:30:07.228059 2025] [security2:error] [pid 17063:tid 17063] [client 31.57.42.148:50081] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy||nbcnewsradio.com|F|2"] [data ".php.bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nbcnewsradio.com"] [uri "/main.php.bak"] [unique_id "aRRTn--SFie4_BxWYyWnKQAAAAs"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:211190) triggered by 31.57.42.148 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:211190) triggered by 31.57.42.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 01 11:01:00.391516 2025] [security2:error] [pid 9487:tid 9526] [client 31.57.42.148:37073] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||mail.kettlehill.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /wp-content/plugins/se-html5-album-audio-player/download_audio.php?file=/wp-content/uploads/../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.kettlehill.com"] [uri "/wp-content/plugins/se-html5-album-audio-player/download_audio.php"] [unique_id "aN1CLEvyOqnYEaX7Ie4Z5QAAANE"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
|
Anonymous
|
|
| XSS (Cross Site Scripting) attempt.
|
Hacking
SQL Injection
Web App Attack
|
|
|
πΊπΈ
TPI-Abuse
|
|
(mod_security) mod_security (id:211190) triggered by 31.57.42.148 (-): 1 in the last 300 secs; Ports ...
show more
(mod_security) mod_security (id:211190) triggered by 31.57.42.148 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 30 23:00:35.904166 2025] [security2:error] [pid 10928:tid 11080] [client 31.57.42.148:53247] [client 31.57.42.148] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt||www.staging.kettlehill.com|F|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /chat/imController/showOrDownByurl.do?dbPath=../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "staging.kettlehill.com"] [uri "/chat/imController/showOrDownByurl.do"] [unique_id "aBLj02hpHha-h36oCB5prgAAAI4"]
show less
|
Brute-Force
Bad Web Bot
Web App Attack
|
|
Showing 1 to
6
of 6 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown π©
Recently Reported IPs: