JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 31.57.90.132

31.57.90.132 was found in our database!

This IP was reported 18 times. Confidence of Abuse is 12%: ?

12%

ISP	GOLD IP L.L.C-FZ
Usage Type	Data Center/Web Hosting/Transit
ASN	AS396356
Domain Name	goldipv4.com
Country	🇯🇵 Japan
City	Tokyo, Tokyo

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 31.57.90.132

Whois 31.57.90.132

IP Abuse Reports for 31.57.90.132:

This IP address has been reported a total of 18 times from 8 distinct sources. 31.57.90.132 was first reported on January 15th 2025, and the most recent report was 4 weeks ago.

Old Reports: The most recent abuse report for this IP address is from 4 weeks ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 artifice	2026-05-25 01:49:52 (4 weeks ago)	WordPress attack activity: hacking, credential brute-force, web-application attack.	Hacking Brute-Force Web App Attack
🇨🇭 backslash	2026-05-13 10:48:00 (1 month ago)	block ruleset CC531825F9395F9A07FB06C1247C46770A2690F8	Bad Web Bot
🇺🇸 Mundo Bueno	2026-05-08 02:08:22 (1 month ago)	[ISILIA Protection v2.1] Tentative d'accès: /xmlrpc.php \| Pays: JP \| UA: Mozilla/5.0 (Macintosh; Int ... show more [ISILIA Protection v2.1] Tentative d'accès: /xmlrpc.php \| Pays: JP \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 14_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 show less	Hacking Web App Attack
🇩🇪 LRob.fr	2026-02-15 23:21:13 (4 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-02-06 23:35:29 (4 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
Anonymous	2026-02-01 16:19:14 (4 months ago)	Ports: 80,443; Direction: 0; Trigger: LF_CUSTOMTRIGGER	Brute-Force SSH
🇫🇷 masterguru	2026-01-29 15:45:36 (4 months ago)	(modsec_5015) ModSec 5015: Suspicious User-Agent from 31.57.90.132 (JP/Japan/-): 1 in the last 3600 ... show more (modsec_5015) ModSec 5015: Suspicious User-Agent from 31.57.90.132 (JP/Japan/-): 1 in the last 3600 secs (0-197) show less	Hacking
🇩🇪 LRob.fr	2026-01-27 04:50:46 (4 months ago)	Repeated attacks detected by Fail2Ban in recidive jail	Hacking
🇩🇪 LRob.fr	2026-01-26 12:36:49 (4 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-01-17 00:21:09 (5 months ago)	(mod_security) mod_security (id:212620) triggered by 31.57.90.132 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:212620) triggered by 31.57.90.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Jan 16 19:20:37.552363 2026] [security2:error] [pid 5894:tid 5894] [client 31.57.90.132:49339] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<script\\\\b" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/07_XSS_XSS.conf"] [line "65"] [id "212620"] [rev "4"] [msg "COMODO WAF: Cross-site Scripting (XSS) Attack\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: <script found within REQUEST_URI: /modules/fieldpopupnewsletter/ajax.php?callback=<script>alert(document.domain)</script>"] [severity "CRITICAL"] [tag "CWAF"] [tag "XSS"] [hostname "ftp.nbcnewsradio.com"] [uri "/modules/fieldpopupnewsletter/ajax.php"] [unique_id "aWrV1TF5isqdXHRhs12hFgAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 19:13:45 (5 months ago)	(mod_security) mod_security (id:211190) triggered by 31.57.90.132 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:211190) triggered by 31.57.90.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:12:58.426802 2025] [security2:error] [pid 22840:tid 22935] [client 31.57.90.132:40497] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|www.kettlehill.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /tarantella/cgi-bin/secure/ttawlogin.cgi/?action=start&pg=../../../../../../../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kettlehill.com"] [uri "/tarantella/cgi-bin/secure/ttawlogin.cgi/"] [unique_id "aVLSuvUSdzJ-gbjPWKhS4AAAAII"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-13 09:49:21 (7 months ago)	(mod_security) mod_security (id:211190) triggered by 31.57.90.132 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:211190) triggered by 31.57.90.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Nov 13 04:49:13.234268 2025] [security2:error] [pid 26694:tid 26694] [client 31.57.90.132:43847] ModSecurity: Access denied with code 403 (phase 2). Match of "contains cpanel" against "REQUEST_URI" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "55"] [id "211190"] [rev "9"] [msg "COMODO WAF: Remote File Access Attempt\|\|ftp.nbcnewsradio.com\|F\|2"] [data "Matched Data: /etc/ found within REQUEST_URI: /index.php?option=com_omphotogallery&controller=../../../../../../../../../etc/passwd"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "ftp.nbcnewsradio.com"] [uri "/index.php"] [unique_id "aRWpmT5U13z62l_bsPNRAAAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-09-27 20:53:32 (8 months ago)	(mod_security) mod_security (id:210492) triggered by 31.57.90.132 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 31.57.90.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Sep 27 16:53:27.803789 2025] [security2:error] [pid 18201:tid 18201] [client 31.57.90.132:42233] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "autoconfig.deandobkin.com"] [uri "/.env.prod"] [unique_id "aNhOxx8Rhnb2MjHAUApSRwAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-07-27 14:35:40 (10 months ago)	Ports: 2077,2078,2082,2083,2086,2087,2095,2096; Direction: 0; Trigger: LF_DISTATTACK	Brute-Force SSH
🇺🇸 TPI-Abuse	2025-07-27 00:19:43 (10 months ago)	(mod_security) mod_security (id:210492) triggered by 31.57.90.132 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210492) triggered by 31.57.90.132 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jul 26 20:19:37.352428 2025] [security2:error] [pid 172229:tid 172488] [client 31.57.90.132:43479] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webmail.kettlehill.net"] [uri "/.env.old"] [unique_id "aIVwmeZd-uShJ73phjvvGgAAARc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 18 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇭🇰 199.45.154.177

🇨🇳 103.236.94.102

🇷🇴 80.94.92.167

🇬🇧 193.163.125.11

🇩🇪 192.109.200.220

🇨🇳 101.126.155.86

🇩🇪 93.240.38.192

🇰🇿 92.47.46.174

🇺🇸 70.91.135.181

🇮🇳 52.172.177.191

🇮🇳 49.37.200.76

🇺🇸 3.131.24.55

🇸🇬 2a04:c607:33:13:9999::144

🇺🇸 158.51.96.38

🇩🇪 92.50.89.157

🇷🇺 87.226.190.225

🇷🇺 31.173.2.33

🇳🇱 31.56.209.125

🇺🇸 208.69.161.214

🇸🇾 205.209.67.3