JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 5.231.31.41

5.231.31.41 was found in our database!

This IP was reported 34 times. Confidence of Abuse is 100%: ?

100%

ISP	Exception-Host
Usage Type	Data Center/Web Hosting/Transit
ASN	AS213850
Hostname(s)	exception-host.com
Domain Name	exception-host.com
Country	🇩🇪 Germany
City	Ubach-Palenberg, North Rhine-Westphalia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 5.231.31.41

Whois 5.231.31.41

IP Abuse Reports for 5.231.31.41:

This IP address has been reported a total of 34 times from 23 distinct sources. 5.231.31.41 was first reported on June 6th 2026, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇳🇱 homeshowdomain.nl	2026-06-08 22:00:25 (2 hours ago)	Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on ... show more Auto-ban: single probe for restricted files (.env / backups / admin endpoints). Likely mass-scan on 2026-06-07. show less	Web App Attack SSH Hacking
🇳🇱 e.fierstra	2026-06-07 23:43:05 (1 day ago)	ModSecurity hits exceeded	Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-07 22:52:47 (1 day ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-201)	Hacking Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 17:31:29 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 5.231.31.41 (exception-host.com): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 5.231.31.41 (exception-host.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 13:31:23.020839 2026] [security2:error] [pid 17465:tid 17465] [client 5.231.31.41:47700] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "colbygrenier.com"] [uri "/backend/.env"] [unique_id "aiWq61GrSizhDxwHxtOg1gAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 sdos.es	2026-06-07 16:57:21 (1 day ago)	"Restricted File Access Attempt - Matched Data: /.env found within REQUEST_FILENAME: /admin/.env"	Web App Attack
🇩🇪 Lino Project	2026-06-07 15:17:20 (1 day ago)	CrowdSec abuse IP report (host SRV-2) Scenario: crowdsecurity/http-sensitive-files	Hacking
🇫🇷 masterguru	2026-06-07 15:13:45 (1 day ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-195)	Hacking Web App Attack
🇧🇾 lns.bz	2026-06-07 13:04:58 (1 day ago)	.env scanning [BY]	Web App Attack
🇩🇪 NewGastroline	2026-06-07 12:45:43 (1 day ago)	Malicious request blocked by CrowdSec on gastro-prod1.boreus.de	Bad Web Bot Web App Attack
🇫🇷 masterguru	2026-06-07 12:21:41 (1 day ago)	Restricted File Access Attempt. Matched phrase ".env" at REQUEST_FILENAME. (930130-196)	Hacking Web App Attack
Anonymous	2026-06-07 10:56:03 (1 day ago)	Bot / scanning and/or hacking attempts: GET /admin/.env HTTP/1.1, GET /backend/.env HTTP/1.1, GET /a ... show more Bot / scanning and/or hacking attempts: GET /admin/.env HTTP/1.1, GET /backend/.env HTTP/1.1, GET /app/.env HTTP/1.1, GET /core/.env HTTP/1.1, GET /api/.env HTTP/1.1, GET /laravel/.env HTTP/1.1, GET /dev/.env HTTP/1.1 show less	Hacking Web App Attack
🇩🇪 4server	2026-06-07 09:01:22 (1 day ago)	[SunJun0711:01:19.0075812026][security2:error][pid3619216:tid3619346][client5.231.31.41:0]ModSecurit ... show more [SunJun0711:01:19.0075812026][security2:error][pid3619216:tid3619346][client5.231.31.41:0]ModSecurity:Accessdeniedwithcode403$phase2$.Patternmatch\"$\?:\\\\\\\\b\(\?:\\\\\\\\.\(\?:ht\(\?:access\\|passwd\\|group$\\|www_\?acl\)\\|global\\\\\\\\.asa\\|httpd\\\\\\\\.conf\\|boot\\\\\\\\.ini\\|web.config\)\\\\\\\\b\\|$\\|\^\\|\\\\\\\\.\\\\\\\\.$/etc/\\|/\\\\\\\\.$\?:history\\|bash_history\\|sh_history\\|env$\$\)\"atREQUEST_FILENAME.[file\"/etc/apache2/conf.d/modsec_rules/10_asl_rules.conf\"][line\"204\"][id\"390709\"][rev\"30\"][msg\"Atomicorp.comWAFRules:Attempttoaccessprotectedfileremotely\"][data\"/.env\"][severity\"CRITICAL\"][hostname\"royalhosting.ch\"][uri\"/member/.env\"][unique_id\"aiUzXzeWRPwtDVioH_MTzgAAARI\"] show less	Port Scan Brute-Force Web App Attack
🇯🇵 Valhalla	2026-06-07 07:47:55 (1 day ago)	/core/.env	Hacking Web App Attack
🇷🇺 DZBOT	2026-06-07 07:07:29 (1 day ago)	DZBOT: Website Scanning / Scraping	Bad Web Bot Exploited Host Web App Attack
🇺🇸 TPI-Abuse	2026-06-07 05:03:12 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 5.231.31.41 (exception-host.com): 1 in the last ... show more (mod_security) mod_security (id:210492) triggered by 5.231.31.41 (exception-host.com): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 07 01:03:04.229975 2026] [security2:error] [pid 29085:tid 29085] [client 5.231.31.41:33824] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.env" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "verventdft.com"] [uri "/api/.env"] [unique_id "aiT7iOAQblmOwhu528AnRwAAAAc"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 34 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇳🇱 161.35.150.108

🇳🇱 161.35.149.99

🇮🇳 152.52.234.110

🇰🇷 121.161.242.168

🇰🇷 119.195.102.159

🇺🇸 103.219.170.37

🇹🇼 59.126.87.212

🇭🇰 45.131.179.125

🇺🇸 45.79.82.114

🇪🇪 45.12.28.218

🇸🇬 8.219.115.249

🇪🇸 172.110.221.82

🇳🇱 161.35.149.227

🇳🇱 161.35.148.60

🇦🇫 149.54.62.62

🇧🇷 138.122.148.94

🇨🇳 125.126.200.34

🇺🇸 104.21.91.216

🇬🇧 88.97.179.221

🇸🇦 77.240.87.244