JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.128.248.161

23.128.248.161 was found in our database!

This IP was reported 19 times. Confidence of Abuse is 65%: ?

65%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	StormyCloud Inc
Usage Type	Data Center/Web Hosting/Transit
ASN	AS400226
Hostname(s)	tor-exit-002.stormycloud.org
Domain Name	stormycloud.org
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.128.248.161

Whois 23.128.248.161

IP Abuse Reports for 23.128.248.161:

This IP address has been reported a total of 19 times from 14 distinct sources. 23.128.248.161 was first reported on May 16th 2026, and the most recent report was 57 minutes ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-16 04:41:03 (57 minutes ago)	(mod_security) mod_security (id:210492) triggered by 23.128.248.161 (tor-exit-002.stormycloud.org): ... show more (mod_security) mod_security (id:210492) triggered by 23.128.248.161 (tor-exit-002.stormycloud.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 16 00:40:57.465238 2026] [security2:error] [pid 15242:tid 15242] [client 23.128.248.161:6170] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "120"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.jaynawilliamsrealty.com.jbcllcnet.com"] [uri "/.git/config"] [unique_id "ajDT2Vj2PIYRc1cgBODHBgAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2026-06-14 00:15:03 (2 days ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇫🇷 MatStef132	2026-06-12 22:48:08 (3 days ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇺🇸 TPI-Abuse	2026-06-10 03:10:53 (6 days ago)	(mod_security) mod_security (id:243420) triggered by 23.128.248.161 (tor-exit-002.stormycloud.org): ... show more (mod_security) mod_security (id:243420) triggered by 23.128.248.161 (tor-exit-002.stormycloud.org): 1 in the last 300 secs; Ports: ; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Jun 09 23:10:46.762032 2026] [security2:error] [pid 7324:tid 7324] [client 23.128.248.161:45416] ModSecurity: Access denied with code 403 (phase 3). Match of "validateByteRange 0-31" against "ARGS:" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "6640"] [id "243420"] [rev "4"] [msg "COMODO WAF: Information disclosure vulnerability in Eclipse Jetty before 9.2.9.v20150224 (CVE-2015-2080)\|\|\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "reseller-web179.com"] [uri "/cgi-bin/test-cgi"] [unique_id "aijVtqh0Sgn-UafSJ0WmkAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-10 00:11:02 (6 days ago)	Scanning/Probing (14)	Brute-Force Web App Attack
Anonymous	2026-06-06 04:22:42 (1 week ago)	Unauthorized access (tcp/443/https)	Port Scan Web App Attack
Anonymous	2026-06-04 09:41:50 (1 week ago)	2026-06-04T13:11:42.010531+03:30 digitalogic sshd-session[628526]: pam_unix(sshd:auth): authenticati ... show more 2026-06-04T13:11:42.010531+03:30 digitalogic sshd-session[628526]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=23.128.248.161 2026-06-04T13:11:43.518558+03:30 digitalogic sshd-session[628526]: Failed password for invalid user 1 from 23.128.248.161 port 17518 ssh2 2026-06-04T13:11:48.074060+03:30 digitalogic sshd-session[628526]: Connection closed by invalid user 1 23.128.248.161 port 17518 [preauth] ... show less	Brute-Force SSH
🇫🇷 ✨	2026-06-02 01:57:14 (2 weeks ago)	Rule : PLESK BOT 2026-06-02 03:56:59 Unauthorized login attempt to Plesk Panel from IP 23.128.248.16 ... show more Rule : PLESK BOT 2026-06-02 03:56:59 Unauthorized login attempt to Plesk Panel from IP 23.128.248.161 with username admin show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 22:05:36 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 23.128.248.161 (tor-exit-002.stormycloud.org): ... show more (mod_security) mod_security (id:210492) triggered by 23.128.248.161 (tor-exit-002.stormycloud.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 18:05:31.336009 2026] [security2:error] [pid 610:tid 610] [client 23.128.248.161:17568] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.railsolutionsmexico.com"] [uri "/.git/config"] [unique_id "ah4CK-tq-pVGAFbKpZOVxAAAAAo"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-06-01 16:30:34 (2 weeks ago)	Failed login attempt detected by Fail2Ban in plesk-postfix jail	Brute-Force
🇦🇺 oncord	2026-05-30 02:42:44 (2 weeks ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-05-28 16:57:38 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 23.128.248.161 (tor-exit-002.stormycloud.org): ... show more (mod_security) mod_security (id:210730) triggered by 23.128.248.161 (tor-exit-002.stormycloud.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 12:57:33.033516 2026] [security2:error] [pid 3346:tid 3346] [client 23.128.248.161:63268] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|nolenelam.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "nolenelam.com"] [uri "/dump.sql"] [unique_id "ahhz_fZnyM3gU--6yzYUOgAAAAk"], referer: nolenelam.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-28 16:23:17 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 23.128.248.161 (tor-exit-002.stormycloud.org): ... show more (mod_security) mod_security (id:210492) triggered by 23.128.248.161 (tor-exit-002.stormycloud.org): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 28 12:23:10.233997 2026] [security2:error] [pid 31990:tid 31990] [client 23.128.248.161:6440] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "mail.7bsuperfruit.com"] [uri "/.git/config"] [unique_id "ahhr7siszTr_uEuGnXGELwAAAAE"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 grassau.com	2026-05-27 18:17:12 (2 weeks ago)	(plesk-panel) Failed plesk-panel login with username [redacted] from 23.128.248.161 (US/United State ... show more (plesk-panel) Failed plesk-panel login with username [redacted] from 23.128.248.161 (US/United States/-/-/tor-exit-002.stormycloud.org) show less	Brute-Force
🇦🇺 screwlooseit.com.au	2026-05-27 17:18:17 (2 weeks ago)	Blocked by CSF 13 firewall - Rule: WPLOGIN tor-exit-002.stormycloud.org	Web App Attack

Showing 1 to 15 of 19 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 209.71.70.120

🇺🇸 207.90.244.26

🇮🇳 122.187.235.148

🇷🇴 80.94.92.171

🇩🇪 43.165.3.187

🇺🇿 213.230.127.104

🇧🇷 205.210.31.162

🇷🇼 197.243.14.52

🇧🇷 177.118.189.11

🇺🇸 173.254.213.217

🇸🇬 167.71.195.101

🇪🇬 156.207.134.137

🇨🇳 125.122.36.17

🇻🇳 103.60.242.169

🇨🇦 24.157.90.252

🇮🇳 223.188.2.109

🇪🇨 186.3.186.131

🇮🇳 152.58.6.91

🇨🇳 144.52.249.177

🇭🇰 118.26.36.18