JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.191.200.11

23.191.200.11 was found in our database!

This IP was reported 102 times. Confidence of Abuse is 36%: ?

36%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	Unredacted Inc
Usage Type	Data Center/Web Hosting/Transit
ASN	AS401401
Domain Name	unredacted.org
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.191.200.11

Whois 23.191.200.11

IP Abuse Reports for 23.191.200.11:

This IP address has been reported a total of 102 times from 47 distinct sources. 23.191.200.11 was first reported on April 15th 2025, and the most recent report was 15 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 LRob.fr	2026-06-17 07:30:02 (15 hours ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-01 02:05:18 (2 weeks ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-31 04:39:38 (2 weeks ago)	(mod_security) mod_security (id:210350) triggered by 23.191.200.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 23.191.200.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 31 00:39:30.936346 2026] [security2:error] [pid 23524:tid 23524] [client 23.191.200.11:57946] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|www.naturalacu.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "www.naturalacu.com"] [uri "/home-page/"] [unique_id "ahu7grynpZ3P3OFq1ZXdUgAAAA4"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-05-27 14:15:18 (3 weeks ago)	Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk- ... show more Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk-login jail show less	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 04:28:08 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 23.191.200.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 23.191.200.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 00:28:02.821459 2026] [security2:error] [pid 23604:tid 23616] [client 23.191.200.11:61706] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cargosanibel.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cargosanibel.com"] [uri "/dump.sql"] [unique_id "ahUhUqRmjn918lRrHvWBXQAAAQo"], referer: cargosanibel.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇵🇱 nfsec.pl	2026-05-19 21:50:23 (4 weeks ago)	23.191.200.11 - - [19/May/2026:21:50:16 +0000] "GET /giris HTTP/1.1" 404 25104 "-" "Mozilla/5.0 (Win ... show more 23.191.200.11 - - [19/May/2026:21:50:16 +0000] "GET /giris HTTP/1.1" 404 25104 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" 23.191.200.11 - - [19/May/2026:21:50:18 +0000] "GET /admin-login HTTP/1.1" 404 24992 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" 23.191.200.11 - - [19/May/2026:21:50:20 +0000] "GET /panel HTTP/1.1" 404 25216 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" 23.191.200.11 - - [19/May/2026:21:50:21 +0000] "GET /signin HTTP/1.1" 404 25132 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" 23.191.200.11 - - [19/May/2026:21:50:22 +0000] "GET /wp-yonetim HTTP/1.1" 404 25107 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/118.0.0.0 Safari/537.36" ... show less	Web App Attack Exploited Host
🇬🇧 oncord	2026-05-16 08:52:39 (1 month ago)	Form spam	Web Spam
🇧🇷 ICS Labs	2026-05-15 14:52:29 (1 month ago)	ICS Labs identified 23.191.200.11 as a malicious indicator from threat intelligence.	Hacking
🇷🇴 Fn4ticHz	2026-05-10 14:11:19 (1 month ago)	Repeated DDoS targeted -- ZeroGuard X ManagedSRV	DDoS Attack Exploited Host
Anonymous	2026-05-06 04:03:47 (1 month ago)	2026-05-05 19:00:35,764 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.11 2026-05-0 ... show more 2026-05-05 19:00:35,764 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.11 2026-05-05 22:00:33,051 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.11 2026-05-06 01:00:32,685 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.11 2026-05-06 04:00:41,147 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.11 2026-05-06 07:03:45,450 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.11 show less	Brute-Force
🇺🇸 TPI-Abuse	2026-05-02 11:44:50 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 23.191.200.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 23.191.200.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 02 07:44:44.606733 2026] [security2:error] [pid 6822:tid 6822] [client 23.191.200.11:62104] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "cpcontacts.pleaseaddbacon.com"] [uri "/.git/config"] [unique_id "afXjrDdC2X1-bCdeMCe5BgAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇯🇵 demonsword	2026-04-29 18:01:43 (1 month ago)	Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was ... show more Detected by SentinelX honeypot: sent HTTP CONNECT request probing for an open proxy. Connection was hijacked and held in a tarpit to slow down the scan. Probed target: egrul.nalog.ru:443 show less	Open Proxy Port Scan
Anonymous	2026-04-24 21:04:03 (1 month ago)	2026-04-24 12:00:36,201 fail2ban.actions [7718]: NOTICE [tor] Ban 23.191.200.11 2026-04-24 1 ... show more 2026-04-24 12:00:36,201 fail2ban.actions [7718]: NOTICE [tor] Ban 23.191.200.11 2026-04-24 15:00:34,209 fail2ban.actions [7718]: NOTICE [tor] Ban 23.191.200.11 2026-04-24 18:00:36,076 fail2ban.actions [7718]: NOTICE [tor] Ban 23.191.200.11 2026-04-24 21:00:45,197 fail2ban.actions [7718]: NOTICE [tor] Ban 23.191.200.11 2026-04-25 00:04:01,916 fail2ban.actions [7718]: NOTICE [tor] Ban 23.191.200.11 show less	Brute-Force
🇦🇺 oncord	2026-04-23 23:49:08 (1 month ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-04-22 03:30:42 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 23.191.200.11 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 23.191.200.11 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue Apr 21 23:30:38.352667 2026] [security2:error] [pid 1061361:tid 1061361] [client 23.191.200.11:60526] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "xrp589.info"] [uri "/.git/config"] [unique_id "aehA3rP2Om-ms1ZuJi5KNgAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 102 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 208.82.113.88

🇺🇸 185.180.141.54

🇳🇴 185.12.59.118

🇦🇷 181.45.176.232

🇺🇸 91.230.168.4

🇬🇧 89.37.172.153

🇯🇵 45.192.197.86

🇬🇧 45.82.76.101

🇭🇰 40.81.31.179

🇺🇸 38.34.175.146

🇸🇬 212.73.148.42

🇩🇪 195.63.30.145

🇺🇸 162.216.150.111

🇺🇸 162.216.150.89

🇫🇮 147.185.133.164

🇺🇸 135.237.127.190

🇰🇷 112.217.188.122

🇲🇾 49.124.149.213

🇳🇱 45.148.10.147

🇹🇭 202.29.228.248