JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 23.191.200.13

23.191.200.13 was found in our database!

This IP was reported 101 times. Confidence of Abuse is 53%: ?

53%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	Unredacted Inc
Usage Type	Data Center/Web Hosting/Transit
ASN	AS401401
Domain Name	unredacted.org
Country	🇺🇸 United States of America
City	Kansas City, Missouri

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 23.191.200.13

Whois 23.191.200.13

IP Abuse Reports for 23.191.200.13:

This IP address has been reported a total of 101 times from 47 distinct sources. 23.191.200.13 was first reported on April 25th 2025, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇮🇩 securejdprop	2026-06-10 10:41:54 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor E ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Exit Node Traffic group 87). Ip 23.191.200.13 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-06-10 10:41:53.02311527 +0000 UTC show less	Hacking Web App Attack
🇺🇸 mnsf	2026-06-05 06:05:46 (1 week ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-06-04 11:57:56 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 23.191.200.13 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210492) triggered by 23.191.200.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Jun 04 07:57:50.260629 2026] [security2:error] [pid 19399:tid 19399] [client 23.191.200.13:39438] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.itibitico.com"] [uri "/.git/config"] [unique_id "aiFoPm-j_BuBDQPf3kDAtQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 ✨	2026-06-02 00:45:14 (1 week ago)	Rule : PLESK BOT 2026-06-02 02:44:29 Unauthorized login attempt to Plesk Panel from IP 23.191.200.13 ... show more Rule : PLESK BOT 2026-06-02 02:44:29 Unauthorized login attempt to Plesk Panel from IP 23.191.200.13 with username admin show less	Hacking Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-29 17:14:17 (1 week ago)	(mod_security) mod_security (id:210350) triggered by 23.191.200.13 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210350) triggered by 23.191.200.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 29 13:14:13.503958 2026] [security2:error] [pid 31882:tid 31882] [client 23.191.200.13:47866] ModSecurity: Access denied with code 403 (phase 2). Pattern match "\\\\b(close\|keep-alive),[\\\\t\\\\n\\\\r ]{0,1}(close\|keep-alive)\\\\b" at REQUEST_HEADERS:Connection. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/12_HTTP_Protocol.conf"] [line "70"] [id "210350"] [rev "1"] [msg "COMODO WAF: Multiple/Conflicting Connection Header Data Found\|\|youthriskbehavior.com\|F\|4"] [data "keep-alive, close"] [severity "WARNING"] [tag "CWAF"] [tag "Protocol"] [hostname "youthriskbehavior.com"] [uri "/cpanel/"] [unique_id "ahnJZfvDdIIh1YvqHh62fgAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 MAGIC	2026-05-29 00:25:17 (2 weeks ago)	VM1 Bad user agents ignoring web crawling rules. Draing bandwidth	DDoS Attack Bad Web Bot
🇩🇪 LRob.fr	2026-05-27 13:30:11 (2 weeks ago)	Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk- ... show more Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk-login jail show less	Brute-Force Web App Attack
🇫🇮 as211431.net	2026-05-26 16:04:53 (2 weeks ago)	Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: BLOCK Protocol: HTTP/1.1 (GET metho ... show more Triggered Cloudflare WAF (firewallCustom) from T1. Action taken: BLOCK Protocol: HTTP/1.1 (GET method) Endpoint: /geofeed.csv UA: Go-http-client/1.1 This report was generated by: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB show less	Bad Web Bot
🇺🇸 dpinse	2026-05-22 19:50:06 (2 weeks ago)	Malicious activity detected from 401401 Unredacted Inc (GET HTTP/1.1 /) @ 2026-05-22T19:50:06Z	Open Proxy VPN IP Port Scan Hacking SQL Injection Bad Web Bot Exploited Host Web App Attack
🇦🇺 oncord	2026-05-22 14:27:40 (2 weeks ago)	Form spam	Web Spam
🇺🇸 avgsmoe	2026-05-20 22:00:14 (3 weeks ago)	CROWDSEC offender. Observed 267 times.	Port Scan Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-13 20:17:12 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 23.191.200.13 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 23.191.200.13 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 13 16:17:05.697399 2026] [security2:error] [pid 30075:tid 30075] [client 23.191.200.13:43528] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thegoldentether.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thegoldentether.com"] [uri "/database/backup.sql"] [unique_id "agTcQRFfu_DCS4RfC1--JAAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2026-05-11 09:06:34 (1 month ago)	23.191.200.13 - - [11/May/2026:09:06:34 +0000] "GET /bothole/stinkwell.php?f=4%20AND%206400%3D%28SEL ... show more 23.191.200.13 - - [11/May/2026:09:06:34 +0000] "GET /bothole/stinkwell.php?f=4%20AND%206400%3D%28SELECT%20UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%28112%29%7C%7CCHR%28107%29%7C%7CCHR%28113%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%286400%3D6400%29%20THEN%201%20ELSE%200%20END%29%20FROM%20DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%28118%29%7C%7CCHR%28113%29%7C%7CCHR%2898%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29%20FROM%20DUAL%29&t=13631&st=0&sk=t&sd=a HTTP/1.1" 307 6755 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.3 Safari/605.1.15" ... show less	SQL Injection
🇺🇸 avgsmoe	2026-05-06 19:01:03 (1 month ago)	CROWDSEC offender. Observed 33 times.	Port Scan Brute-Force Web App Attack
Anonymous	2026-05-06 04:03:51 (1 month ago)	2026-05-05 19:00:36,434 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.13 2026-05-0 ... show more 2026-05-05 19:00:36,434 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.13 2026-05-05 22:00:33,745 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.13 2026-05-06 01:00:33,348 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.13 2026-05-06 04:00:41,818 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.13 2026-05-06 07:03:49,906 fail2ban.actions [3625835]: NOTICE [tor] Ban 23.191.200.13 show less	Brute-Force

Showing 1 to 15 of 101 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.56

🇩🇪 213.23.121.194

🇫🇮 147.185.133.56

🇮🇳 103.162.65.192

🇳🇱 91.92.242.55

🇸🇦 82.167.161.49

🇯🇴 46.248.202.63

🇺🇸 2001:470:1:332::7d

🇺🇸 162.216.149.51

🇨🇳 111.26.62.46

🇺🇸 107.151.249.250

🇺🇸 107.151.195.1

🇩🇪 69.5.169.28

🇳🇱 193.176.31.147

🇩🇪 141.11.250.239

🇭🇰 125.59.252.103

🇩🇪 91.107.146.112

🇬🇧 87.236.176.102

🇺🇸 66.132.172.118

🇰🇷 14.63.217.28