JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 87.118.116.12

87.118.116.12 was found in our database!

This IP was reported 564 times. Confidence of Abuse is 71%: ?

71%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	Keyweb AG IP Network
Usage Type	Data Center/Web Hosting/Transit
ASN	AS31103
Hostname(s)	tormachine.keymachine.de
Domain Name	keyweb.de
Country	🇩🇪 Germany
City	Erfurt, Thuringia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 87.118.116.12

Whois 87.118.116.12

IP Abuse Reports for 87.118.116.12:

This IP address has been reported a total of 564 times from 172 distinct sources. 87.118.116.12 was first reported on November 22nd 2020, and the most recent report was 1 day ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-23 02:07:12 (1 day ago)	(mod_security) mod_security (id:210492) triggered by 87.118.116.12 (tormachine.keymachine.de): 1 in ... show more (mod_security) mod_security (id:210492) triggered by 87.118.116.12 (tormachine.keymachine.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 22 22:07:08.261278 2026] [security2:error] [pid 25851:tid 25880] [client 87.118.116.12:34238] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.businessbasicsinstitute.com"] [uri "/.git/config"] [unique_id "ajnqTBtqJ6cWh7XGusblqQAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2026-06-21 19:43:06 (2 days ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-06-20 21:30:23 (3 days ago)	(mod_security) mod_security (id:240335) triggered by 87.118.116.12 (tormachine.keymachine.de): 1 in ... show more (mod_security) mod_security (id:240335) triggered by 87.118.116.12 (tormachine.keymachine.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 20 17:30:20.116559 2026] [security2:error] [pid 31012:tid 31012] [client 87.118.116.12:52374] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 87.118.116.12 (+1 hits since last alert)\|birdlovesfish.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "birdlovesfish.com"] [uri "/xmlrpc.php"] [unique_id "ajcGbKDGmH-KI3d6tsxtYgAAABM"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-17 16:30:10 (6 days ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2026-06-15 22:30:14 (1 week ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-15 03:33:07 (1 week ago)	(mod_security) mod_security (id:211220) triggered by 87.118.116.12 (tormachine.keymachine.de): 1 in ... show more (mod_security) mod_security (id:211220) triggered by 87.118.116.12 (tormachine.keymachine.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Jun 14 23:33:02.707669 2026] [security2:error] [pid 11096:tid 11096] [client 87.118.116.12:49606] ModSecurity: Access denied with code 403 (phase 2). Pattern match "<\\\\?(?!xml\\\\s)" at ARGS:vars[0]. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "70"] [id "211220"] [rev "4"] [msg "COMODO WAF: PHP Injection Attack\|\|coachsherinasalgado.michaelsabbey.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "coachsherinasalgado.michaelsabbey.org"] [uri "/index.php"] [unique_id "ai9ybkP5eb1opAKw7njVhQAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇬🇧 Celtic	2026-06-13 23:41:00 (1 week ago)	Blocked by Fail2Ban with Jail (plesk-modsecurity)	Brute-Force SSH
🇺🇸 ipblock.com	2026-06-13 04:03:00 (1 week ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
🇩🇪 big-cloud.nl	2026-06-12 00:49:37 (1 week ago)	Try to access /xmlrpc.php	Web App Attack
🇫🇮 nNordic	2026-06-09 10:19:14 (2 weeks ago)	Connection attempt blocked by IDS/IPS from 87.118.116.12/32	Hacking
Anonymous	2026-06-02 11:07:11 (3 weeks ago)	Attac	Brute-Force
🇺🇸 mnsf	2026-06-01 15:05:39 (3 weeks ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 20:29:51 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 87.118.116.12 (tormachine.keymachine.de): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 87.118.116.12 (tormachine.keymachine.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 16:29:46.020842 2026] [security2:error] [pid 1690:tid 1690] [client 87.118.116.12:59846] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|thommesen.net\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "thommesen.net"] [uri "/dump.sql"] [unique_id "ahtIusaCAQPz-iMoXlPwgwAAAAQ"], referer: thommesen.net/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-30 19:48:06 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 87.118.116.12 (tormachine.keymachine.de): 1 in ... show more (mod_security) mod_security (id:210730) triggered by 87.118.116.12 (tormachine.keymachine.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 30 15:48:01.666821 2026] [security2:error] [pid 10977:tid 10977] [client 87.118.116.12:53104] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|gurusportz.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "gurusportz.com"] [uri "/dump.sql"] [unique_id "ahs-8eJYphtP96CTiYvgLwAAABE"], referer: gurusportz.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 leithzz	2026-05-30 18:30:53 (3 weeks ago)	Report by Cloudflare.Time: 2026-05-30T18:30:24Z	DDoS Attack

Showing 1 to 15 of 564 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.223.41.90

🇫🇷 90.84.168.147

🇧🇬 79.124.59.78

🇺🇸 68.71.255.210

🇳🇱 45.156.128.166

🇺🇸 162.216.149.176

🇨🇳 122.114.241.136

🇩🇪 64.89.163.173

🇫🇮 46.62.169.144

🇩🇪 185.242.3.195

🇺🇸 147.185.132.83

🇨🇳 111.77.236.32

🇺🇸 66.132.172.208

🇺🇸 65.49.1.26

🇧🇷 205.210.31.137

🇺🇸 162.216.149.58

🇨🇳 112.124.14.100

🇳🇱 50.7.233.211

🇨🇳 220.182.14.60

🇳🇱 176.65.148.58