JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 87.118.122.30

87.118.122.30 was found in our database!

This IP was reported 889 times. Confidence of Abuse is 38%: ?

38%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	Keyweb AG IP Network
Usage Type	Data Center/Web Hosting/Transit
ASN	AS31103
Hostname(s)	this-is-a-tor-exit-node---keywebtor2.artikel5ev.de
Domain Name	keyweb.de
Country	🇩🇪 Germany
City	Erfurt, Thuringia

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 87.118.122.30

Whois 87.118.122.30

IP Abuse Reports for 87.118.122.30:

This IP address has been reported a total of 889 times from 215 distinct sources. 87.118.122.30 was first reported on November 22nd 2020, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-05-27 19:25:36 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 87.118.122.30 (this-is-a-tor-exit-node---keyweb ... show more (mod_security) mod_security (id:210730) triggered by 87.118.122.30 (this-is-a-tor-exit-node---keywebtor2.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 15:25:30.446929 2026] [security2:error] [pid 25790:tid 25790] [client 87.118.122.30:54910] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|hennessymillworks.com\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "hennessymillworks.com"] [uri "/dump.sql"] [unique_id "ahdFKhdYMpRezX-loiHegQAAAAo"], referer: hennessymillworks.com/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 knock	2026-05-25 01:27:36 (1 week ago)	Knock-Knock honeypot brute-force: proto8 (15 total hits)	Brute-Force
🇺🇸 webgobe	2026-05-24 03:38:48 (2 weeks ago)	caw-Joomla User : try to access forms...	Hacking
🇫🇷 ✨	2026-05-22 23:06:16 (2 weeks ago)	Rule : PLESK BOT 2026-05-23 01:05:20 Unauthorized login attempt to Plesk Panel from IP 87.118.122.30 ... show more Rule : PLESK BOT 2026-05-23 01:05:20 Unauthorized login attempt to Plesk Panel from IP 87.118.122.30 with username administrator show less	Hacking Brute-Force Web App Attack
🇿🇦 VPSDNS.co.za	2026-05-19 18:41:15 (2 weeks ago)	2026-05-19T18:41:15.050397+00:00 rbdns kernel: [UFW BLOCK] IN=eth0 OUT= MAC=bc:24:11:65:b4:ae:e8:eb: ... show more 2026-05-19T18:41:15.050397+00:00 rbdns kernel: [UFW BLOCK] IN=eth0 OUT= MAC=bc:24:11:65:b4:ae:e8:eb:d3:b1:0a:77:08:00 SRC=87.118.122.30 DST=102.214.10.82 LEN=64 TOS=0x00 PREC=0x00 TTL=53 ID=4295 DF PROTO=TCP SPT=44188 DPT=53 WINDOW=64240 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇩🇪 iGroupware	2026-05-17 20:03:19 (2 weeks ago)	Suspicious signup pattern	Web App Attack
🇷🇴 Fn4ticHz	2026-05-10 11:58:13 (4 weeks ago)	Repeated DDoS targeted -- ZeroGuard X ManagedSRV	DDoS Attack Exploited Host
🇺🇸 TPI-Abuse	2026-05-03 15:41:34 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 87.118.122.30 (this-is-a-tor-exit-node---keyweb ... show more (mod_security) mod_security (id:210492) triggered by 87.118.122.30 (this-is-a-tor-exit-node---keywebtor2.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 03 11:41:31.627850 2026] [security2:error] [pid 23284:tid 23284] [client 87.118.122.30:47810] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "webdisk.airedaleflyer.com"] [uri "/.git/config"] [unique_id "afdsqzU-OZeUEMaTtyVwnQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 YF	2026-04-29 08:03:00 (1 month ago)	WordPress content enumeration (no WP here)	Web App Attack
🇦🇺 oncord	2026-04-24 23:40:21 (1 month ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-04-16 11:42:42 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 87.118.122.30 (this-is-a-tor-exit-node---keyweb ... show more (mod_security) mod_security (id:210492) triggered by 87.118.122.30 (this-is-a-tor-exit-node---keywebtor2.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu Apr 16 07:42:37.350073 2026] [security2:error] [pid 1842591:tid 1842591] [client 87.118.122.30:58164] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.register-yacht-slovenia.com.yacht-register-holland.com"] [uri "/.git/config"] [unique_id "aeDLLUUG150EgRDKmNunSQAAABY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 kosada.com	2026-04-08 14:38:19 (1 month ago)	Web SQL injection: SELECT (CASE WHEN (8812=8812) THEN CHAR(49) ELSE CHAR(48) END	SQL Injection
🇩🇪 LRob.fr	2026-04-07 20:45:15 (1 month ago)	Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk- ... show more Plesk panel login attempt with forbidden username (root/admin), blocked by Fail2Ban in custom-plesk-login jail show less	Brute-Force Web App Attack
🇺🇸 oncord	2026-04-04 15:41:56 (2 months ago)	Form spam	Web Spam
🇺🇸 TPI-Abuse	2026-04-01 22:03:47 (2 months ago)	(mod_security) mod_security (id:210492) triggered by 87.118.122.30 (this-is-a-tor-exit-node---keyweb ... show more (mod_security) mod_security (id:210492) triggered by 87.118.122.30 (this-is-a-tor-exit-node---keywebtor2.artikel5ev.de): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Apr 01 18:03:38.755886 2026] [security2:error] [pid 25839:tid 25839] [client 87.118.122.30:38140] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.templegardens.org"] [uri "/.git/config"] [unique_id "ac2WOuPTmN4_l6s6apx-aAAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 889 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇩🇪 213.209.159.225

🇺🇸 209.55.147.4

🇨🇳 202.105.98.252

🇺🇸 172.253.242.58

🇮🇳 125.20.210.182

🇺🇸 104.248.218.184

🇺🇸 45.61.184.228

🇻🇳 42.96.19.37

🇩🇪 217.88.124.31

🇳🇱 195.178.110.199

🇬🇧 194.50.235.142

🇵🇱 91.236.174.20

🇺🇸 65.254.225.231

🇳🇱 34.147.71.207

🇨🇳 182.44.12.151

🇮🇩 163.7.6.41

🇮🇩 103.98.176.164

🇧🇩 103.16.248.164

🇿🇦 102.129.61.200

🇷🇺 95.165.88.115