JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 57.129.16.41

57.129.16.41 was found in our database!

This IP was reported 196 times. Confidence of Abuse is 18%: ?

18%

ISP	OVH GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16276
Hostname(s)	vps-d3dbb879.vps.ovh.net
Domain Name	ovh.net
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 57.129.16.41

Whois 57.129.16.41

IP Abuse Reports for 57.129.16.41:

This IP address has been reported a total of 196 times from 12 distinct sources. 57.129.16.41 was first reported on May 21st 2023, and the most recent report was 22 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 TPI-Abuse	2026-06-13 21:10:00 (22 hours ago)	(mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Jun 13 17:09:55.101460 2026] [security2:error] [pid 21678:tid 21678] [client 57.129.16.41:58824] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|genesis-castle.com:80\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "genesis-castle.com"] [uri "/networkl/map.log"] [unique_id "ai3HIzFt3BoQWQuj4qw22QAAAC0"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 11:00:08 (2 weeks ago)	(mod_security) mod_security (id:210492) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210492) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 06:59:59.006298 2026] [security2:error] [pid 8200:tid 8200] [client 57.129.16.41:40658] ModSecurity: Access denied with code 403 (phase 1). Matched phrase ".htaccess" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "needtoorder.us"] [uri "/USE-To-BLOCKwww.countryipblocks.net.htaccess"] [unique_id "ahbOr-mkM1koZl23qabWWAAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 11:00:54 (2 weeks ago)	(mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 07:00:47.743772 2026] [security2:error] [pid 32643:tid 32643] [client 57.129.16.41:43422] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|mindchill.net:80\|F\|2"] [data ".exe.config"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "mindchill.net"] [uri "/mindchill.net/otherstuff/Application Files/RockeTXT_1_0_0_18/RockeTXT.exe.config"] [unique_id "ahV9Xy5EdaS6niHyBq3v0AAAAAQ"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-21 06:39:57 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 02:39:51.693142 2026] [security2:error] [pid 27939:tid 27939] [client 57.129.16.41:48086] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|koswerks.net:443\|F\|2"] [data ".bak"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "koswerks.net"] [uri "/index.bak"] [unique_id "ag6ot9DSlUz4eBqN1pANNQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇮 Erpelstolz	2026-05-18 13:29:25 (3 weeks ago)	external host: 57.129.16.41 - - [18/May/2026:15:29:20 +0200] "HEAD /backup.zip HTTP/1.1" 200 2818 "- ... show more external host: 57.129.16.41 - - [18/May/2026:15:29:20 +0200] "HEAD /backup.zip HTTP/1.1" 200 2818 "-" "Go-http-client/1.1" show less	Web App Attack
🇺🇸 TPI-Abuse	2026-05-17 21:46:31 (3 weeks ago)	(mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun May 17 17:46:27.642151 2026] [security2:error] [pid 28568:tid 28585] [client 57.129.16.41:47208] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|digital4z.com:443\|F\|2"] [data ".log"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "digital4z.com"] [uri "/Digital4z.com/Digital4z/wp-content/plugins/jetpack/css/WS_FTP.LOG"] [unique_id "ago3M11k8t4TtJb8HVceYgAAAEI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 17:43:52 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 13:43:48.732678 2026] [security2:error] [pid 13934:tid 13934] [client 57.129.16.41:58562] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.test.grimone.com:80\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "test.grimone.com"] [uri "/patrick/German/Europe Day 1/Thumbs.db"] [unique_id "agis1KQYuC2oc_89_OEGWQAAAAk"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 16:59:40 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 12:59:33.459961 2026] [security2:error] [pid 29511:tid 29511] [client 57.129.16.41:58146] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "4"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|idodat.com:443\|F\|2"] [data ".php.old"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "idodat.com"] [uri "/index.php.OLD"] [unique_id "agiidaD1S5xVndqJJ_vcLAAAACY"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 15:44:10 (4 weeks ago)	(mod_security) mod_security (id:210492) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210492) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 11:44:06.299816 2026] [security2:error] [pid 6118:tid 6118] [client 57.129.16.41:59144] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/Web.config" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.stygianpassage.com.greighhouse.com"] [uri "/web.config"] [unique_id "agiQxm1xnPOWemNJflkd-QAAAA8"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-16 10:45:49 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat May 16 06:45:42.805425 2026] [security2:error] [pid 3018:tid 3018] [client 57.129.16.41:34794] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.timezonespro.com.verdadesreales.com:80\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.timezonespro.com.verdadesreales.com"] [uri "/Calendrical/Calendrica/Java/mailto:[email protected]"] [unique_id "aghK1sJ7eHQSNSXiwM2CLwAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 Starburst SysOp Team	2026-05-15 17:19:21 (4 weeks ago)	URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .b ... show more URL file extension is restricted by policy. String match within ".ani/ .asa/ .asax/ .ascx/ .back/ .backup/ .bak/ .bck/ .bk/ .bkp/ .bat/ .cdx/ .cer/ .cfg/ .cmd/ .cnf/ .com/ .compositefont/ .config/ .conf/ .copy/ .crt/ .cs/ .csproj/ .csr/ .dat/ .db/ .dbf/ .dist/ .dll/ .dos/ .dpkg-dist/ .drv/ .gadget/ .hta/ .htr/ .htw/ .ida/ .idc/ .idq/ .inc/ .inf/ .ini/ .jks/ .jse/ .key/ .licx/ .lnk/ .log/ .mdb/ .msc/ .ocx/ .old/ .pass/ .pdb/ .pfx/ .pif/ .pem/ .pol/ .prf/ .printer/ .pwd/ .rdb/ .rdp/ .reg/ .resources/ .resx/ .sav/ .save/ .scr/ .sct/ .sh/ .shs/ .sql/ .sqlite/ .sqlite3/ .swap/ .swo/ .swp/ .sys/ .temp/ .tfstate/ .tlb/ .tmp/ .vb/ .vbe/ .vbs/ .vbproj/ .vsdisco/ .vxd/ .webinfo/ .ws/ .wsc/ .wsf/ .wsh/ .xsd/ .xsx/" at TX:extension. (920440-stl2-17) show less	Hacking
🇺🇸 TPI-Abuse	2026-05-15 10:04:06 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 06:03:58.556935 2026] [security2:error] [pid 29807:tid 29807] [client 57.129.16.41:53088] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|keystroke.info:80\|F\|2"] [data ".php.backup"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "keystroke.info"] [uri "/LocalSettings.php.backup"] [unique_id "agbvjoRHuLvE5zShcLhVIQAAACg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 09:24:09 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 05:24:05.993960 2026] [security2:error] [pid 14800:tid 14800] [client 57.129.16.41:47812] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cffragrances.iee-usa.com:80\|F\|2"] [data ".db"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cffragrances.iee-usa.com"] [uri "/wp-content/plugins/featured-content-gallery/css/img/Thumbs.db"] [unique_id "agbmNfYyvb2P9jbrG7btlAAAAAI"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-15 06:58:25 (4 weeks ago)	(mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210730) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri May 15 02:58:16.225734 2026] [security2:error] [pid 18378:tid 18458] [client 57.129.16.41:34926] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|www.bh4sale.omegaoak.com:80\|F\|2"] [data ".dat"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "www.bh4sale.omegaoak.com"] [uri "/includes/geo/GeoIP.dat"] [unique_id "agbECJpzUIASfWc6lQO2WQAAAIo"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-05 23:28:30 (1 month ago)	(mod_security) mod_security (id:210492) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in t ... show more (mod_security) mod_security (id:210492) triggered by 57.129.16.41 (vps-d3dbb879.vps.ovh.net): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 05 19:28:22.291185 2026] [security2:error] [pid 22828:tid 22828] [client 57.129.16.41:38780] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/composer.lock" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "tecnoconce.cl"] [uri "/rvsitebuilder/composer.lock"] [unique_id "afp9FvYMQRUzCAnz6uz9qQAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 196 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇻🇳 112.137.143.2

🇨🇳 60.166.31.198

🇺🇸 52.21.227.35

🇳🇱 45.148.10.151

🇺🇸 35.236.255.219

🇶🇦 34.18.125.195

🇳🇱 5.129.217.102

🇰🇷 1.247.245.61

🇨🇳 220.196.229.7

🇲🇺 197.227.8.186

🇷🇴 193.32.162.16

🇲🇽 189.194.140.170

🇩🇪 151.243.11.35

🇺🇸 143.244.169.201

🇨🇳 120.33.197.123

🇱🇹 45.227.254.170

🇮🇳 34.131.140.97

🇺🇸 217.145.224.190

🇬🇧 213.166.84.56

🇺🇸 205.210.31.95