JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 57.129.91.235

57.129.91.235 was found in our database!

This IP was reported 100 times. Confidence of Abuse is 62%: ?

62%

This address is a Tor exit node. Neither the owner nor the provider are directly behind the offending action.

ISP	OVH GmbH
Usage Type	Data Center/Web Hosting/Transit
ASN	AS16276
Hostname(s)	exit1.mit-security.at
Domain Name	ovh.net
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 57.129.91.235

Whois 57.129.91.235

IP Abuse Reports for 57.129.91.235:

This IP address has been reported a total of 100 times from 54 distinct sources. 57.129.91.235 was first reported on June 4th 2025, and the most recent report was 2 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 polycoda	2026-06-05 14:36:09 (2 days ago)	AutoBlock: 📂 Directory Listings (Decay-Based) - 📊 Admin Panel Scanning (Decay-Based) - ❌ Excessive 4 ... show more AutoBlock: 📂 Directory Listings (Decay-Based) - 📊 Admin Panel Scanning (Decay-Based) - ❌ Excessive 40X Errors (Decay-Based) show less	Bad Web Bot Web App Attack
🇺🇸 mnsf	2026-06-03 23:06:16 (4 days ago)	Abuse Detected (1)	Brute-Force Web App Attack
🇩🇪 Martin Lundstrom	2026-06-01 10:08:29 (6 days ago)	https://www.eagleeye-intelligence.com — IDS: network scan. Automatically detected and blocked.	Port Scan Web App Attack
🇩🇪 iNetWorker	2026-05-28 12:13:47 (1 week ago)	trolling for resource vulnerabilities	Web App Attack
🇫🇮 YF	2026-05-28 01:02:20 (1 week ago)	WordPress author enumeration	Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 20:43:41 (1 week ago)	(mod_security) mod_security (id:210730) triggered by 57.129.91.235 (exit1.mit-security.at): 1 in the ... show more (mod_security) mod_security (id:210730) triggered by 57.129.91.235 (exit1.mit-security.at): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 16:43:36.450055 2026] [security2:error] [pid 32161:tid 32161] [client 57.129.91.235:55666] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|proyectomanhattan.info\|F\|2"] [data ".sql"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "proyectomanhattan.info"] [uri "/dump.sql"] [unique_id "ahdXeLuKUtW1a1p05trZogAAAAs"], referer: proyectomanhattan.info/dump.sql show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-05-27 15:49:15 (1 week ago)	(mod_security) mod_security (id:210492) triggered by 57.129.91.235 (exit1.mit-security.at): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 57.129.91.235 (exit1.mit-security.at): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed May 27 11:49:05.708258 2026] [security2:error] [pid 8050:tid 8050] [client 57.129.91.235:52254] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.svn/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "rockonevilrobots.com"] [uri "/.svn/entries"] [unique_id "ahcScb2fzCD2lEiZdaizAAAAAAY"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 ger-stg-sifi1	2026-05-26 08:09:35 (1 week ago)	(wordpress) Failed wordpress login using wp-login.php or xmlrpc.php	Web App Attack
🇺🇸 TPI-Abuse	2026-05-26 04:04:49 (1 week ago)	(mod_security) mod_security (id:240335) triggered by 57.129.91.235 (exit1.mit-security.at): 1 in the ... show more (mod_security) mod_security (id:240335) triggered by 57.129.91.235 (exit1.mit-security.at): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Tue May 26 00:04:41.325848 2026] [security2:error] [pid 27504:tid 27504] [client 57.129.91.235:54002] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 57.129.91.235 (+1 hits since last alert)\|mirai-labo.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "mirai-labo.com"] [uri "/xmlrpc.php"] [unique_id "ahUb2UvMnZ4EIwNu5Q_xTQAAAA0"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 FeG Deutschland	2026-05-25 23:59:32 (1 week ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 127	Exploited Host Web App Attack
🇫🇷 MatStef132	2026-05-24 20:58:23 (2 weeks ago)	MatShield L7: blocked on mathost.eu (ua-quarantined)	Bad Web Bot
🇮🇩 securejdprop	2026-05-23 11:26:17 (2 weeks ago)	This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor R ... show more This IP was detected by CrowdSec triggering crowdsecurity/suricata-major-severity(ET TOR Known Tor Relay/Router (Not Exit) Node Traffic group 120). Ip 57.129.91.235 performed 'crowdsecurity/suricata-major-severity' (1 events over 0s) at 2026-05-23 11:26:15.527314139 +0000 UTC show less	Hacking Web App Attack
🇺🇸 ipblock.com	2026-05-21 16:06:00 (2 weeks ago)	IPBlock protected site ID [3717-sec]. Robotic site crawling, undeclared spider	Bad Web Bot Web App Attack
Anonymous	2026-05-11 13:28:35 (3 weeks ago)	57.129.91.235 - - [11/May/2026:13:28:34 +0000] "GET /bothole/stinkwell.php?f=8%20AND%209955%3D%28SEL ... show more 57.129.91.235 - - [11/May/2026:13:28:34 +0000] "GET /bothole/stinkwell.php?f=8%20AND%209955%3D%28SELECT%20UPPER%28XMLType%28CHR%2860%29%7C%7CCHR%2858%29%7C%7CCHR%28113%29%7C%7CCHR%2898%29%7C%7CCHR%28112%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7C%28SELECT%20%28CASE%20WHEN%20%289955%3D9955%29%20THEN%201%20ELSE%200%20END%29%20FROM%20DUAL%29%7C%7CCHR%28113%29%7C%7CCHR%2898%29%7C%7CCHR%2898%29%7C%7CCHR%28120%29%7C%7CCHR%28113%29%7C%7CCHR%2862%29%29%29%20FROM%20DUAL%29&sid=5d136a9786a26bc8c8c9214c174745b4&start=100 HTTP/1.1" 307 6791 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/137.0.0.0 Safari/537.36 Edg/137.0.0.0" ... show less	SQL Injection
🇺🇸 TPI-Abuse	2026-05-11 06:11:53 (3 weeks ago)	(mod_security) mod_security (id:210492) triggered by 57.129.91.235 (exit1.mit-security.at): 1 in the ... show more (mod_security) mod_security (id:210492) triggered by 57.129.91.235 (exit1.mit-security.at): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon May 11 02:11:45.717964 2026] [security2:error] [pid 6200:tid 6200] [client 57.129.91.235:49554] ModSecurity: Access denied with code 403 (phase 1). Matched phrase "/.git/" at REQUEST_URI. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/02_Global_Generic.conf"] [line "117"] [id "210492"] [rev "3"] [severity "CRITICAL"] [tag "CWAF"] [tag "Generic"] [hostname "www.kitchenwindows.jbaydeliveries.com"] [uri "/.git/config"] [unique_id "agFzIfgHcwHYL5jyilka-wAAAB0"] show less	Brute-Force Bad Web Bot Web App Attack

Showing 1 to 15 of 100 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 211.105.231.21

🇩🇪 178.201.162.195

🇺🇸 66.132.195.22

🇺🇸 64.31.25.250

🇱🇹 45.227.254.170

🇳🇱 45.154.98.82

🇳🇱 45.148.10.141

🇸🇬 43.160.233.207

🇰🇷 39.115.195.164

🇺🇸 20.98.140.180

🇺🇸 20.64.105.252

🇨🇳 1.48.51.21

🇻🇳 221.132.29.17

🇺🇸 198.46.168.51

🇿🇦 196.192.181.202

🇳🇱 193.176.31.219

🇳🇱 193.176.31.209

🇺🇸 185.191.171.19

🇬🇧 161.12.35.165

🇺🇸 147.185.132.183