JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.56.53.189

212.56.53.189 was found in our database!

This IP was reported 11 times. Confidence of Abuse is 0%: ?

ISP	VPN Consumer Los Angeles, United States
Usage Type	Data Center/Web Hosting/Transit
ASN	AS4213
Domain Name	vpnconsumer.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.56.53.189

Whois 212.56.53.189

IP Abuse Reports for 212.56.53.189:

This IP address has been reported a total of 11 times from 6 distinct sources. 212.56.53.189 was first reported on April 27th 2025, and the most recent report was 7 months ago.

Old Reports: The most recent abuse report for this IP address is from 7 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇦 polycoda	2025-11-09 11:50:04 (7 months ago)	📄 Probes for wp-login.php and other inexistent URLs	Hacking Web App Attack
🇺🇸 TPI-Abuse	2025-11-09 00:42:32 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 212.56.53.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 212.56.53.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 19:42:24.110408 2025] [security2:error] [pid 30554:tid 30554] [client 212.56.53.189:0] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|southernbroadcast.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "southernbroadcast.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ_jcCv1pRl3KZ-QWC67SQAAAAA"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-08 12:11:18 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 212.56.53.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 212.56.53.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 07:11:11.562082 2025] [security2:error] [pid 24842:tid 24842] [client 212.56.53.189:7303] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|dougscomputers.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "dougscomputers.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ8zX2lLUGrBI1QwzwA7cQAAABI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-08 09:43:17 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 212.56.53.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:225170) triggered by 212.56.53.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 04:43:13.623086 2025] [security2:error] [pid 5852:tid 5852] [client 212.56.53.189:6096] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|winterspring.net\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "winterspring.net"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ8QsaXG89V7jrk4WrP76QAAAA8"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 LRob.fr	2025-11-08 09:06:01 (7 months ago)	Repeated requests on blocked xmlrpc.php, blocked by fail2ban in custom-503-xmlrpc jail	Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-10-29 14:50:26 (7 months ago)	(mod_security) mod_security (id:210730) triggered by 212.56.53.189 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:210730) triggered by 212.56.53.189 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Wed Oct 29 10:50:20.827057 2025] [security2:error] [pid 32682:tid 32682] [client 212.56.53.189:24074] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|web142.dnchosting.com\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "web142.dnchosting.com"] [uri "/mailman/admindb/hardmanfamily_coolestfamilyever.com"] [unique_id "aQIprIHYHjHMg3hIcmBLDQAAAAM"] show less	Brute-Force Bad Web Bot Web App Attack
🇨🇳 ThreatBook.io	2025-07-18 00:53:28 (11 months ago)	ThreatBook Intelligence: Dynamic IP more details on http://threatbook.io/ip/212.56.53.189	Web App Attack
🇺🇸 oncord	2025-06-16 09:22:42 (1 year ago)	Form spam	Web Spam
🇦🇺 oncord	2025-05-15 10:29:46 (1 year ago)	Form spam	Web Spam
🇦🇺 oncord	2025-05-10 20:04:33 (1 year ago)	Form spam	Web Spam
🇫🇷 Bensay	2025-04-27 17:09:49 (1 year ago)	2025-04-27T19:09:46.163686+02:00 bzhbenjouille.ovh auth[2998260]: pam_unix(dovecot:auth): authentica ... show more 2025-04-27T19:09:46.163686+02:00 bzhbenjouille.ovh auth[2998260]: pam_unix(dovecot:auth): authentication failure; logname= uid=0 euid=0 tty=dovecot [email protected] rhost=212.56.53.189 2025-04-27T19:09:48.086227+02:00 bzhbenjouille.ovh dovecot[879]: auth-worker(2998260): conn unix:auth-worker (pid=2998256,uid=0): auth-worker<2>: passwd([email protected],212.56.53.189): unknown user ... show less	Email Spam Port Scan Brute-Force Exploited Host

Showing 1 to 11 of 11 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇸 216.244.66.201

🇺🇦 212.111.193.14

🇲🇽 186.96.151.198

🇳🇱 185.93.89.167

🇺🇸 166.88.169.62

🇫🇮 147.185.133.118

🇮🇳 103.214.61.42

🇮🇷 85.198.19.241

🇳🇱 45.148.10.141

🇸🇬 43.173.177.94

🇺🇸 20.29.24.16

🇨🇳 14.103.114.89

🇦🇷 190.196.248.140

🇺🇾 167.57.150.182

🇧🇾 153.80.244.54

🇺🇸 144.225.187.181

🇮🇷 130.185.72.228

🇨🇳 101.254.159.210

🇳🇱 81.19.216.67

🇺🇸 64.227.101.166