JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.56.53.96

212.56.53.96 was found in our database!

This IP was reported 12 times. Confidence of Abuse is 0%: ?

ISP	VPN Consumer Los Angeles, United States
Usage Type	Data Center/Web Hosting/Transit
ASN	AS4213
Domain Name	vpnconsumer.com
Country	🇺🇸 United States of America
City	Los Angeles, California

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.56.53.96

Whois 212.56.53.96

IP Abuse Reports for 212.56.53.96:

This IP address has been reported a total of 12 times from 7 distinct sources. 212.56.53.96 was first reported on May 7th 2025, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇧🇷 SvrAdmin	2025-12-30 15:14:52 (5 months ago)	[101] (smtpauth) Failed SMTP AUTH login from 212.56.53.96 (US/United States/-): 5 in the last 3600 s ... show more [101] (smtpauth) Failed SMTP AUTH login from 212.56.53.96 (US/United States/-): 5 in the last 3600 secs; Ports: *; Direction: inout; Trigger: LF_SMTPAUTH; Logs: 2025-12-30 12:14:47 dovecot_login authenticator failed for (ADMIN) [212.56.53.96]:56780: 535 Incorrect authentication data ([email protected]) 2025-12-30 12:14:47 dovecot_login authenticator failed for (ADMIN) [212.56.53.96]:4229: 535 Incorrect authentication data ([email protected]) 2025-12-30 12:14:47 dovecot_login authenticator failed for (ADMIN) [212.56.53.96]:5416: 535 Incorrect authentication data ([email protected]) 2025-12-30 12:14:47 dovecot_login authenticator failed for (ADMIN) [212.56.53.96]:57650: 535 Incorrect authentication data ([email protected]) 2025-12-30 12:14:47 dovecot_login authenticator failed for (ADMIN) [212.56.53.96]:50175: 535 Incorrect authentication data ([email protected]) show less	Port Scan Hacking Brute-Force Exploited Host
🇨🇭 backslash	2025-11-09 01:05:07 (7 months ago)	block ruleset bad bot: wordpress scans 82C095539D4FDAF84E2E2FD6B6FC0664645851A8	Bad Web Bot
🇺🇸 TPI-Abuse	2025-11-09 00:15:14 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 19:15:06.816069 2025] [security2:error] [pid 3765:tid 3765] [client 212.56.53.96:49376] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|fitnessdoctors.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fitnessdoctors.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ_dCsyjxKX5Se55aWknLwAAAAI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-08 22:18:01 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 17:17:57.543660 2025] [security2:error] [pid 7863:tid 7863] [client 212.56.53.96:16725] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|gcsmith.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "gcsmith.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ_BlbpfMEvjv7WpgT0nOgAAAAQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-08 21:15:04 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 16:14:59.137070 2025] [security2:error] [pid 20389:tid 20418] [client 212.56.53.96:49980] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|transiit.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "transiit.org"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ-y0-FB4xxsWWa-NOgB_wAAAMw"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-08 20:58:33 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 15:58:26.259877 2025] [security2:error] [pid 11763:tid 11763] [client 212.56.53.96:29776] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|serpentstudios.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "serpentstudios.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ-u8vojiAVsQYP0zUroVQAAAAU"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-11-08 19:23:31 (7 months ago)	(mod_security) mod_security (id:225170) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sat Nov 08 14:23:24.068411 2025] [security2:error] [pid 1145:tid 1145] [client 212.56.53.96:2096] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|blasy.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "blasy.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aQ-YrF7DxPtm8A5WmCEDNwAAAAs"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇦 TCP FAILED	2025-06-18 17:33:27 (1 year ago)	TCP Watch Auto Report: Detected a ddos attack and suspicious activity from this IP, indicating a pot ... show more TCP Watch Auto Report: Detected a ddos attack and suspicious activity from this IP, indicating a potential attack show less	DDoS Attack Hacking IoT Targeted
🇩🇪 bescared	2025-06-03 07:47:51 (1 year ago)	F2B - Malicious activity detected. Web Spam.	Web Spam
🇯🇵 ki3	2025-05-22 04:16:46 (1 year ago)	Fail2Ban: Web App Attacks and Forum Spam 212.56.53.96 1747887405.0(JST)	Web Spam Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-05-08 07:00:29 (1 year ago)	(mod_security) mod_security (id:210730) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:210730) triggered by 212.56.53.96 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 08 03:00:26.386061 2025] [security2:error] [pid 1616002:tid 1616002] [client 212.56.53.96:62647] [client 212.56.53.96] ModSecurity: Access denied with code 403 (phase 2). Match of "pmFromFile userdata_wl_extensions" against "TX:extension" required. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/10_HTTP_HTTP.conf"] [line "27"] [id "210730"] [rev "5"] [msg "COMODO WAF: URL file extension is restricted by policy\|\|cnprcertificationreviews.org\|F\|2"] [data ".com"] [severity "CRITICAL"] [tag "CWAF"] [tag "HTTP"] [hostname "cnprcertificationreviews.org"] [uri "/facebook.com"] [unique_id "aBxWilz8peGS5qdRVqyMowAAAAU"], referer: https://cnprcertificationreviews.org/ show less	Brute-Force Bad Web Bot Web App Attack
🇦🇺 oncord	2025-05-07 07:26:02 (1 year ago)	Form spam	Web Spam

Showing 1 to 12 of 12 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇬🇧 193.163.125.225

🇩🇪 185.176.94.38

🇭🇰 114.111.53.214

🇻🇳 103.90.227.203

🇻🇳 58.186.46.91

🇺🇸 209.112.91.74

🇨🇴 179.1.121.117

🇳🇱 176.65.139.92

🇺🇸 147.185.132.173

🇭🇰 103.146.158.57

🇺🇸 102.129.234.96

🇫🇷 51.68.111.217

🇷🇴 2.57.121.25

🇬🇧 193.163.125.227

🇨🇳 182.116.54.24

🇮🇳 182.95.61.82

🇫🇮 178.20.210.208

🇭🇰 152.32.213.68

🇻🇳 103.167.89.222

🇿🇦 102.64.37.90