JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 212.56.54.81

212.56.54.81 was found in our database!

This IP was reported 22 times. Confidence of Abuse is 30%: ?

30%

ISP	VPN Consumer New Jersey, United States of America
Usage Type	Data Center/Web Hosting/Transit
ASN	AS4213
Domain Name	vpnconsumer.com
Country	🇺🇸 United States of America
City	Trenton, New Jersey

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 212.56.54.81

Whois 212.56.54.81

IP Abuse Reports for 212.56.54.81:

This IP address has been reported a total of 22 times from 16 distinct sources. 212.56.54.81 was first reported on May 28th 2025, and the most recent report was 4 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇩🇪 Lino Project	2026-06-13 23:40:12 (4 days ago)	212.56.54.81 - - [14/Jun/2026:01:40:11 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3714 "-" "Mozilla/5.0 ... show more 212.56.54.81 - - [14/Jun/2026:01:40:11 +0200] "POST /xmlrpc.php HTTP/1.1" 403 3714 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0" ... show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-06-01 20:23:26 (2 weeks ago)	(mod_security) mod_security (id:240335) triggered by 212.56.54.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:240335) triggered by 212.56.54.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Jun 01 16:23:22.798375 2026] [security2:error] [pid 23155:tid 23155] [client 212.56.54.81:9021] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 212.56.54.81 (+1 hits since last alert)\|fernfield.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "fernfield.com"] [uri "/xmlrpc.php"] [unique_id "ah3qOsOnBV0b64d5tO3jPwAAAAg"] show less	Brute-Force Bad Web Bot Web App Attack
🇹🇷 Squearex	2026-05-21 09:08:39 (4 weeks ago)	Automated ban by SCUMUnified Shield. Honeypot Trap Triggered (Decoy Port 25565)	Brute-Force SSH
🇩🇪 int8	2026-05-21 09:07:48 (4 weeks ago)	2026-05-21T09:07:48.435105498Z Minecraft server scanner: status request	Port Scan
🇳🇱 FREAKISH	2026-05-21 09:06:46 (4 weeks ago)	2026-05-21 11:06:46: Minecraft server scan detected from 212.56.54.81 on port 25565 of 127.0.0.1	Port Scan
🇩🇪 zUnlegit	2026-05-21 09:06:31 (4 weeks ago)	2026-05-21 09:06:31: Minecraft server scan detected from 212.56.54.81 on port 25565 of mailserver	Port Scan
🇺🇸 cpxducky	2026-05-21 09:06:21 (4 weeks ago)	2026-05-21 09:06:21: Minecraft server scan detected from 212.56.54.81 on port 25565 of mail.cpxducky ... show more 2026-05-21 09:06:21: Minecraft server scan detected from 212.56.54.81 on port 25565 of mail.cpxducky.com show less	Port Scan
🇺🇸 TPI-Abuse	2026-02-02 02:55:29 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 212.56.54.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 212.56.54.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 21:55:25.067172 2026] [security2:error] [pid 980642:tid 980642] [client 212.56.54.81:26558] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|fluffmoo.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "fluffmoo.org"] [uri "/wp-json/wp/v2/users"] [unique_id "aYASHRDVAuk4f50JqB3f0AAAABI"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2026-02-01 20:07:34 (4 months ago)	(mod_security) mod_security (id:225170) triggered by 212.56.54.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 212.56.54.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Feb 01 15:07:27.055317 2026] [security2:error] [pid 31124:tid 31124] [client 212.56.54.81:17812] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|1cdn.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "1cdn.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aX-yf3mRsZyeLh--5eJ0jwAAAAQ"], referer: https://www.google.com show less	Brute-Force Bad Web Bot Web App Attack
🇨🇿 lp	2026-01-31 12:13:18 (4 months ago)	Email account brute force: 6 attempts were recorded from 212.56.54.81 2026-01-31T12:32:41+01:00 warn ... show more Email account brute force: 6 attempts were recorded from 212.56.54.81 2026-01-31T12:32:41+01:00 warning: unknown[212.56.54.81]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-01-31T12:32:42+01:00 warning: unknown[212.56.54.81]: SASL LOGIN authentication failed: authentication failure, [email protected] 2026-01-31T12:32:43+01:00 warning: unknown[212.56.54.81]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-01-31T12:32:43+01:00 warning: unknown[212.56.54.81]: SASL LOGIN authentication failed: authentication failure, [email protected] 2026-01-31T12:32:50+01:00 warning: unknown[212.56.54.81]: SASL PLAIN authentication failed: authentication failure, [email protected] 2026-01-31T12:32:51+01:00 warning: unknown[212.56.54.81]: SASL LOGIN authentication failed: authenticatio show less	Brute-Force
🇭🇺 Lacika555	2025-12-24 15:35:56 (5 months ago)	RdpGuard detected brute-force attempt on SMTP	Brute-Force
🇧🇪 cmbplf	2025-09-09 20:59:06 (9 months ago)	5 /?urqfx=tlnzj (3mos1w6dfromnow)	Brute-Force Bad Web Bot
🇩🇪 bescared	2025-08-08 13:46:35 (10 months ago)	F2B - Malicious activity detected. URL Probing.	Hacking Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-08-08 13:11:12 (10 months ago)	(mod_security) mod_security (id:225170) triggered by 212.56.54.81 (-): 1 in the last 300 secs; Ports ... show more (mod_security) mod_security (id:225170) triggered by 212.56.54.81 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Fri Aug 08 09:11:05.389074 2025] [security2:error] [pid 14899:tid 14899] [client 212.56.54.81:64665] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at REQUEST_COOKIES_NAMES. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/26_Apps_WordPress.conf"] [line "155"] [id "225170"] [rev "3"] [msg "COMODO WAF: Sensitive Information Disclosure Vulnerability in WordPress 4.7 (CVE-2017-5487)\|\|travelwithjenniferb.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "WordPress"] [hostname "travelwithjenniferb.com"] [uri "/wp-json/wp/v2/users"] [unique_id "aJX3aZeN7OiMZhEVvC94GQAAABw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 myagent.site	2025-08-08 04:20:50 (10 months ago)	Blocking for trying to access an exploit file: /xmlrpc.php	Hacking

Showing 1 to 15 of 22 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇫🇷 203.55.81.2

🇺🇦 194.44.62.10

🇧🇷 186.226.184.118

🇳🇱 178.253.23.71

🇸🇬 121.6.81.59

🇮🇳 116.73.240.74

🇺🇸 16.58.56.214

🇨🇩 2620:171:99:f003:9999::50

🇧🇪 198.235.24.137

🇳🇱 192.42.116.66

🇺🇸 66.132.172.124

🇺🇸 20.15.200.100

🇧🇷 205.210.31.243

🇺🇸 205.210.31.98

🇮🇩 180.247.61.114

🇭🇰 152.32.129.236

🇨🇳 223.75.156.89

🇦🇺 203.185.198.246

🇳🇱 185.93.89.130

🇰🇷 182.209.190.102