JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 106.15.248.16

106.15.248.16 was found in our database!

This IP was reported 88 times. Confidence of Abuse is 0%: ?

ISP	Aliyun Computing Co., LTD
Usage Type	Data Center/Web Hosting/Transit
ASN	AS37963
Domain Name	alibabacloud.com
Country	🇨🇳 China
City	Shanghai, Shanghai

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 106.15.248.16

Whois 106.15.248.16

IP Abuse Reports for 106.15.248.16:

This IP address has been reported a total of 88 times from 36 distinct sources. 106.15.248.16 was first reported on February 2nd 2025, and the most recent report was 5 months ago.

Old Reports: The most recent abuse report for this IP address is from 5 months ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇲🇹 Malta	2025-12-30 02:40:46 (5 months ago)	106.15.248.16 - - [30/Dec/2025:03:40:46 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT ... show more 106.15.248.16 - - [30/Dec/2025:03:40:46 +0100] "POST /xmlrpc.php HTTP/1.1" "Mozilla/5.0 (Windows NT 5.1; rv:33.0) Gecko/20100101 Firefox/33.0" show less	Hacking Web App Attack
🇩🇪 masterguru	2025-12-29 23:07:23 (5 months ago)	(XMLRPC) WP XMLPRC Attack 106.15.248.16 (CN/China/-): 5 in the last 3600 secs (0-145)	Hacking
🇦🇺 weblite	2025-12-29 22:24:29 (5 months ago)	WP_XMLRPC_ABUSE	Brute-Force Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 19:07:36 (5 months ago)	(mod_security) mod_security (id:240335) triggered by 106.15.248.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 106.15.248.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Mon Dec 29 14:07:30.847504 2025] [security2:error] [pid 22972:tid 22972] [client 106.15.248.16:51048] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 106.15.248.16 (+1 hits since last alert)\|solventtrapco.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "solventtrapco.com"] [uri "/xmlrpc.php"] [unique_id "aVLRcs9lqB5TvKbCRilrMQAAAAw"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-29 03:55:03 (5 months ago)	(mod_security) mod_security (id:240335) triggered by 106.15.248.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 106.15.248.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 22:54:56.593979 2025] [security2:error] [pid 27171:tid 27171] [client 106.15.248.16:33554] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 106.15.248.16 (+1 hits since last alert)\|gpobiotech.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "gpobiotech.com"] [uri "/xmlrpc.php"] [unique_id "aVH7kCOnCEdfhSp5In7uHwAAAAU"] show less	Brute-Force Bad Web Bot Web App Attack
🇫🇷 Kenshin869	2025-12-29 03:39:22 (5 months ago)	Wordpress unauthorized access attempt	Brute-Force
🇺🇸 TPI-Abuse	2025-12-28 23:13:46 (5 months ago)	(mod_security) mod_security (id:240335) triggered by 106.15.248.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 106.15.248.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 18:13:40.620717 2025] [security2:error] [pid 2295:tid 2295] [client 106.15.248.16:52014] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 106.15.248.16 (+1 hits since last alert)\|equipoperu.org\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "equipoperu.org"] [uri "/xmlrpc.php"] [unique_id "aVG5pBGulgZwAev-GLGo3QAAABg"] show less	Brute-Force Bad Web Bot Web App Attack
🇺🇸 TPI-Abuse	2025-12-28 21:09:36 (5 months ago)	(mod_security) mod_security (id:240335) triggered by 106.15.248.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 106.15.248.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 16:09:28.677406 2025] [security2:error] [pid 7489:tid 7489] [client 106.15.248.16:36372] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 106.15.248.16 (+1 hits since last alert)\|crittergetterpestcontrol.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "crittergetterpestcontrol.com"] [uri "/xmlrpc.php"] [unique_id "aVGciBzCnQ2CgyQ1xb1McwAAABE"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-28 19:42:20 (5 months ago)	(wordpress) Failed wordpress login from 106.15.248.16 (CN/China/Shanghai/Shanghai/-/[redacted])	Brute-Force
🇪🇸 masterguru	2025-12-28 15:30:45 (5 months ago)	xmlrpc request blocked, no referer. Pattern match "xmlrpc.php" at REQUEST_URI. (1020-123)	Web App Attack
🇺🇸 TPI-Abuse	2025-12-28 09:10:15 (5 months ago)	(mod_security) mod_security (id:240335) triggered by 106.15.248.16 (-): 1 in the last 300 secs; Port ... show more (mod_security) mod_security (id:240335) triggered by 106.15.248.16 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Sun Dec 28 04:10:07.911381 2025] [security2:error] [pid 1126043:tid 1126069] [client 106.15.248.16:34762] ModSecurity: Access denied with code 403 (phase 2). Operator EQ matched 0 at IP. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/30_Apps_OtherApps.conf"] [line "5956"] [id "240335"] [rev "5"] [msg "COMODO WAF: XML-RPC Attack Identified (CVE-2013-0235)\|Source 106.15.248.16 (+1 hits since last alert)\|howlerrock.com\|F\|2"] [severity "CRITICAL"] [tag "CWAF"] [tag "OtherApps"] [hostname "howlerrock.com"] [uri "/xmlrpc.php"] [unique_id "aVDz78KVGiNAcNjCFvNRfQAAAEw"] show less	Brute-Force Bad Web Bot Web App Attack
Anonymous	2025-12-28 03:18:23 (5 months ago)		Bad Web Bot Web App Attack
🇳🇱 Site.eu	2025-12-28 00:29:42 (5 months ago)	Repeated wp-login/xmlrpc attempts	Brute-Force SSH
🇩🇪 abdubhai	2025-12-28 00:07:17 (5 months ago)	106.15.248.16 - - [28/Dec/2025:0 ...	Brute-Force
🇩🇪 dbmwebdesign	2025-12-27 19:30:22 (5 months ago)	WordPress login brute-force detected by Fail2Ban in plesk-wordpress jail	Brute-Force Web App Attack

Showing 1 to 15 of 88 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇺🇦 212.90.169.79

🇬🇧 195.140.214.30

🇨🇳 183.66.166.30

🇨🇳 117.72.168.90

🇱🇹 81.30.98.62

🇦🇺 74.91.200.217

🇺🇸 66.132.195.20

🇩🇪 44.144.179.173

🇨🇳 42.180.4.166

🇧🇷 38.236.73.173

🇧🇷 38.236.73.168

🇧🇷 38.236.73.17

🇺🇸 24.116.55.126

🇭🇰 218.255.103.194

🇺🇸 205.210.31.25

🇯🇵 203.25.124.91

🇺🇸 172.236.123.208

🇱🇹 77.90.185.80

🇺🇸 44.213.147.119

🇧🇷 38.236.73.42