JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 106.63.26.27

106.63.26.27 was found in our database!

This IP was reported 234 times. Confidence of Abuse is 100%: ?

100%

ISP	Chinatelecom Cloudy company Tianjin network
Usage Type	Data Center/Web Hosting/Transit
ASN	AS141679
Domain Name	189.cn
Country	🇨🇳 China
City	Tianjin, Tianjin

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 106.63.26.27

Whois 106.63.26.27

IP Abuse Reports for 106.63.26.27:

This IP address has been reported a total of 234 times from 125 distinct sources. 106.63.26.27 was first reported on July 9th 2024, and the most recent report was 1 hour ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇫🇷 EDSL	2026-06-07 06:23:02 (1 hour ago)	[mail.edsl.fr] Blocked by SysWarden Firewall (Web Attack)	Web App Attack Hacking Port Scan
🇫🇷 masterguru	2026-06-07 05:19:23 (2 hours ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 106.63.26.27 (CN/China/-): 2 in the l ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 106.63.26.27 (CN/China/-): 2 in the last 3600 secs (0-196) show less	Hacking
🇫🇷 masterguru	2026-06-06 16:44:49 (14 hours ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 106.63.26.27 (CN/China/-): 1 in the l ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 106.63.26.27 (CN/China/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇺🇸 abenage	2026-06-06 12:59:07 (18 hours ago)	2026/06/06 06:59:06 [crit] 1210188#1210188: 4466 SSL_do_handshake() failed (SSL: error:0A00006C:SSL ... show more 2026/06/06 06:59:06 [crit] 1210188#1210188: 4466 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 106.63.26.27, server: 0.0.0.0:443 show less	Bad Web Bot Web App Attack
🇺🇸 ambor	2026-06-05 09:42:18 (1 day ago)	Attack type: wordpress_attack_attempt \| Target: /robots.txt \| UA: Mozilla/5.0 (Macintosh; Intel Mac ... show more Attack type: wordpress_attack_attempt \| Target: /robots.txt \| UA: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) Ap \| Country: CN show less	Web App Attack Brute-Force
🇩🇪 David Ferneding	2026-06-03 22:06:37 (3 days ago)	Blocked by UFW (TCP on 9000) Source port: 55416 TTL: 47 Packet length: 44 TOS: 0x00 This report (fo ... show more Blocked by UFW (TCP on 9000) Source port: 55416 TTL: 47 Packet length: 44 TOS: 0x00 This report (for 106.63.26.27) was generated by: https://github.com/sefinek/UFW-AbuseIPDB-Reporter show less	Port Scan
Anonymous	2026-06-03 15:01:28 (3 days ago)	106.63.26.27 - - [03/Jun/2026:17:01:27 +0200] "GET /sitemap.xml HTTP/1.1" 403 5689 "-" "Mozilla/5.0 ... show more 106.63.26.27 - - [03/Jun/2026:17:01:27 +0200] "GET /sitemap.xml HTTP/1.1" 403 5689 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0" ... show less	Web App Attack
🇫🇷 masterguru	2026-06-03 10:23:46 (3 days ago)	(modsec_5080) ModSec 5080: Infrastructure subdomain probe from 106.63.26.27 (CN/China/-): 1 in the l ... show more (modsec_5080) ModSec 5080: Infrastructure subdomain probe from 106.63.26.27 (CN/China/-): 1 in the last 3600 secs (0-195) show less	Hacking
🇸🇮 administrator	2026-06-02 22:06:11 (4 days ago)	2026-05-31 00:10:22,816 fail2ban.actions [264721]: NOTICE [apache-auth] Ban 106.63.26.27 202 ... show more 2026-05-31 00:10:22,816 fail2ban.actions [264721]: NOTICE [apache-auth] Ban 106.63.26.27 2026-05-31 00:10:22,816 fail2ban.actions [264721]: NOTICE [apache-auth] Ban 106.63.26.27 ... show less	Bad Web Bot Web Spam Email Spam Blog Spam Port Scan Brute-Force Web App Attack
🇩🇪 Gwyneth Llewelyn	2026-06-02 18:23:45 (4 days ago)	106.63.26.27 - - [02/Jun/2026:19:23:43 +0100] "GET /roundcube/sitemap.xml HTTP/2.0" 404 994 "https:/ ... show more 106.63.26.27 - - [02/Jun/2026:19:23:43 +0100] "GET /roundcube/sitemap.xml HTTP/2.0" 404 994 "https://webmail.betatechnologies.info/sitemap.xml" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.0.0 Safari/537.36 Edg/120.0.0.0" show less	Bad Web Bot
🇩🇪 FeG Deutschland	2026-06-02 13:38:43 (4 days ago)	Looking for CMS/PHP/SQL vulnerablilities/excessive crawling - 124	Exploited Host Web App Attack
🇨🇭 4server	2026-06-01 22:44:17 (5 days ago)	[TueJun0200:44:08.7816342026][security2:error][pid2862252:tid2862505][client106.63.26.27:0]ModSecuri ... show more [TueJun0200:44:08.7816342026][security2:error][pid2862252:tid2862505][client106.63.26.27:0]ModSecurity:Accessdeniedwithcode403\(phase1\).Patternmatch\"\^/wp-content/plugins/[\^/] /\(readme\\\\\\\\.txt\\|changelog\\\\\\\\.txt\)\"atREQUEST_URI.[file\"/etc/apache2/conf.d/modsec_custom_rules.conf\"][line\"381\"][id\"960828\"][msg\"WordPresspluginenumerationblocked\"][hostname\"mail.cadvending.ch\"][uri\"/wp-content/plugins/elementskit-lite/readme.txt\"][unique_id\"ah4LOBYE6oDmobYNkxPeQAAAANM\"] show less	Hacking Web App Attack
🇫🇷 ELYAZ	2026-06-01 18:26:46 (5 days ago)	(y4) Failed scan -byebye- from 106.63.26.27 (CN/China/-): (CF_ENABLE)	Hacking
Anonymous	2026-06-01 06:26:19 (6 days ago)	2026-06-01T07:26:18.268536+01:00 vps kernel: [42035347.536215] [PORTSCAN DETECTED] IN=ens3 OUT= MAC= ... show more 2026-06-01T07:26:18.268536+01:00 vps kernel: [42035347.536215] [PORTSCAN DETECTED] IN=ens3 OUT= MAC=fa:16:3e:66:f6:24:02:37:19:0d:c2:f3:08:00 SRC=106.63.26.27 DST=54.37.14.118 LEN=44 TOS=0x00 PREC=0x00 TTL=40 ID=0 DF PROTO=TCP SPT=33453 DPT=9090 WINDOW=1024 RES=0x00 SYN URGP=0 ... show less	Port Scan Brute-Force
🇬🇧 PeravixGroup	2026-06-01 04:24:11 (6 days ago)	Honeypot detection: Jenkins CI unauthorized access / script console abuse attempt (CVE-2024-23897) o ... show more Honeypot detection: Jenkins CI unauthorized access / script console abuse attempt (CVE-2024-23897) on port 50000. Severity: MEDIUM. Aaran.cloud show less	Hacking Exploited Host

Showing 1 to 15 of 234 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇸🇬 152.42.219.80

🇰🇷 125.139.124.120

🇺🇿 194.107.115.199

🇧🇴 190.181.25.210

🇭🇰 165.154.45.135

🇺🇸 157.254.174.96

🇻🇳 118.70.182.193

🇷🇺 89.223.69.22

🇳🇱 85.11.167.11

🇱🇹 81.30.98.142

🇧🇬 79.124.49.70

🇫🇷 62.84.183.157

🇮🇹 57.131.50.125

🇧🇪 34.62.95.223

🇨🇳 220.205.123.19

🇹🇼 210.61.48.101

🇪🇨 186.4.240.226

🇺🇸 172.234.199.93

🇮🇳 103.163.105.130

🇻🇳 103.159.54.61