JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 106.74.27.159

106.74.27.159 was found in our database!

This IP was reported 1,530 times. Confidence of Abuse is 100%: ?

100%

ISP	CHINA UNICOM CLOUD DATA COMPANY LIMITED
Usage Type	Fixed Line ISP
ASN	AS133118
Domain Name	chinaunicom.cn
Country	🇨🇳 China
City	Beijing, Beijing

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 106.74.27.159

Whois 106.74.27.159

IP Abuse Reports for 106.74.27.159:

This IP address has been reported a total of 1,530 times from 572 distinct sources. 106.74.27.159 was first reported on January 9th 2026, and the most recent report was 3 days ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇨🇳 nong yiyi	2026-06-07 13:00:49 (3 days ago)	SSH brute force attack against WMDXC server. Automated report.	Brute-Force SSH
🇩🇪 bogdanv	2026-05-27 14:06:18 (2 weeks ago)	$f2bV_matches	Brute-Force SSH
🇮🇳 evicky2002	2026-05-25 06:00:00 (2 weeks ago)	Confirmed malicious by STILWaters CTI platform (score=100, sources=1)	Hacking Brute-Force SSH
🇫🇷 SpaceHost-Server	2026-05-23 22:26:26 (2 weeks ago)		Brute-Force Web App Attack
🇧🇷 ICS Labs	2026-05-23 13:20:37 (2 weeks ago)	ICS Labs identified 106.74.27.159 as a malicious indicator from threat intelligence.	DDoS Attack Hacking Exploited Host
🇧🇷 helix	2026-05-20 13:28:25 (3 weeks ago)	Automated report: SSH brute force detected. This IP exceeded the allowed number of failed login atte ... show more Automated report: SSH brute force detected. This IP exceeded the allowed number of failed login attempts (3 attempts). show less	Brute-Force SSH
🇫🇷 SpaceHost-Server	2026-05-18 22:26:53 (3 weeks ago)		Brute-Force Web App Attack
🇫🇷 SpaceHost-Server	2026-05-17 22:26:48 (3 weeks ago)		Brute-Force Web App Attack
🇬🇧 Project_Gifted1	2026-05-15 03:34:00 (3 weeks ago)	Zero-day telemetry verified. Full node vectors and 273 signatures at http://206.189.21.23/manifest. ... show more Zero-day telemetry verified. Full node vectors and 273 signatures at http://206.189.21.23/manifest.json show less	Port Scan Hacking
🇳🇱 GG UNLUCKI	2026-05-12 17:45:48 (4 weeks ago)	Historical Fail2Ban SSH ban observed on this host. Source: fail2ban.log. Categories: SSH brute-force ... show more Historical Fail2Ban SSH ban observed on this host. Source: fail2ban.log. Categories: SSH brute-force. show less	Brute-Force SSH
🇩🇪 ipcop.net	2026-05-11 17:38:39 (4 weeks ago)	2026-05-11T19:33:39.351240+02:00 gw-de01-01.guestgw.net sshd[1053208]: Connection closed by authenti ... show more 2026-05-11T19:33:39.351240+02:00 gw-de01-01.guestgw.net sshd[1053208]: Connection closed by authenticating user root 106.74.27.159 port 51390 [preauth] 2026-05-11T19:33:48.743292+02:00 gw-de01-01.guestgw.net sshd[1053224]: Connection closed by authenticating user root 106.74.27.159 port 55676 [preauth] 2026-05-11T19:33:52.457029+02:00 gw-de01-01.guestgw.net sshd[1053255]: Connection closed by authenticating user root 106.74.27.159 port 60838 [preauth] 2026-05-11T19:33:56.861445+02:00 gw-de01-01.guestgw.net sshd[1053278]: Connection closed by authenticating user root 106.74.27.159 port 36316 [preauth] 2026-05-11T19:38:38.326758+02:00 gw-de01-01.guestgw.net sshd[1054687]: Connection closed by authenticating user root 106.74.27.159 port 46538 [preauth] show less	Brute-Force
🇫🇷 gooko	2026-05-11 13:48:08 (4 weeks ago)	SSH brute-force attack detected by fail2ban jail 'sshd'	Brute-Force SSH
🇺🇸 bigscoots.com	2026-05-11 13:20:06 (4 weeks ago)	106.74.27.159 (CN/-/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: * ... show more 106.74.27.159 (CN/-/-), 5 distributed sshd attacks on account [root] in the last 3600 secs; Ports: *; Direction: 1; Trigger: LF_DISTATTACK; Logs: May 11 08:19:42 14407 sshd[10588]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.152.15 user=root May 11 08:19:44 14407 sshd[10588]: Failed password for root from 115.190.152.15 port 58550 ssh2 May 11 08:19:46 14407 sshd[10590]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.190.152.15 user=root May 11 08:01:33 14407 sshd[7995]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.74.27.159 user=root May 11 08:01:36 14407 sshd[7995]: Failed password for root from 106.74.27.159 port 44830 ssh2 IP Addresses Blocked: 115.190.152.15 (CN/-/-) show less	Brute-Force SSH
Anonymous	2026-05-11 10:52:59 (4 weeks ago)	May 11 06:52:42 v sshd\[12661\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid ... show more May 11 06:52:42 v sshd\[12661\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.74.27.159 user=root May 11 06:52:45 v sshd\[12661\]: Failed password for root from 106.74.27.159 port 43544 ssh2 May 11 06:52:57 v sshd\[12666\]: pam_unix$sshd:auth$: authentication failure\; logname= uid=0 euid=0 tty=ssh ruser= rhost=106.74.27.159 user=root ... show less	Brute-Force SSH
🇬🇧 PeravixGroup	2026-05-11 08:23:21 (4 weeks ago)	Honeypot detection: SSH brute-force authentication attempt on port 22. Severity: MEDIUM. Aaran.cloud	SSH Brute-Force

Showing 1 to 15 of 1530 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇰🇷 220.92.117.221

🇵🇱 54.38.52.18

🇸🇬 2a09:bac1:6540:8::2e4:7e

🇩🇪 2a01:4f8:150:13a5::100:2c

🇺🇸 205.210.31.83

🇺🇸 199.231.163.19

🇨🇳 140.143.201.15

🇸🇬 103.195.191.198

🇦🇺 45.248.78.120

🇳🇱 45.148.10.141

🇨🇳 14.103.105.246

🇮🇷 5.232.2.7

🇧🇷 205.210.31.169

🇬🇧 193.163.125.91

🇲🇽 189.203.163.10

🇺🇸 172.253.214.114

🇨🇳 120.239.27.165

🇸🇬 103.250.11.116

🇸🇪 77.53.193.47

🇸🇬 47.128.59.157