AbuseIPDB » 106.75.18.236

106.75.18.236 was found in our database!

This IP was reported 325 times. Confidence of Abuse is 100%: ?

100%

ISP	Shanghai UCloud Information Technology Company Limited
Usage Type	Commercial
ASN	AS4808
Domain Name	ucloud.cn
Country	China
City	Beijing, Beijing

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated biweekly.

Report 106.75.18.236

Whois 106.75.18.236

IP Abuse Reports for 106.75.18.236:

This IP address has been reported a total of 325 times from 125 distinct sources. 106.75.18.236 was first reported on February 11th 2025, and the most recent report was 2 hours ago.

Recent Reports: We have received reports of abusive activity from this IP address within the last week. It is potentially still actively engaged in abusive activities.

Reporter	IoA Timestamp in UTC	Comment	Categories
swrlly	2025-05-17 03:05:13 (2 hours ago)	attempted directly connecting to webserver using origin ip	Web App Attack
chronos	2025-05-17 02:17:30 (3 hours ago)	[AUTORAVALT][[16/05/2025 - 23:17:29 -03:00 UTC] Attack from [Jinhui Jia] [106.75.18.236] ... show more[AUTORAVALT][[16/05/2025 - 23:17:29 -03:00 UTC] Attack from [Jinhui Jia] [106.75.18.236]-[RANGE:106.75.0.0 - 106.75.255.255] Action: BLocKed DDoS Attack -> Participating in distributed denial-of-service. Phishing -> Phishing websites and/or email. Web Spam -> Comment/forum spam, HTTP referer spam, or other CMS spam. Blog Spam -> CMS blog comment spam. Web App] ... show less	DDoS Attack Phishing Web Spam Blog Spam Web App Attack
Axel	2025-05-17 02:16:04 (3 hours ago)	SSH login attempts (endlessh): 2025-05-17T01:23:06.447Z ACCEPT host=::ffff:106.75.18.236 port=56084 ... show moreSSH login attempts (endlessh): 2025-05-17T01:23:06.447Z ACCEPT host=::ffff:106.75.18.236 port=56084 fd=7 n=4/4096 show less	Brute-Force SSH
ghostwarriors	2025-05-16 11:50:14 (17 hours ago)	Unauthorized connection attempt detected, SSH Brute-Force	Port Scan Brute-Force SSH
djboddington	2025-05-15 20:11:55 (1 day ago)	This IP was detected by CrowdSec triggering crowdsecurity/postscreen-rbl	Email Spam
rtbh.com.tr	2025-05-15 20:08:10 (1 day ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
kreativstrecke	2025-05-15 17:32:39 (1 day ago)	2025-05-15T19:32:38.945760+02:00 srv02 postfix/smtpd[2301874]: lost connection after AUTH from unkno ... show more2025-05-15T19:32:38.945760+02:00 srv02 postfix/smtpd[2301874]: lost connection after AUTH from unknown[106.75.18.236] 2025-05-15T19:32:38.946021+02:00 srv02 postfix/smtpd[2301875]: lost connection after STARTTLS from unknown[106.75.18.236] 2025-05-15T19:32:38.946258+02:00 srv02 postfix/smtpd[2301874]: disconnect from unknown[106.75.18.236] ehlo=1 auth=0/1 unknown=0/1 commands=1/3 ... show less	Brute-Force
drewf.ink	2025-05-15 11:57:48 (1 day ago)	[11:57] Port scanning. Port(s) scanned: TCP/25	Port Scan
ThreatBook.io	2025-05-14 23:43:03 (2 days ago)	ThreatBook Intelligence: Zombie,Dynamic IP more details on https://threatbook.io/ip/106.75.18.236	SSH
rtbh.com.tr	2025-05-14 20:08:08 (2 days ago)	list.rtbh.com.tr report: tcp/0	Brute-Force
VMHeaven.io	2025-05-14 05:46:11 (2 days ago)	Blocked by UFW [5631/tcp] Source port: 58572 TTL: 41 Packet length: 60	Port Scan
RogueAutomata	2025-05-14 00:21:11 (3 days ago)	Detected malicious request: GET / Detections triggered: Access via IP addr (v4)	Web App Attack
Anonymous	2025-05-13 21:09:03 (3 days ago)	Unauthorized SSH login attempts	Brute-Force SSH
mkaraki	2025-05-13 20:40:48 (3 days ago)	1747168847 # Service_probe # SIGNATURE_SEND # source_ip:106.75.18.236 # dst_port:18000 ...	Port Scan
abuseipdb_reporter	2025-05-13 17:54:58 (3 days ago)	106.75.18.236 - - [13/May/2025:19:54:56 +0200] "GET / HTTP/1.1" 400 150 "-" "NTRIP GNSSInternetRadio ... show more106.75.18.236 - - [13/May/2025:19:54:56 +0200] "GET / HTTP/1.1" 400 150 "-" "NTRIP GNSSInternetRadio" 106.75.18.236 - - [13/May/2025:19:54:56 +0200] "GET / HTTP/1.1" 400 248 "-" "-" 106.75.18.236 - - [13/May/2025:19:54:57 +0200] "GET /v1 HTTP/1.1" 400 248 "-" "-" ... show less	Hacking Brute-Force Bad Web Bot Web App Attack

Is this your IP? You may request to takedown any associated reports. We will attempt to verify your ownership. Request Takedown 🚩