JavaScript is disabled. Some features of this site may not work properly. For a smoother experience, please enable JavaScript in your browser settings.

AbuseIPDB » 2.27.4.174

2.27.4.174 was found in our database!

This IP was reported 201 times. Confidence of Abuse is 100%: ?

100%

ISP	Kyonix Hosting - kyonix.com
Usage Type	Data Center/Web Hosting/Transit
ASN	AS210457
Domain Name	kyonix.com
Country	🇩🇪 Germany
City	Frankfurt am Main, Hesse

IP info including ISP, Usage Type, and Location provided by IPInfo. Updated weekly.

Report 2.27.4.174

Whois 2.27.4.174

IP Abuse Reports for 2.27.4.174:

This IP address has been reported a total of 201 times from 140 distinct sources. 2.27.4.174 was first reported on May 21st 2026, and the most recent report was 1 week ago.

Old Reports: The most recent abuse report for this IP address is from 1 week ago . It is possible that this IP is no longer involved in abusive activities.

Reporter	IoA Timestamp (UTC)	Comment	Categories
🇺🇸 MPL	2026-05-22 04:50:59 (1 week ago)	tcp ports: 2222,23 (6 or more attempts)	Port Scan
Anonymous	2026-05-22 04:48:35 (1 week ago)	2026-05-22T04:48:35.109030+00:00 logger sshd[4121183]: Invalid user admin from 2.27.4.174 port 49384 ... show more 2026-05-22T04:48:35.109030+00:00 logger sshd[4121183]: Invalid user admin from 2.27.4.174 port 49384 ... show less	Brute-Force SSH
🇯🇵 jay hung	2026-05-22 04:43:51 (1 week ago)	2026-05-22T04:43:50.873746+00:00 quarktech kernel: [290375.274965] [UFW BLOCK] IN=eth0 OUT= MAC=22:0 ... show more 2026-05-22T04:43:50.873746+00:00 quarktech kernel: [290375.274965] [UFW BLOCK] IN=eth0 OUT= MAC=22:00:92:2e:84:93:fe:ff:ff:ff:ff:ff:08:00 SRC=2.27.4.174 DST=172.237.20.248 LEN=44 TOS=0x00 PREC=0x40 TTL=39 ID=26591 PROTO=TCP SPT=40456 DPT=23 WINDOW=65535 RES=0x00 SYN URGP=0 ... show less	Port Scan
🇺🇸 MPL	2026-05-22 04:37:56 (1 week ago)	tcp port scan (6 or more attempts)	Port Scan
🇵🇱 Kitki30.com	2026-05-22 04:37:41 (1 week ago)	Entered Telnet Tarpit (endlessh). Log: 2026-05-22T04:37:40.961Z ACCEPT host=::ffff:2.27.4.174 port=3 ... show more Entered Telnet Tarpit (endlessh). Log: 2026-05-22T04:37:40.961Z ACCEPT host=::ffff:2.27.4.174 port=34592 fd=455 n=543/1020 show less	IoT Targeted Port Scan Brute-Force
🇩🇪 LoNET	2026-05-22 04:25:08 (1 week ago)	Report 2390419 with IP 3437986 for SSH brute-force attack by source 3432644 via ssh-honeypot/0.2.0+h ... show more Report 2390419 with IP 3437986 for SSH brute-force attack by source 3432644 via ssh-honeypot/0.2.0+http show less	Brute-Force SSH
🇦🇱 router.al	2026-05-22 04:07:41 (1 week ago)	05/22/2026-04:07:40.785652 2.27.4.174 Protocol: 6 ET WEB_SERVER /bin/sh In URI Possible Shell Comman ... show more 05/22/2026-04:07:40.785652 2.27.4.174 Protocol: 6 ET WEB_SERVER /bin/sh In URI Possible Shell Command Execution Attempt show less	Hacking
🇵🇱 nfsec.pl	2026-05-22 04:01:43 (1 week ago)	Detected: TCP scan on port: 23 with flags: SYN	Port Scan
Anonymous	2026-05-22 03:54:09 (1 week ago)	Reported from Nginx log analysis 19. Log: 2.27.4.174 - - [22/May/2026:xx:xx:xx 0200] "POST /cgi-bin ... show more Reported from Nginx log analysis 19. Log: 2.27.4.174 - - [22/May/2026:xx:xx:xx 0200] "POST /cgi-bin/../../../../../../../../../../bin/sh HTTP/1.1" xxx xxx "-" "-" "-" "US United States -" "AS210457" "Kyonix Networks Limited" show less	Port Scan Brute-Force SSH
🇺🇸 TPI-Abuse	2026-05-22 03:45:47 (1 week ago)	(mod_security) mod_security (id:218420) triggered by 2.27.4.174 (-): 1 in the last 300 secs; Ports: ... show more (mod_security) mod_security (id:218420) triggered by 2.27.4.174 (-): 1 in the last 300 secs; Ports: *; Direction: 1; Trigger: LF_MODSEC; Logs: [Thu May 21 23:45:40.982763 2026] [security2:error] [pid 10258:tid 10258] [client 2.27.4.174:33840] ModSecurity: Access denied with code 403 (phase 2). Pattern match "(?i)php://(std(in\|out\|err)\|(in\|out)put\|fd\|memory\|temp\|filter)" at ARGS_NAMES:\\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input. [file "/etc/apache2/conf.d/modsec_vendor_configs/comodo_apache/21_PHP_PHPGen.conf"] [line "22"] [id "218420"] [rev "2"] [msg "COMODO WAF: PHP Injection Attack: I/O Stream Found\|\|192.64.150.119:80\|F\|2"] [data "Matched Data: php://input found within ARGS_NAMES:\\x5cxadd allow_url_include=1 \\x5cxadd auto_prepend_file=php://input: \\xadd allow_url_include=1 \\xadd auto_prepend_file=php://input"] [severity "CRITICAL"] [tag "CWAF"] [tag "PHPGen"] [hostname "192.64.150.119"] [uri "/hello.world"] [unique_id "ag_RZL36fUH1EbB2zHP2NgAAAAA"] show less	Brute-Force Bad Web Bot Web App Attack
🇩🇪 Admins@FBN	2026-05-22 03:26:29 (1 week ago)	FW-PortScan: Traffic Blocked srcport=46079 dstport=23	Port Scan
🇳🇱 SchorelWeb	2026-05-22 03:13:28 (1 week ago)	Cluster member (Omitted) (FR/France/-) said, DENY 2.27.4.174, Reason:[(sshd) Failed SSH login from 2 ... show more Cluster member (Omitted) (FR/France/-) said, DENY 2.27.4.174, Reason:[(sshd) Failed SSH login from 2.27.4.174 (DE/Germany/-): 3 in the last (Omitted)] show less	Brute-Force SSH
🇩🇪 formality	2026-05-22 03:01:40 (1 week ago)	Invalid user admin from 2.27.4.174 port 40746	Brute-Force SSH
🇺🇸 MPL	2026-05-22 03:00:34 (1 week ago)	tcp port scan (17 or more attempts)	Port Scan
🇩🇪 bescared	2026-05-22 02:54:45 (1 week ago)	F2B - Malicious activity detected. Unauthorized connection attempt: Telnet. -c23856ef-	Port Scan

Showing 91 to 105 of 201 reports

Think this IP has been falsely reported? You may request to have the associated reports reviewed and removed. Request Takedown 🚩

Recently Reported IPs:

🇲🇾 49.124.147.251

🇺🇸 209.74.88.30

🇪🇹 196.189.59.226

🇺🇸 162.216.149.111

🇳🇱 158.94.211.49

🇩🇿 154.241.52.5

🇺🇸 147.185.132.248

🇨🇳 120.48.151.153

🇺🇸 103.95.207.248

🇺🇸 66.212.27.83

🇩🇪 57.129.122.51

🇲🇾 49.124.147.100

🇲🇾 49.124.133.102

🇻🇳 42.117.250.18

🇲🇲 37.111.53.110

🇺🇸 208.87.242.161

🇺🇸 198.177.123.157

🇨🇴 190.71.77.155

🇧🇷 187.33.251.218

🇨🇭 178.197.194.224