IP address

Search at other sites:

.2472.27.22.122

Shodan(more info)

Passive DNS

IP blacklists

blocklist.de SSH

2.27.22.122 is listed on the blocklist.de SSH blacklist.

Description: Blocklist.de feed is a free and voluntary service provided<br>by a Fraud/Abuse-specialist. IPs performing SSH attacks.
Type of feed: primary (feed detail page)

Last checked at: 2026-05-24 22:05:05.162000
Was present on blacklist at: 2026-05-20 22:05, 2026-05-21 04:05, 2026-05-21 10:05, 2026-05-21 16:05, 2026-05-21 22:05, 2026-05-22 04:05, 2026-05-22 10:05, 2026-05-23 16:05, 2026-05-23 22:05, 2026-05-24 04:05, 2026-05-24 10:05, 2026-05-24 16:05, 2026-05-24 22:05

AbuseIPDB

2.27.22.122 is listed on the AbuseIPDB blacklist.

Description: AbuseIPDB is a project managed by Marathon Studios Inc.<br>Lists IPs performing a malicious activity (DDoS, spam, phishing...)
Type of feed: primary (feed detail page)

Last checked at: 2026-05-22 04:00:00.596000
Was present on blacklist at: 2026-05-21 04:00, 2026-05-22 04:00

Echelon CMS enumeration

2.27.22.122 is listed on the Echelon CMS enumeration blacklist.

Description: Content management system discovery and enumeration
Type of feed: primary (feed detail page)

Last checked at: 2026-05-28 09:05:00.828000
Was present on blacklist at: 2026-05-22 09:05, 2026-05-24 09:05, 2026-05-25 09:05, 2026-05-26 09:05, 2026-05-27 09:05, 2026-05-28 09:05

Echelon admin panel hunt

2.27.22.122 is listed on the Echelon admin panel hunt blacklist.

Description: Scanning for administrative interfaces
Type of feed: primary (feed detail page)

Last checked at: 2026-05-28 09:05:00.892000
Was present on blacklist at: 2026-05-22 09:05, 2026-05-24 09:05, 2026-05-25 09:05, 2026-05-26 09:05, 2026-05-27 09:05, 2026-05-28 09:05

Echelon database admin hunt

2.27.22.122 is listed on the Echelon database admin hunt blacklist.

Description: Scanning for database admin interfaces (phpMyAdmin, etc.)
Type of feed: primary (feed detail page)

Last checked at: 2026-05-28 09:10:00.235000
Was present on blacklist at: 2026-05-22 09:10, 2026-05-24 09:10, 2026-05-25 09:10, 2026-05-26 09:10, 2026-05-27 09:10, 2026-05-28 09:10

Echelon directory traversal

2.27.22.122 is listed on the Echelon directory traversal blacklist.

Description: Path traversal attack attempting to access restricted files
Type of feed: primary (feed detail page)

Last checked at: 2026-05-28 09:15:00.253000
Was present on blacklist at: 2026-05-22 09:15, 2026-05-24 09:15, 2026-05-25 09:15, 2026-05-26 09:15, 2026-05-27 09:15, 2026-05-28 09:15

Echelon SSH connection attempt

2.27.22.122 is listed on the Echelon SSH connection attempt blacklist.

Description: SSH connection attempt detected on port 22 or 2222
Type of feed: primary (feed detail page)

Last checked at: 2026-05-29 09:35:00.334000
Was present on blacklist at: 2026-05-22 09:35, 2026-05-24 09:35, 2026-05-25 09:35, 2026-05-26 09:35, 2026-05-27 09:35, 2026-05-28 09:35, 2026-05-29 09:35

Echelon SSH bruteforce

2.27.22.122 is listed on the Echelon SSH bruteforce blacklist.

Description: Multiple SSH authentication attempts detected
Type of feed: primary (feed detail page)

Last checked at: 2026-05-29 09:35:00.426000
Was present on blacklist at: 2026-05-22 09:35, 2026-05-24 09:35, 2026-05-25 09:35, 2026-05-26 09:35, 2026-05-27 09:35, 2026-05-28 09:35, 2026-05-29 09:35

Echelon TLS/SSL crawler

2.27.22.122 is listed on the Echelon TLS/SSL crawler blacklist.

Description: TLS/SSL connection fingerprinting detected via Suricata
Type of feed: primary (feed detail page)

Last checked at: 2026-05-28 09:40:00.409000
Was present on blacklist at: 2026-05-22 09:40, 2026-05-24 09:40, 2026-05-25 09:40, 2026-05-26 09:40, 2026-05-27 09:40, 2026-05-28 09:40

Echelon web crawler

2.27.22.122 is listed on the Echelon web crawler blacklist.

Description: HTTP web crawling activity detected on web honeypots
Type of feed: primary (feed detail page)

Last checked at: 2026-05-28 09:50:00.406000
Was present on blacklist at: 2026-05-22 09:50, 2026-05-24 09:50, 2026-05-25 09:50, 2026-05-26 09:50, 2026-05-27 09:50, 2026-05-28 09:50

CI Army

2.27.22.122 is listed on the CI Army blacklist.

Description: Collective Intelligence Network Security is a Threat Intelligence<br>database that provides scores for IPs. Source of unspecified malicious attacks<br>most of them will be active attackers/scanners
Type of feed: primary (feed detail page)

Last checked at: 2026-05-24 02:50:00.799000
Was present on blacklist at: 2026-05-24 02:50

Spamhaus XBL CBL

2.27.22.122 was recently listed on the Spamhaus XBL CBL blacklist, but currently it is not.

Description: The Spamhaus Exploits Block List (XBL) is a realtime database of IP addresses of hijacked PCs infected by illegal 3rd party exploits, including open proxies, worms/viruses with built-in spam engines, and other types of trojan-horse exploits.
Type of feed: secondary (DNSBL) (feed detail page)

Last checked at: 2026-06-03 17:19:10.239000
Was present on blacklist at: 2026-05-27 17:19

FireHOL anonymizers

2.27.22.122 is listed on the FireHOL anonymizers blacklist.

Description: List of anonymizing IPs, aggregated from multiple lists by FireHOL.
Type of feed: secondary (feed detail page)

Last checked at: 2026-06-04 18:05:12
Was present on blacklist at: 2026-05-28 18:05, 2026-05-29 18:05, 2026-05-30 18:05, 2026-05-31 18:05, 2026-06-01 18:05, 2026-06-02 18:05, 2026-06-03 18:05, 2026-06-04 18:05

Threat categories

TL	Role	Category	Details
63	src	scan	port: 22, 23, 80, 443, 2222, 2375
42	src	login	protocol: ssh, telnet port: 22, 23, 2222
25	src	—
25	src	exploit	protocol: http

---

Warden events (43489)

2026-05-30

ReconScanning (node.9c1411): 43

2026-05-29

ReconScanning (node.9c1411): 50

2026-05-28

ReconScanning (node.9c1411): 56

2026-05-27

ReconScanning (node.9c1411): 32

2026-05-26

ReconScanning (node.9c1411): 23

2026-05-23

ReconScanning (node.ce2b59): 28

IntrusionUserCompromise (node.cfb4f7): 32732

2026-05-22

ReconScanning (node.ce2b59): 30

IntrusionUserCompromise (node.cfb4f7): 10393

2026-05-21

ReconScanning (node.ce2b59): 30

AttemptLogin (node.ce2b59): 1

AttemptLogin (node.28c168): 4

IntrusionUserCompromise (node.28c168): 1

AttemptLogin (node.b17ef8): 5

IntrusionUserCompromise (node.cfb4f7): 33

IntrusionUserCompromise (node.b17ef8): 1

2026-05-20

ReconScanning (node.ce2b59): 20

AttemptLogin (node.c26a5f): 5

IntrusionUserCompromise (node.c26a5f): 1

AttemptLogin (node.ce2b59): 1

DShield reports (IP summary, reports)

2026-05-21

Number of reports: 39

Distinct targets: 11

2026-05-23

Number of reports: 152

Distinct targets: 18

2026-05-24

Number of reports: 152

Distinct targets: 18

Origin AS

AS215439 - PLAY2GO-NET

BGP Prefix

2.27.22.0/24

geo

Germany, Frankfurt am Main

🕑 Europe/Berlin

hostname

(null)

Address block ('inetnum' or 'NetRange' in whois database)

2.24.0.0 - 2.31.255.255

last_activity

2026-05-30 20:56:11

last_warden_event

2026-05-30 20:56:11

rep

0.2474121628448538

reserved_range

0

Shodan's InternetDB

Open ports: 22

Tags: –

CPEs: cpe:/o:canonical:ubuntu_linux, cpe:/a:openbsd:openssh:9.6p1

ts_added

2026-05-20 17:19:03.131000

ts_last_update

2026-06-04 17:19:10.141000

Warden event timeline

DShield event timeline

Presence on blacklists