27.254.38.122 is a Hacker from Thailand (Bangkok)

IP informations Cybercrime IP Feeds Raw whois

27.254.38.122

is a

Hacker

100 %

Thailand

Report Abuse

145attacks reported

59Brute-ForceSSH

32Port Scan

17Brute-Force

7HackingBrute-Force

6uncategorized

5Port ScanSSH

5Brute-ForceMailserver Attack

4Brute-ForceExploited Host

2Fraud VoIPBrute-Force

2Web App Attack

...

13abuse reported

5Email Spam

4Email SpamBrute-Force

2Web SpamEmail Spam

1Email SpamPort ScanBrute-Force

1Bad Web BotExploited HostWeb App Attack

3reputation reported

3uncategorized

from 49 distinct reporters

and 6 distinct sources : BadIPs.com, Blocklist.de, FireHOL, Charles Haley, blocklist.net.ua, AbuseIPDB

27.254.38.122 was first signaled at 2020-04-21 03:29 and last record was at 2020-11-06 05:49.

27.254.38.122

Organization

CS LOXINFO Public Company Limited.

list IP owned by CS LOXINFO Public Company Limited.

Localisation

Thailand

Khon Kaen, Bangkok

NetRange : First & Last IP

27.254.38.0 - 27.254.38.255

Network CIDR

27.254.38.0/24

ASN

9891

list IP by ASN 9891

Cybercrime IP Feeds

Date UTC	Category	Sub Categories	Source List	Source	Logs
2020-08-04 14:15	attacks	Brute-ForceSSH		AbuseIPDB	SSH invalid-user multiple login try
2020-08-04 12:52	abuse	Email SpamBrute-Force		AbuseIPDB	$f2bV_matches
2020-08-04 12:30	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-08-04 05:56	abuse	Email Spam		AbuseIPDB	f2b trigger Multiple SASL failures
2020-08-04 05:28	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-08-04 03:59	attacks	Brute-Force		AbuseIPDB	2020-08-04T14:58:59+02:00 <masked> exim[30046]: fixed_login authenticator failed for (USER) [27.254.38.122]: 535 Incorrect authentication data (
2020-08-03 22:21	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-08-03 18:26	attacks	HackingBrute-Force		AbuseIPDB	Aug 4 05:26:48 www postfix/smtpd\[26888\]: lost connection after AUTH from unknown\[27.254.38.122\]
2020-08-03 15:30	abuse	Email SpamBrute-Force		AbuseIPDB	Email login attempts - bad mail account name (SMTP)
2020-08-03 15:19	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-08-03 08:21	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-08-03 01:32	abuse	Email Spam		AbuseIPDB	f2b trigger Multiple SASL failures
2020-08-03 01:22	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-08-02 21:32	attacks	Brute-Force		AbuseIPDB	2020-08-02 dovecot_login authenticator failed for $USER$ \[27.254.38.122\]: 535 Incorrect authentication data \([email protected]REMOVED.ne
2020-08-02 01:07	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-08-01 19:36	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-08-01 14:11	abuse	Email Spam		AbuseIPDB	f2b trigger Multiple SASL failures
2020-08-01 13:49	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-08-01 08:16	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-08-01 03:30	attacks	Brute-Force		AbuseIPDB	2020-08-01T14:29:46+02:00 <masked> exim[18631]: fixed_login authenticator failed for (USER) [27.254.38.122]: 535 Incorrect authentication data (
2020-07-31 20:12	abuse	Email SpamPort ScanBrute-Force		AbuseIPDB	Blocked 27.254.38.122 For sending bad password count 5 tried : [email protected] & [email protected] & [email protected] &
2020-07-31 18:53	attacks	HackingBrute-Force		AbuseIPDB	01.08.2020 05:53:37 - Login Fail on hMailserver Detected by ELinOX-hMail-A2F
2020-07-31 18:11	attacks	Brute-Force		AbuseIPDB	2020-07-31 dovecot_login authenticator failed for $USER$ \[27.254.38.122\]: 535 Incorrect authentication data \([email protected]REMOVED.ne
2020-07-31 15:24	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-31 12:26	attacks	HackingBrute-Force		AbuseIPDB	31.07.2020 23:26:08 - Login Fail on hMailserver Detected by ELinOX-hMail-A2F
2020-07-31 10:30	attacks	Brute-ForceSSH		AbuseIPDB	SSH invalid-user multiple login try
2020-07-31 09:23	abuse	Email Spam		AbuseIPDB	f2b trigger Multiple SASL failures
2020-07-31 09:17	abuse	Email SpamBrute-Force		AbuseIPDB	$f2bV_matches
2020-07-31 09:00	abuse	Email SpamBrute-Force		AbuseIPDB	Email login attempts - bad mail account name (SMTP)
2020-07-31 08:55	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-31 06:44	attacks	HackingBrute-Force		AbuseIPDB	31.07.2020 17:44:50 - Login Fail on hMailserver Detected by ELinOX-hMail-A2F
2020-07-31 05:07	attacks	Brute-Force		AbuseIPDB	Jul 31 09:07:28 mailman postfix/smtpd[16829]: warning: unknown[27.254.38.122]: SASL LOGIN authentication failed: authentication failure
2020-07-30 23:06	attacks	Brute-ForceExploited Host		AbuseIPDB	Brute force attempt
2020-07-30 22:21	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-30 15:53	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-30 11:04	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-30 05:54	abuse	Web SpamEmail Spam		AbuseIPDB	$f2bV_matches
2020-07-30 04:36	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-30 02:03	attacks	Brute-Force		AbuseIPDB	2020-07-30T13:02:45+02:00 <masked> exim[28877]: fixed_login authenticator failed for (USER) [27.254.38.122]: 535 Incorrect authentication data (
2020-07-29 17:19	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-29 12:30	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-29 06:03	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-28 22:48	attacks	Brute-Force		AbuseIPDB	2020-07-29T09:47:18+02:00 <masked> exim[6137]: fixed_login authenticator failed for (USER) [27.254.38.122]: 535 Incorrect authentication data ([
2020-07-28 19:19	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-28 14:44	attacks	Brute-Force		AbuseIPDB	2020-07-28T00:58:04.123978productionscape.com postfix/smtpd[13056]: warning: unknown[27.254.38.122]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 20
2020-07-28 13:53	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-28 10:56	attacks	Brute-Force		AbuseIPDB	exim email abuse
2020-07-28 08:00	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-07-28 07:48	attacks	Brute-Force		AbuseIPDB	Jul 27 19:26:42 web postfix/smtpd\[13083\]: warning: unknown\[27.254.38.122\]: SASL LOGIN authentication failed: authentication failureJul 27 20:01:37
2020-07-28 04:37	attacks	Brute-Force		AbuseIPDB	Jul 28 04:12:57 server postfix/smtpd[32199]: warning: unknown[27.254.38.122]: SASL LOGIN authentication failed: UGFzc3dvcmQ6 Jul 28 04:17:32 server po
2020-04-21 03:29	attacks	Brute-ForceExploited Host		AbuseIPDB	Brute force attempt
2020-04-21 03:33	attacks	Port Scan		AbuseIPDB	(smtpauth) Failed SMTP AUTH login from 27.254.38.122 (TH/Thailand/27-254-38-122.lnwhostname.com): 1 in the last 3600 secs; Ports: *; Direction: inout;
2020-04-21 04:07	attacks	Brute-Force		AbuseIPDB	Apr 21 08:07:00 mailman postfix/smtpd[19207]: warning: unknown[27.254.38.122]: SASL LOGIN authentication failed: authentication failure
2020-05-24 22:10	attacks	Brute-ForceSSH		AbuseIPDB	Invalid user codad from 27.254.38.122 port 3890
2020-05-24 23:59	attacks	Brute-ForceSSH		AbuseIPDB	prod6
2020-05-25 01:01	attacks	Brute-ForceSSH		AbuseIPDB	May 25 12:01:06 prod4 sshd\[26141\]: Failed password for root from 27.254.38.122 port 59146 ssh2 May 25 12:01:08 prod4 sshd\[26141\]: Failed password
2020-05-25 02:59	attacks	Brute-ForceSSH		AbuseIPDB	Invalid user valid from 27.254.38.122 port 30280
2020-05-25 10:10	attacks	Brute-ForceSSH		AbuseIPDB	Invalid user codad from 27.254.38.122 port 3890
2020-05-25 13:00	attacks	Brute-ForceSSH		AbuseIPDB	Invalid user codad from 27.254.38.122 port 3890
2020-05-25 16:10	attacks	Brute-ForceSSH		AbuseIPDB	Invalid user codad from 27.254.38.122 port 3890
2020-07-31 15:56	attacks		bi_any_0_1d	BadIPs.com
2020-07-31 15:56	attacks	Brute-ForceMailserver Attack	bi_mail_0_1d	BadIPs.com
2020-07-31 15:56	attacks	Brute-ForceMailserver Attack	bi_postfix-sasl_0_1d	BadIPs.com
2020-07-31 15:56	attacks	Mailserver Attack	bi_sasl_0_1d	BadIPs.com
2020-07-31 15:57	attacks		blocklist_de	Blocklist.de
2020-07-31 15:57	attacks	Brute-ForceMailserver Attack	blocklist_de_mail	Blocklist.de
2020-07-31 16:01	attacks		firehol_level2	FireHOL
2020-07-31 16:02	attacks		firehol_level4	FireHOL
2020-07-31 16:10	attacks	SSH	haley_ssh	Charles Haley
2020-08-01 14:56	attacks	Brute-ForceMailserver Attack	blocklist_de_imap	Blocklist.de
2020-08-04 12:00	attacks	Brute-ForceMailserver Attack	bi_postfix_0_1d	BadIPs.com
2020-11-05 05:11	reputation		alienvault_reputation
2020-11-05 05:13	attacks		bi_http_0_1d	BadIPs.com
2020-11-05 05:14	abuse	Email Spam	blocklist_net_ua	blocklist.net.ua
2020-11-05 05:14	reputation		ciarmy
2020-11-05 05:18	attacks		firehol_level3	FireHOL
2020-11-06 05:49	reputation		iblocklist_ciarmy_malicious

only last 50 and first 10 AbuseIPDB logs are shown

Threats Categories :

abuse

IPs used to spam forum, boards, blogs or smtp servers, automated web scripts or scrappers (bad bots)

anonymizer

Onion Router IP addresses. TOR network IPs, TOR exit points, socks or ssl proxy.

attacks

bruteforce ssh/ftp/system account, IPs that have been detected by fail2ban, ports scan, vulnerabilities scan, DDoS.

malware

Addresses that have been identified distributing malware, form-grabber and stealer, Viruses, Worms, Trojans, Ransomware, Adware, Spyware

Whois

inetnum: 27.254.38.0 - 27.254.38.255
netname: idc-csloxinfo
country: TH
descr: CSLOXINFO-IDC
descr: contact
admin-c: LIA1-AP
tech-c: LIA1-AP
status: ASSIGNED NON-PORTABLE
mnt-by: LOXINFO-IS
mnt-irt: IRT-CSLOXINFO-TH
last-modified: 2014-09-03T02:45:19Z
source: APNIC

irt: IRT-CSLOXINFO-TH
address: CW Tower
address: Ratchadapisek Road, Huai Khwang, Bangkok 10310
phone: +66 2 2638000
fax-no: +66 2 2638790
e-mail: ip_admin@csl.co.th
abuse-mailbox: ip_admin@csl.co.th
admin-c: LIA1-AP
tech-c: LIA1-AP
auth: # Filtered
remarks: ip_admin@csl.co.th was validated on 2020-07-14
mnt-by: CSLOXINFO-IS
last-modified: 2020-07-14T06:17:10Z
source: APNIC

role: Loxinfo IP Admins
remarks: CS LOXINFO PUBLIC COMPANY LIMITED
address: CW Tower
address: Ratchadapisek Road, Huai Khwang, Bangkok 10310
country: TH
phone: +66-2263-8000
fax-no: +66-2263-8790
e-mail: ip_admin@csloxinfo.net
admin-c: LIA1-AP
tech-c: LIA1-AP
nic-hdl: LIA1-AP
mnt-by: CSLOXINFO-IS
last-modified: 2017-06-09T17:43:45Z
source: APNIC

most specific ip range is highlighted

Updated : 2020-09-17