37.120.210.211 Threat Intelligence and Host Information

Jan 30, 2026 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 37.120.210.211 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 65/100

Host and Network Information

  • Mitre ATT&CK IDs: T1068 - Exploitation for Privilege Escalation, T1102 - Web Service, T1189 - Drive-by Compromise, T1547 - Boot or Logon Autostart Execution, T1566 - Phishing

  • Tags: adobe, agent tesla, amadey, anatsa, android, april, arechclient2, asyncrat, asyncrat link, august, auto-generated security, belgium, BitTorrent, brazil, clearfake, clickfix, cobaltstrike, coinminer, compromise, cvss, cvss base, cyber security, darktortilla, date, dateadded, dcrat, dragonforce, february, file name, flash, friday, germany, gmail, godfather, godfather android, google, group, grouped, havoc, interlock, ioc, iocs, italy, june, kb5062554, lazarus, magento, malicious, malware, malware url, microsoft, mozi, mozi link, mtn, Nextray, nullbulge, P2P, patch, phishing, plugman23333, ransomhub, redline stealer, remcos, romania, ruby, russia, service, sha values, sliver, slovakia, sonicwall, stealc, steam, submit date, tags, telecom, telegram, turkey, ukraine, urls http, urls https, week, windows, wordpress

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: blocklist_net_ua, greensnow

  • Country: Japan
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: Anonymous Proxy
  • Countries Attacked: Australia, Canada, Czechia, Denmark, Estonia, France, Germany, Iran Islamic Republic of, Korea Democratic People’s Republic of, Korea Republic of, Latvia, Lithuania, Norway, Poland, Romania, Russian Federation, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: xn–28jte.com wasatako.i234.me maruzensky.direct.quickconnect.to toyama-kasumi.direct.quickconnect.to maruzensky.dsmynas.com storage.nsupdate.info nts673.myqnapcloud.com runico-nas.direct.quickconnect.to fubuking.vpnplus.to snkno.duckdns.org warzonne.publicvm.com timairvpn.ddns.net runico.synology.me misty-corps.com bobohleach.duckdns.org

Malware Detected on Host

Count: 14 f2eda0e0ac1ac5e62e503f39b807f3c5f8048fa1f39d8ab9d0c6ecc120a09abc a4e2831f3935f878db688b322f6f3f4bee64a357a736e171ccd6ac7ea95bb5c8 8872a45a4dc167bccd6bacf7fe7a2e1226b6d0d715c254f70b2d11861a580c9e b4d1d20321483c492c88866519edfcc557ca922bfdc114c18950934af1aa19b1 53a4727b9456dee6c0569d912fbc3184d953fb8009ab380204cc9b72ffd36c59 ad9d5dd27683e2b2986d098ea2f3a5447b2b75934dfcb4b069f7d6ce32170507 efeeb8a6aeddf03ca001d592db25027d4250b54e011036ddb198252a2f3af40b a2d3c868667e2b702c9894b297237247a9b106622e4b1be54cb068a7ba9fe08c a37b76412009111fc03e3b0197dbd0a8a97cb273861ceb08b79f186055c93d1b a748ce02905bed11e738d78ffd3c0b123469e8284e3a0d87c135ac576a4aa9ca

Map

Whois Information

  • inetnum: 37.120.210.0 - 37.120.210.255
  • netname: M247-LTD-TOKYO
  • descr: M247 LTD Tokyo Infrastructure
  • country: JP
  • geoloc: 35.6222 139.7455
  • admin-c: GBXS24-RIPE
  • tech-c: GBXS24-RIPE
  • status: ASSIGNED PA
  • mnt-by: SDAT-MNT
  • mnt-routes: GLOBALAXS-MNT
  • mnt-domains: GLOBALAXS-MNT
  • created: 2019-07-03T15:15:24Z
  • last-modified: 2019-07-03T15:15:24Z
  • role: GLOBALAXS TOKYO NOC
  • address: 2 Chome-1-17 Higashishinagawa, Shinagawa
  • address: Tokyo 140-0002, Japan
  • abuse-mailbox: abuse@m247.ro
  • nic-hdl: GBXS24-RIPE
  • mnt-by: GLOBALAXS-MNT
  • created: 2017-10-17T16:49:19Z
  • last-modified: 2018-07-18T11:04:41Z
  • route: 37.120.210.0/24
  • origin: AS9009
  • mnt-by: GLOBALAXS-MNT
  • created: 2019-07-03T15:34:14Z
  • last-modified: 2019-07-03T15:34:14Z

Links to attack logs

anonymous-proxy-ip-list-2026-01-28

Share on: