37.44.238.68 Threat Intelligence and Host Information

Sep 13, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 37.44.238.68 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 60/100

Host and Network Information

Mitre ATT&CK IDs: T1078 - Valid Accounts, T1083 - File and Directory Discovery, T1098.004 - SSH Authorized Keys, T1105 - Ingress Tool Transfer, T1110.004 - Credential Stuffing, T1110 - Brute Force
Tags: 1049h, 32-bit, 36mUsername, 404, 501, 5r3fqt67ew531has4231, 64-bit, 90775886812, Amadey, android, apk, APT, arm, ascii, AsyncRAT, banker, base64, BeaverTail, bitbucket, bitter, botnetdomain, brute force, bruteforce, Bruteforce, Brute-Force, BXRat, by, byu, censys, cisco, citrix, CobaltStrike, combinations, compromise ipv4, ConnectBack, connectwise, cowrie, craxsrat, DBatLoader, ddos, decoy, dll, doc, donutloader, dropped-by-IDATDropper, elf, EliteBot, EliteBotnet, Encoded, exe, extracted, fakeupdate, fbi.gov, Formbook, gafgyt, GetShell, Gh0stRAT, gs003, gs005, hajime, HavocC2, hidakibest, honeytrap, hta, IDATDropper, IGz, iocs, ipv4 port, irc, JanelaRat, js, kfsensor, LAMP, latam, Lazarus, linux, lnk, lnk-commandline, Logicnet, LummaStealer, lusibuck, malicious, malware, masjesu, MeduzaStealer, Metasploit, meterpreter, mips, mirai, mirai botnet, ModiLoader, moobot, Mozi, msi, NetSupport, NetSupportRAT, njRAT, opendir, Ousaban, PDF, PhemedroneStealer, png, powershell, ps1, pw-90775886812, python, PythonStealer, rar, rat, rdp, RedLineStealer, remcos, RemcosRAT, rev-base64-loader, reversed, reversedbase64, RTF, sftp, sh, sha1, sha256, SmartApeSG, SocGholish, SPAM-ITA, spyware, ssh, SSH, Stealc, StrelaStealer, strrat, tanner, Themida, toggle, trojan, ua-wget, webdav, Wikipedia, WsgiDAV, x86-64, xml-opendir, zip
View other sources: Spamhaus VirusTotal

Country: France
Network:
Noticed: 50 times
Protocols Attacked: ntp ssh
Countries Attacked: Australia
Passive DNS Results: conn.masjesu.zip

Malware Detected on Host

Count: 38 ca911e49a5d6f316b940aaba0adc08f77c4d3fe0a8e15ae6c0c28f5766ee3edf 0c7fec4eda4cc5b8f9232261acf988af25d45c744cbcac16d96d651c52a3aaae 2fcd26776ac108c2706726727122854d170c33f298a11e969f86a31507a84924 c81ed10a23a01ccc97adb4c812cf8cfdf406e9454f3e8bdfc5da23d084d4960c 02f32fe9cae7884111ace9be512cc00ff499f86b451bb9c2ff724f523eb0f753 a2ba7820322404372128dce3fee91a656e5b680cd23d6267497b91cd651f4b39 afafc140f5b9bd90885bd429fcbdb99934e19d3037d83fccff1f82c5030f13c4 5fae9e3c6a9c3b487656d88ffc4a64ad7eab13d5a59cffd9c8238497ba048807 161c17563c85aaccfbfe226b5707e8d012a0678d6fd0c6fc812a72a9edf14584 18c51127f3807cfddf9b916049788da042f8aecf227e8bd65beba5049ec10dc4

Open Ports Detected

Map

Whois Information

inetnum: 37.44.236.0 - 37.44.239.255
netname: FR-FBW-NETWORKS-20181112
country: FR
org: ORG-FNS23-RIPE
admin-c: GML75-RIPE
tech-c: GML75-RIPE
status: ALLOCATED PA
mnt-by: lir-fr-fbw-networks-1-MNT
mnt-by: RIPE-NCC-HM-MNT
created: 2024-01-02T10:04:53Z
last-modified: 2024-01-02T10:04:53Z
organisation: ORG-FNS23-RIPE
org-name: FBW NETWORKS SAS
country: FR
org-type: LIR
address: 16 rue Grange Dame Rose
address: 78140
address: Vélizy Villacoublay
address: FRANCE
phone: +33184207217
admin-c: GML75-RIPE
tech-c: GML75-RIPE
abuse-c: AR65110-RIPE
mnt-ref: lir-fr-fbw-networks-1-MNT
mnt-ref: RELCOMGROUP-EXT-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: lir-fr-fbw-networks-1-MNT
created: 2021-09-16T10:31:33Z
last-modified: 2022-06-01T14:17:54Z
role: Gautier MARSOT LEMAIRE
address: FRANCE
address: Vélizy Villacoublay
address: 78140
address: 16 rue Grange Dame Rose
phone: +33184207217
nic-hdl: GML75-RIPE
mnt-by: lir-fr-fbw-networks-1-MNT
created: 2021-09-16T10:31:32Z
last-modified: 2021-09-16T10:31:33Z
route: 37.44.238.0/24
origin: AS34534
mnt-by: mnt-fr-hhosting-1
mnt-by: mnt-fr-hhosting-1
created: 2022-02-08T11:57:43Z
last-modified: 2022-02-08T11:57:43Z
route: 37.44.238.0/24
origin: AS49434
mnt-by: mnt-fr-hhosting-1
created: 2020-02-11T10:34:45Z
last-modified: 2020-02-11T10:34:45Z

Links to attack logs

Share on: