37.49.229.154 Threat Intelligence and Host Information

Aug 17, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 37.49.229.154 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Potentially Malicious Host 🟡 40/100

Host and Network Information

  • Mitre ATT&CK IDs: T1547 - Boot or Logon Autostart Execution

  • Tags: arcade, badrequest, blog, bruteforce, c server, cyber security, ddos, demonbot, developer, dgfa, diseases, first, fuze, hydra, ioc, ’m, malicious, Nextray, overview author, ovh bypass, patch, personal, phishing, probing, revenge, sbidiot, sbidiot iot, scanning, urlhaus, webscan, webscanner, webscanner bruteforce web app attack

  • View other sources: Spamhaus VirusTotal

  • Country: Belize
  • Network:
  • Noticed: 44 times
  • Protocols Attacked: ntp
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America

Malware Detected on Host

Count: 6 b852f325dc248d1c434f77507751dc80ae1af04b4eff148f71a4c90563591008 43fc74e11464b371203259032950c2ad4fe855f10dec19a091a05eac3df2226b c7649c5a28099d6f9ba870f7fef9c06ab6193f857f42b90a7abdfc071ed32bb4 ee3e4cbc7d8dd44323381dbcc99e19886c1c01970a7729908d6c6ed68ba1d63d 475de0093841b0c774ce490d8a5fc141ef4b37cb9d319a33ea09711e57419a0f 21d86df49536ce2d5fe0c83426826828c0dca8c3b5729278629a6d814ae944b7

Map

Whois Information

  • inetnum: 37.49.229.0 - 37.49.229.255
  • netname: ESTOXY-NL-SR-DEDI-01
  • country: NL
  • geoloc: 52.370216 4.895168
  • geofeed: https://geofeed.estoxy.ee/geofeed.csv
  • admin-c: ESTX1-RIPE
  • tech-c: ESTX1-RIPE
  • org: ORG-EO76-RIPE
  • status: ASSIGNED PA
  • mnt-by: ESTOXY-MNT
  • created: 2018-10-04T15:58:55Z
  • last-modified: 2024-08-18T12:07:26Z
  • organisation: ORG-EO76-RIPE
  • org-name: ESTOXY OU
  • country: EE
  • org-type: LIR
  • address: Tornimae tn 3 // 5 // 7
  • address: 10145
  • address: Tallinn
  • address: ESTONIA
  • phone: +372 8801117
  • admin-c: ESTX1-RIPE
  • tech-c: ESTX1-RIPE
  • abuse-c: AR48531-RIPE
  • mnt-ref: ESTOXY-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: ESTOXY-MNT
  • created: 2023-08-14T11:29:18Z
  • last-modified: 2024-01-09T10:55:57Z
  • role: ESTOXY OU Network Administrator
  • address: Tornimäe tn 3 // 5 // 7
  • address: 10145
  • address: Tallinn
  • address: Estonia
  • abuse-mailbox: abuse@estoxy.com
  • nic-hdl: ESTX1-RIPE
  • mnt-by: ESTOXY-MNT
  • created: 2020-02-22T17:25:23Z
  • last-modified: 2024-08-22T13:38:55Z
  • route: 37.49.229.0/24
  • origin: AS3920
  • created: 2024-08-18T12:05:05Z
  • last-modified: 2024-08-18T12:05:05Z
  • mnt-by: ESTOXY-MNT

Links to attack logs

****** awsjap-ntp-bruteforce-ip-list-2021-03-25 awsbah-ntp-bruteforce-ip-list-2021-03-25 ****** awsau-ntp-bruteforce-ip-list-2021-03-22 aws-ntp-bruteforce-ip-list-2021-03-16 aws-ntp-bruteforce-ip-list-2021-03-22 aws-ntp-bruteforce-ip-list-2021-03-25 ****** awsbah-ntp-bruteforce-ip-list-2021-03-22 awsau-ntp-bruteforce-ip-list-2021-03-25

Share on: