65.49.2.27 Threat Intelligence and Host Information

Jan 28, 2026 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 65.49.2.27 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 72/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1005 - Data from Local System, T1027 - Obfuscated Files or Information, T1045 - Software Packing, T1057 - Process Discovery, T1060 - Registry Run Keys / Startup Folder, T1069 - Permission Groups Discovery, T1071 - Application Layer Protocol, T1081 - Credentials in Files, T1089 - Disabling Security Tools, T1105 - Ingress Tool Transfer, T1119 - Automated Collection, T1480 - Execution Guardrails, T1553 - Subvert Trust Controls, T1562 - Impair Defenses, T1568 - Dynamic Resolution, T1573 - Encrypted Channel, T1583 - Acquire Infrastructure, T1590 - Gather Victim Network Information, TA0011 - Command and Control

  • Tags: accept, adversaries, algorithm, analysis, artemis, as15169 google, ascii text, asn united, azure rsa, browse t, channel t, ck id, cnmicrosoft ecc, cnwr2 validity, command, command decode, contact email, contact phone, contentlength, control ta0011, cookie, corporation cus, crlf, cus ogoogle, cus subject, data, data upload, date fri, defense evasion, destination, dns message, dns record, dns requests, dns resolutions, dns response, domain address, domain status, downloader, drop, drop or, drweb, edns padding, email, enter source, error, et info, et trojan, expiration date, extr, extraction, failed, find s, findwindowa, flag, gecko, get http, gmt server, google chrome, google llc, google public, google search, hacktool, herndon, high, html, html document, http, httponly, https, https domain, http status, include, include review, informative, iocs, ip address, ip location, ip traffic, json api, key algorithm, key identifier, key info, khtml, kurier, langchinese, large dns, layer protocol, learn, lf line, list, malware, mcafee, misc activity, msie, name tactics, nettool, number, observed google, ollydbg, omicrosoft cus, openurl c, p3p cp, panda, please click, port, post, prefetch2, query, read c, registrar, registrar abuse, registrar iana, request, resolved ips, response, reverse ns, review ocs, rtdialog, samesitelax, search, search otx, secure, self, server, server ca, share, show, spawns, stwa lredmond, subject public, suspicious, t1071 encrypted, t1573 malware, t1590 gather, texrag, tls issuing, tls sni, tools, tor analysis, trojan, trust, type, typ no, unique rule, united, unknown, update secure, url extraction, url or, us registrant, v3 serial, vipre, virginia, virustotal, win64, windir, window, windows nt, write, youtube

  • JARM: 3fd3fd00000000000043d43d00043dc3b2afa8a5ec09b510a8559aff7899fb

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: stopforumspam_180d, stopforumspam_30d, stopforumspam_365d, stopforumspam_90d, stopforumspam

  • Country: United States
  • Network:
  • Noticed: 1 times
  • Protocols Attacked: spam
  • Countries Attacked: United States of America
  • Passive DNS Results: luxsure.online www.alexandertreef.icu shengifts.icu www.fun123.live telepremium.website sweetslyrics.icu maktcc.space alexandertreef.icu shoutouttomyex.icu funfunfunfest.icu shortram.icu masterclasstou.icu www.lovemunchies.icu lmwdigitalart.fun www.kmlbio.xyz ccdcoe.fun lovemunchies.icu israugust.icu blackjackarmy.icu www.wearesellingma.xyz idsoftware.xyz aristocratfren.icu lasalvadorena.icu growyourbusine.icu cutabovewood.icu exotischekrale.icu webshoppermac.icu kafil-hussain.icu wielderpokerrelive.info swivellifteridentical.info sypatron.com syfriends.org

Malware Detected on Host

Count: 18 88822226f4cd373a452a9b48e32cb3c08210a2537db4223dacb6e2fb05a55646 6eb0b21b01e6326dc3f062c37d64dfe12181ed7f1b0440b2f472fcaeef10cbd9 09410594b9a2578ce3ee1a39d109c3d4082c1c6ecf05f0798a7c9c4062f7c261 104ea8ac2d56e331f994bfc293882350a7033270c2344d8a324bb28c8bc9933f 64d000cabdbfa01b3af829f6f77e7876a6e0319b97103b8da6d6fc06143de2f2 110051e04a404f335ae519efcfd0f13b1a4b07884ca3d7d170b3c11c339bfc48 f7faa4ddd85710c89196cd4991c8e324658685243e50976bb4340744709c89aa d5f9583266192f0d72872b07c69a2fe5d715bdd8b8adfd17a512e37a8b91b6a2 f739408d0754cf5617b7be1922a5bbfba306ed25c5bff94483601cdaf396ecc7 1afddb1cab220f1bb60110dbef8b1e86cfe93db3c6ed4988c6e7f48d740ff19f

Open Ports Detected

10000 10001 10002 10005 10007 10022 10034 10045 10046 10049 10052 10068 10134 10200 10201 10210 10250 10251 10393 10398 10477 10533 10909 10911 10935 11000 11112 11184 11210 11211 11288 11300 11371 11401 11434 11443 11681 11688 11920 12000 12105 12121 12127 12128 12131 12145 12156 12167 12169 12173 12174 12177 12188 12193 12196 12199 12202 12212 12213 12214 12229 12230 12241 12245 12253 12261 12277 12278 12281 12288 12289 12298 12301 12311 12317 12332 12336 12340 12345 12349 12351 12356 12358 12361 12363 12365 12371 12377 12378 12383 12427 12463 12464 12475 12493 12499 12502 12504 12519 12521 12523 12524 12528 12535 12538 12555 12559 12561 12568 12574 12578 12583 12589 12601 13000 13443 13579 14024 14101 14147 14265 14344 14895 14905 14909 15002 15044 15084 16010 16024 16029 16030 16032 16037 16041 16045 16062 16064 16065 16079 16086 16092 16094 16096 16102 16103 16311 16831 16992 16993 17443 18001 18006 18009 18014 18019 18020 18023 18033 18040 18044 18052 18053 18057 18058 18081 18093 18200 18245 18556 18789 19000 19013 19071 19080 19090 19902 19999 20000 20100 20107 20150 20202 20256 20443 20547 20800 20880 21001 21002 21025 21084 21200 21234 21247 21249 21252 21253 21282 21284 21290 21292 21294 21300 21301 21313 21316 21317 21320 21357 21379 22084 22206 22345 22556 23023 23084 23424 24442 24472 25001 25006 25008 25105 25565 27015 27017 28017 28080 28818 30002 30003 30006 30015 30023 30027 30050 30083 30120 30123 30894 31001 31337 31444 32400 32764 33060 35000 35101 35153 35522 35531 35559 36982 37215 38880 44158 443 44302 44500 44818 47001 47080 47990 49152 49153 50000 50004 50011 50013 50050 50070 50101 50102 50103 50104 50105 50443 51001 51004 51106 51201 52311 52869 54138 54857 55000 55442 55443 55470 55553 55554 55555 57781 57785 58378 60000 60001 60010 60030 60129 61613 61616 62078 63210 63256 63260 8001

Map

Whois Information

Links to attack logs

****** forum-spam-ip-list-2013-07-24 ****** ******

Share on: