37.48.65.148 Threat Intelligence and Host Information

Jan 08, 2026 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 37.48.65.148 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 80/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003.008 - /etc/passwd and /etc/shadow, T1003 - OS Credential Dumping, T1005 - Data from Local System, T1010 - Application Window Discovery, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1036.004 - Masquerade Task or Service, T1036 - Masquerading, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056.001 - Keylogging, T1057 - Process Discovery, T1059.002 - AppleScript, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1068 - Exploitation for Privilege Escalation, T1069 - Permission Groups Discovery, T1071.001 - Web Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1078.004 - Cloud Accounts, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1090 - Proxy, T1096 - NTFS File Attributes, T1105 - Ingress Tool Transfer, T1106 - Native API, T1110.002 - Password Cracking, T1112 - Modify Registry, T1114 - Email Collection, T1129 - Shared Modules, T1133 - External Remote Services, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1210 - Exploitation of Remote Services, T1218 - Signed Binary Proxy Execution, T1448 - Carrier Billing Fraud, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1457 - Malicious Media Content, T1480 - Execution Guardrails, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1546 - Event Triggered Execution, T1548 - Abuse Elevation Control Mechanism, T1553 - Subvert Trust Controls, T1562.003 - Impair Command History Logging, T1566 - Phishing, T1583.005 - Botnet, T1583 - Acquire Infrastructure, T1588 - Obtain Capabilities, T1600 - Weaken Encryption, TA0009 - Collection, TA0011 - Command and Control, TA0037 - Command and Control

  • Tags: aaaa, active, active2, active related, address, adversaries, alexa, alexa top, algorithm, all octoseek, all search, analyze, analyzer, android, anonymizer, api blog, apple, apple app store compromise, apple computer, apple support compromise, app store, as43350 nforce, ascii text, attack, august, auto-generated security, backdoor, bank, banking, beginstring, blacklist, blacklist https, bluenoroff, body, body length, boeing, bot, botnet, bot network, breadcrumbs, briannsabey breadcrumbs, bundled, ca g2, certificate, cfqirgdhj5, cfqirgdhj5 http, cfqirgdhj5 url, chaos, cisco umbrella, city, city center, ck id, ck ids, class, click, cname, cobalt strike, code, collections, command, commandand_and_control, command_and_control, communicating, comspec, connections, connections ip, contact, contacted, contacted urls, contact phone, cookie, copy, copyright, core, count blacklist, country, country us, cracked, create new, creation date, critical, csc corporate, cus cnapple, cyber crime, cybercrime, dangerous, dark power, dark web, data, data brokers, data leak, date, dead, death, december, de indicators, delete, delete c, detection list, dga domains, dgs, digital profile, dinkle threat, discord, displayname, dns replication, dock, docs pricing, domain, domains, domain status, downloader, dropped, dynamicloader, ecc ca, email, emotet, error, et, et tor, execution, exit, expiration, exploit, factory, family, february, feeds ioc, file, file encryption, filehashmd5, filehashsha1, filehashsha256, files, final url, firehol gozi, formbook, foundry, frankfurt, g1 oapple, galaxy, galaxy watch, games, gear s, gear s2, gear s3, gear sport, general, general full, generator, genericm, germany, get h2, getprocaddress, gmbh version, gmt connection, gopher, gpt analyzer, hackers, hacktool, hallrender, hash, hashes, headers, headers date, hello, high, highly targeted, hijacker, historical, historical ssl, home visitor, hostname, hostnames, http, httphttps, http response, hybrid, icloud compromise, indicator, indicator role, infection, info, informative, info stealers, initial access, injection, installer, intel, iocs, ioc search, ios, ip address, ipconfig, ip summary, ipv4, jetblue, json data, july, kb body, keylogger, known tor, kryptik, kx81xdbx0f, landersystem, lazarus, learn, life, localappdata, login, lolkek, lookups, main, makop, malicious, malicious site, malicious url, maltiverse, malvertizing, malware, malware site, masquerading, maxage86400, media center, meta, metro, metroby-tmo, microsoft, million, misc attack, mitre att, mkdir, model, monitoring, mortis.com, msie, myundeadneighbor, name, name tactics, name verdict, nanocore, netherlands, netstant, network, networm, new ioc, neworder.doc, next, njrat, no data, node tcp, node traffic, no expiration, ntfs file, null, number, object, obz4usfn0, obz4usfn0 http, obz4usfn0 url, octoseek, ogh16lvhjbmx, open path, orgid, orgtechhandle, orgtechref, otx octoseek, parking crew, parking payload, parklogic, park pages, passive dns, password, paste, path, pattern match, payload, payloads, paypal, pcap, pdf report, pe resource, persistence, phishing, phishing att, phishing site, ping, pit, play ransomware, porn, post, postal code, powershell, privacy admin, privacy tech, project, protocol h2, psalms 37, ptbj4pdjphx, public key, public server, pulse submit, pulse use, push, putty, python infostealer, quasar, quasar rat, qwest, ransomexx, ransomware, ratel, rauschenberg, record type, record value, red, redacted for, redline stealer, referrer, refresh, registrar, registrar abuse, registrar url, registrar whois, registry, registry arin, registry domain, regsetvalueexa, relacionada, related pulses, relayrouter, remote, remote keylogger, renos, reputation, resolutions, reverse dns, rotor, rsa cn, rtechhandle, rtechref, safe site, sample, samples, samsug, samsung galaxy, scan endpoints, schstasks, screenshot, script, sddl, search, search live, security, security tls, server, servers, service, serving ip, setcookie geous, sfqh4dt74w0 url, sha256, shellexecuteexw, showing, show technique, siblings parent, site, slcc2, soc, software, sophisticated, spammer, span, spawns, ssl certificate, status code, stealer, stevens creek, stream, streaming, strings, summary, suspicious, t1031, t1096, T1622 - Debugger Evasion, tag count, tag tag, targeting, team, teams, teams api, temp, threat, threat analyzer, threat report, threat roundup, tld count, t-mobile, tofsee, tools, tor known, tor relayrouter, tracking, traffic, trojan, tsara brashears, ttl value, tulach, type indicator, ukhdaauqaaaaaac, unicode text, union, unique, united, united kingdom, unknown, unknown ns, url analysis, url http, url https, urls, urls https, url summary, usbank, v3 serial, validity, value, variables, verdict, vj87, vmware, vy2jexg4or5x, watch, webp, whois record, whois ssl, whois whois, win32, win32tofsee, win32tofsee att, win64, windir, windows, windows nt, windstream communications llc, wow64, write, writeconsolew, wx99xcdx11, x82xd4, x86xd3, xa1xf1, xe8xc2x14, yara rule, zombie devices

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: hphosts_ats, hphosts_emd, hphosts_fsa, hphosts_psh, hphosts_wrz

  • Country: Netherlands
  • Network:
  • Noticed: 24 times
  • Protocols Attacked: SSH
  • Countries Attacked: Netherlands, Poland, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: crosoftonline.com adiglobaldistributions.us suffolktax.us worldofwellpath.us nonlyfans.com cabanaparkapartments.com smartcentsautosales.com gitmedlaw.com wwnorthon.com mymerzportal.com kdelaer.com biyahetabaitravel.sabrosotsokolate.com.ph ww5.5s2.ph pj.ph z8p.ph vt3.ph y5a.ph xt5.ph yee.ph co2.ph piratamundo.com sexiezpics.com cracktop.com 2guys1horse.com atdhenet.tv www.en-gay.xvideos100.mx ww.reqltor.com allinvalley.com www.localhookup5.com coinmasterpc.com mypornvid.fun eop.ph olveramusic.net 18gfs.com ww2.hdss.best cdj.lix.tools unblockit.black cdn10.mypornvid.fun cdn5.mypornvid.fun putul.cyou li.petrospizzarestaurant.com midnightofficial.xyz tanayasua.com amp.mypornvid.fun cdn8.mypornvid.fun pornblogspace.com asianforumer.com segavideo.xyz plant.92mg7.com blogdjm.com selvpluk.com natpurnews.com adempiereforge.red1.org ww5.trynyro.com crazysaloon.com dhx.ph ww5.owk.ph memos.com.ph friday.ph chinesefooddelivery.com.ph myhome.com.ph asianlandcorp.com.ph kidpreneur.ph 3fl.ph 3wp.ph sight.ph queen777.com.ph hermosa.ph 50l.ph gsw.ph 2zb.ph 25z.ph oup.ph oun.ph wx7.ph 1fn.ph 1tn.ph 30j.ph 1x3.ph ofg.ph ww2.nameastar.ph 8n8.ph 68s.ph gn6.ph hz1.ph ldt.ph to-persiancarpet.ph hotefile.com 23c.ph 3tec.com.ph 5jl.ph 2xw.ph taskforce.ph hookup.ph mothersmilk.ph na.ph royalty.com.ph 8fd.ph qo8.ph 3tr.ph 7a4.ph 4dr.ph 8hv.ph xnf.ph jjs.ph 8su.ph ys2.ph ptr.ph vdr.ph y-i.ph f11.ph hks.ph gshw.ph thdmailhomedepot.com tbl.com.ph ox8.ph ww5.7gm.ph lm4.ph ww5.www-jk4.com.ph bxh.ph sitesunlimited.com.ph teb.ph co.com.kqhrkt.ph aan.ph b8c.ph agk.ph atj.ph 7rd.ph d0b.ph 5uo.ph jedc.ph mkq.ph zhk.ph mrsfields.com.ph rrgmaritime.com.ph dby.ph pzh.ph xq6.ph ezb.ph wv0.ph ef0.ph cg7.ph coffeedelivery.ph feifei.ph ygw.ph mjf.ph hastevpn-internet.com.ph svbwacknp.com.ph ematrix.com.ph xbt.ph convent.ph ogag.ph blgupoblacionnorth.com.ph tmg.ph 5xm.ph jr.ph ps7.ph vqg.ph g00gle.c0m.ph pmts.ph ratex.ph mfe.ph fw6.ph x70.ph ax1.ph r50.ph quxng.ph jbx.ph 7ig.ph im7.ph mmi.ph tf3.ph g8n.ph s-j.ph newwashington.ph klp.ph a3x.ph pdex.ph metrosec.com.ph 48k.ph 3cm.ph siliguri.ph protech.ph qp8.ph brainsway.com.ph wf4.ph iz3.ph rbd.ph al4.ph suw.ph 4p1.ph 34f.ph 3jl.ph 3wu.ph jg6.ph 1ys.ph 6mq.ph cfq.ph k21.ph chrome.org.ph hgy.ph tenants.ph c3q.ph jpy.ph ere.ph yi5.ph cxc.ph i5w.ph elnidopalawan.ph productivity.ph workin.ph 0yr.ph photocopier.ph flatiron.ph happyeatersclub.ph gkm.ph 8xc.ph 7fc.ph la1.ph costamaya.com.ph ssss.com.ph plf.ph y1h.ph chia.ph bees.ph v4y.ph hoteldelrio.com.ph stceciliascollegeedu.ph u4w.ph byu.ph uwe.ph 40c.ph nwv.ph avilonzoo.com.ph sfcorp.com.ph tanlimcobros.com.ph tarlac.com.ph fittofight.ph chia.com.ph healthonepass.com.ph livewellclub.ph hru.ph oo.ph hra.ph 5u8.ph qph.ph 3wc.ph 1gt.ph wob.ph f0f.ph gsx.ph nrf.ph ebayconnectcommerce.ph qy6.ph jpf.ph sugarbay.ph ww5.8l9.ph blz.ph ix3.ph kph.ph 7s6.ph e6o.ph perties.ph q3p.ph e4q.ph alida.com.ph amendozatrucking.ph feta.com.ph oldironsidefakes.com.ph skinzonenailbarandspa.com.ph iwant.com.ph sm99.ph agnes.ph fabricfield.ph glucopro.com.ph infuturo.ph youporn.com.ph vanitycenter.ph taclobanplazahotel.com.ph dxdx26yd.org.ph saitech.com.ph web24.ph yamiplay.ph yu4.ph d2o.ph n5q.ph wap.net.ph ra0.ph e1k.ph winningplus.ph gpu.ph scinet.ph kwj.ph wan.ph exd.ph v3n.ph s-g.ph lof.ph electrosoft.com.ph dingyong.ph zz3.ph p5c.ph listingin.ph uly.ph kotex.ph organicgreencoffee.ph wyl.ph dwe.ph reach.net.ph cpmp.ph rl5.ph elb.ph mindo.ph cruz.ph iul.ph j04.ph sample.com.ph metrotech.com.ph pir.ph dgg.ph ki5.ph nq6.ph ilovevip.ph embcfi.org.ph debtcollection.ph skylineceiling.ph metroeast.ph 9yv.ph ich.ph kux.ph schcky.ph yrh.ph pilotage.com.ph aue.ph rn9.ph l3k.ph paris.ph ehealth4hepatitis.ph ecologicalmachinetechnik.com.ph arieljavelosa.ph ix.ph dlb.ph kultura.ph bh5.ph aph.ph zn1.ph 4f4.ph s5u.ph ww5.qbk.ph legal-solutions.ph k6g.ph ku4.ph zj0.ph o1h.ph fg8.ph cq2.ph asj.ph jjd.ph i83.ph y0h.ph o28.ph t3z.ph bi0.ph p0p.ph rlh.ph m6j.ph remotelink.com.ph 4cc.ph bpi.net.ph yib.ph xp7.ph gz.ph k7.ph mobitest.via.com.ph myweather.ph r70.ph me.ph gpx.ph o7f.ph rns.ph g91.ph omron.ph scentmall.ph xp9.ph nkz.ph redfin.ph nyv.ph mki.ph ww5.m7.ph 9tr.ph ww5.rkg.ph ww5.0yo.ph ww5.vyo.ph bullbar.com.ph ww5.o4.ph mispelis24.com z3d.ph 3ax.ph 4c8.ph 51n.ph 3st.ph ww5.pg.ph ww5.1q9.ph 3et.ph 3qm.ph 1w1.ph 3e2.ph ww5.ba9.ph ww5.p33.ph bjhnkb.ph 2q6.ph bz.ph f5b.ph vs.ph diadelosmuertos.us management.giveaway.ph m1pay.com.ph ww5.e1h.ph minorsem.bayandsl.ph ww5.o1u.ph atz.ph 1aa.com.ph ww5.o1l.ph shd.ph 76a.ph 7m0.ph fsy.ph ww2.moreprops.com ww5.9ow.ph ww5.z8d.ph ww5.n-l.ph jp-c7dd8930cc53c927b1281b7dd54dd4b18e67b847.ph ww5.l03.ph ww5.0oy.ph 1jw.ph www2.amazon.c0.jp-fca0ca029f9f6e6ee4da108babb11847ded43710.ph 6of.ph 3ar.ph ww5.s18.ph ww5.9qi.ph ww5.0no.ph ww5.6ho.ph elitenovaplastic.com.ph ww5.ome.ph fabrications.ph royalsrebels.ph mobilephotography.ph 2n1.ph hbo.ph ww5.3lw.ph wehaertit.com tranunion.co tourismkhmer.com remarkeble.com mainavecleaners.com yelang5127.com thealexisskyy.com wvvw.amaz0n.c0.jp-fca0ca029f9f6e6ee4da108babb11847ded43710.ph goodlife.info summitroleplay.com bella-figura.co.uk ww5.czc.ph co.jp.ac13b13573bbc8f85984c209a181c8bcfb568a73.ph amazon.co.jp.zthbkj.ph coinloft.ph ww5.6g4.ph tz0.ph sotaychame.com xm.ph blog.randell.ph ww5.95n.ph bie.ph 5mh.ph sf9.ph 3pd.ph gdb.ph tze.ph 8an.ph z92.ph 23e.ph pj2.ph n8e.ph tkm.ph ww5.idw.ph ww5.26i.ph ww5.oos.ph ww5.us.ph 7mh.ph apgov.org 2ms.ph ww5.am6.ph hero.ph ww5.84u.ph ww5.onlinecareerhub.ph ww5.1jo.ph ww5.2a6.ph tl7.ph 4yy.ph z4p.ph ul9.ph

Malware Detected on Host

Count: 233 3e2f1e69dff0de2ce7090c46d3e3b25b1f9cff130678ee7f6ac923b88c6332fa fe7d7fe91c5a9efaabaa76156eb6e60e0617cfcbffc634d015b5655775ab2afb 44b80a04666b1d0829b941851d1e9b3aa1b23a4b9826fe6a412d34590db700cc e04c800ddf235e871a07eb327fba71a110ce30721477e7d239f0252f74c63360 a9feed9d3999d46c7aad50ea9b4e961a3ab14a15bcf49635722dea943b76d220 a468a6ba84b10e8a8cc61ec1f4168b20334187bf7c1382dcf4d6d91dd3d1dab1 591c97d98522113bbfc3d2fee039ed8b0c5b85f22a91d08eaff3b0bf9ef5a828 200502f1bac93903f574d378568e1ca28e6ffebc5c411435876a2a20dec6d8bb 4d50b265b2cda0c411d995aab2b590d98bbaa00d82c06b45c3b0e81644475cf3 56c70ae7f9d1bcbab59349707cd3d16c0174106769c3f5c83c442670dcd0599d

Open Ports Detected

1022 53 80 8080

Map

Whois Information

  • inetnum: 37.48.64.0 - 37.48.127.255
  • netname: NL-LEASEWEB-20120124
  • country: NL
  • org: ORG-OB3-RIPE
  • admin-c: lswn1-RIPE
  • tech-c: lswn1-RIPE
  • status: ALLOCATED PA
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: LEASEWEB-NL-MNT
  • mnt-lower: LEASEWEB-NL-MNT
  • mnt-domains: LEASEWEB-NL-MNT
  • mnt-routes: LEASEWEB-NL-MNT
  • created: 2012-01-24T10:32:05Z
  • last-modified: 2017-11-16T10:27:09Z
  • organisation: ORG-OB3-RIPE
  • org-name: LeaseWeb Netherlands B.V.
  • country: NL
  • org-type: LIR
  • address: Postbus 93054
  • address: 1090BB
  • address: Amsterdam
  • address: NETHERLANDS
  • phone: +31203162880
  • fax-no: +31203162890
  • admin-c: lswn1-RIPE
  • abuse-c: LWAD-RIPE
  • mnt-ref: RIPE-NCC-HM-MNT
  • mnt-ref: LEASEWEB-NL-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: LEASEWEB-NL-MNT
  • created: 2004-04-17T11:42:05Z
  • last-modified: 2020-12-16T12:49:01Z
  • role: Leaseweb NL NOC
  • address: Hessenbergweg 95, 1101 CX. Amsterdam
  • admin-c: SPW1-RIPE
  • nic-hdl: lswn1-RIPE
  • mnt-by: LEASEWEB-NL-MNT
  • created: 2017-11-16T10:05:00Z
  • last-modified: 2022-07-05T12:59:36Z
  • route: 37.48.64.0/18
  • descr: LEASEWEB
  • origin: AS60781
  • mnt-by: LEASEWEB-NL-MNT
  • created: 2014-03-10T13:15:47Z
  • last-modified: 2020-04-22T12:18:40Z
Share on: