37.48.65.149 Threat Intelligence and Host Information

Oct 20, 2025 ipinfopage

General

This page contains threat intelligence information for the IPv4 address 37.48.65.149 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Known Malicious Host 🔴 80/100

Host and Network Information

  • Mitre ATT&CK IDs: T1003.008 - /etc/passwd and /etc/shadow, T1003 - OS Credential Dumping, T1005 - Data from Local System, T1010 - Application Window Discovery, T1027 - Obfuscated Files or Information, T1031 - Modify Existing Service, T1036.004 - Masquerade Task or Service, T1036 - Masquerading, T1045 - Software Packing, T1053 - Scheduled Task/Job, T1055 - Process Injection, T1056.001 - Keylogging, T1057 - Process Discovery, T1059.002 - AppleScript, T1059.007 - JavaScript, T1059 - Command and Scripting Interpreter, T1060 - Registry Run Keys / Startup Folder, T1068 - Exploitation for Privilege Escalation, T1069 - Permission Groups Discovery, T1071.001 - Web Protocols, T1071.003 - Mail Protocols, T1071.004 - DNS, T1071 - Application Layer Protocol, T1078.004 - Cloud Accounts, T1082 - System Information Discovery, T1083 - File and Directory Discovery, T1090 - Proxy, T1096 - NTFS File Attributes, T1105 - Ingress Tool Transfer, T1106 - Native API, T1110.002 - Password Cracking, T1112 - Modify Registry, T1114 - Email Collection, T1129 - Shared Modules, T1133 - External Remote Services, T1140 - Deobfuscate/Decode Files or Information, T1143 - Hidden Window, T1210 - Exploitation of Remote Services, T1218 - Signed Binary Proxy Execution, T1448 - Carrier Billing Fraud, T1449 - Exploit SS7 to Redirect Phone Calls/SMS, T1457 - Malicious Media Content, T1480 - Execution Guardrails, T1497 - Virtualization/Sandbox Evasion, T1518 - Software Discovery, T1546 - Event Triggered Execution, T1548 - Abuse Elevation Control Mechanism, T1553 - Subvert Trust Controls, T1562.003 - Impair Command History Logging, T1566 - Phishing, T1583.005 - Botnet, T1583 - Acquire Infrastructure, T1588 - Obtain Capabilities, T1600 - Weaken Encryption, TA0009 - Collection, TA0011 - Command and Control, TA0037 - Command and Control

  • Tags: aaaa, active, active2, active related, address, adversaries, alexa, alexa top, algorithm, all octoseek, all search, analyze, analyzer, android, anonymizer, api blog, apple, apple app store compromise, apple computer, apple support compromise, app store, as43350 nforce, ascii text, attack, august, backdoor, bank, banking, beginstring, blacklist, blacklist https, bluenoroff, body, body length, boeing, bot, botnet, bot network, breadcrumbs, briannsabey breadcrumbs, bundled, ca g2, certificate, cfqirgdhj5, cfqirgdhj5 http, cfqirgdhj5 url, chaos, cisco umbrella, city, city center, ck id, ck ids, class, click, cname, cobalt strike, code, collections, command, commandand_and_control, command_and_control, communicating, comspec, contact, contacted, contacted urls, contact phone, cookie, copy, copyright, core, count blacklist, country, country us, cracked, create new, creation date, critical, csc corporate, cus cnapple, cyber crime, cybercrime, cyber security, dangerous, dark power, dark web, data, data brokers, data leak, date, dead, death, december, de indicators, delete, delete c, detection list, dga domains, dgs, digital profile, dinkle threat, discord, displayname, dns replication, dock, docs pricing, domain, domains, domain status, downloader, dropped, dynamicloader, ecc ca, email, emotet, error, et, et tor, execution, exit, expiration, exploit, factory, family, february, feeds ioc, file, file encryption, filehashmd5, filehashsha1, filehashsha256, files, final url, firehol gozi, formbook, foundry, frankfurt, g1 oapple, galaxy, galaxy watch, games, gear s, gear s2, gear s3, gear sport, general, general full, generator, genericm, germany, get h2, getprocaddress, gmbh version, gmt connection, gopher, gpt analyzer, hackers, hacktool, hallrender, hash, hashes, headers, headers date, hello, high, highly targeted, hijacker, historical, historical ssl, home visitor, hostname, hostnames, http, http response, hybrid, icloud compromise, indicator, indicator role, infection, info, informative, info stealers, initial access, injection, installer, intel, ioc, iocs, ioc search, ios, ip address, ipconfig, ip summary, ipv4, jetblue, json data, july, kb body, keylogger, known tor, kryptik, kx81xdbx0f, landersystem, lazarus, learn, life, localappdata, login, lolkek, lookups, main, makop, malicious, malicious site, malicious url, maltiverse, malvertizing, malware, malware site, masquerading, maxage86400, media center, meta, metro, metroby-tmo, microsoft, million, misc attack, mitre att, mkdir, model, monitoring, mortis.com, msie, myundeadneighbor, name, name tactics, name verdict, nanocore, netherlands, netstant, network, networm, new ioc, neworder.doc, next, Nextray, njrat, no data, node tcp, node traffic, no expiration, ntfs file, null, number, object, obz4usfn0, obz4usfn0 http, obz4usfn0 url, octoseek, open path, orgid, orgtechhandle, orgtechref, otx octoseek, parking crew, parking payload, parklogic, park pages, passive dns, password, paste, path, pattern match, payload, payloads, paypal, pcap, pdf report, pe resource, persistence, phishing, phishing att, phishing site, ping, pit, play ransomware, porn, post, postal code, powershell, privacy admin, privacy tech, project, protocol h2, psalms 37, public key, public server, pulse submit, pulse use, push, putty, python infostealer, quasar, quasar rat, qwest, ransomexx, ransomware, ratel, rauschenberg, record type, record value, red, redacted for, redline stealer, referrer, refresh, registrar, registrar abuse, registrar url, registrar whois, registry, registry arin, registry domain, regsetvalueexa, relacionada, related pulses, relayrouter, remote, remote keylogger, renos, reputation, resolutions, reverse dns, rotor, rsa cn, rtechhandle, rtechref, safe site, sample, samples, samsug, samsung galaxy, scan endpoints, schstasks, screenshot, script, sddl, search, search live, security, security tls, server, servers, service, serving ip, setcookie geous, sfqh4dt74w0 url, sha256, shellexecuteexw, showing, show technique, siblings parent, site, slcc2, soc, software, sophisticated, spammer, span, spawns, ssl certificate, status code, stealer, stevens creek, stream, streaming, strings, summary, suspicious, t1031, t1096, T1622 - Debugger Evasion, tag count, tag tag, targeting, team, teams, teams api, temp, threat, threat analyzer, threat report, threat roundup, tld count, t-mobile, tofsee, tools, tor known, tor relayrouter, tracking, traffic, trojan, tsara brashears, ttl value, tulach, type indicator, ukhdaauqaaaaaac, unicode text, union, unique, united, united kingdom, unknown, unknown ns, url analysis, url http, url https, urls, urls https, url summary, usbank, v3 serial, validity, value, variables, verdict, vj87, vmware, watch, webp, whois record, whois ssl, whois whois, win32, win32tofsee, win32tofsee att, win64, windir, windows, windows nt, windstream communications llc, wow64, write, writeconsolew, wx99xcdx11, x82xd4, x86xd3, xa1xf1, xe8xc2x14, yara rule, zombie devices

  • View other sources: Spamhaus VirusTotal

  • Contained within other IP sets: coinbl_hosts, hphosts_ats, hphosts_emd, hphosts_fsa, hphosts_mmt, hphosts_psh, hphosts_wrz

  • Country: Netherlands
  • Network:
  • Noticed: 50 times
  • Protocols Attacked: SSH
  • Countries Attacked: Canada, Czechia, Denmark, Estonia, France, Germany, Latvia, Lithuania, Netherlands, Norway, Poland, Romania, Turkey, Ukraine, United Kingdom of Great Britain and Northern Ireland, United States of America
  • Passive DNS Results: uuh.ph rofg.ph npcs.ph wbc.ph breadpointbakeshop.com.ph upz.ph trd.ph os4.ph ni0.ph rwwestsidecity.com.ph ww5.o1.ph pej.ph gzq.ph posh.ph pool.ph mo2.ph launchprints.ph r41.ph gpk.ph knightsofrizal.org.ph amicuslex.ph gesm.ph explora.ph www-ssbet77.com.ph luxliss.com.ph tattooproject.com.ph thesugardealer.ph hellodoc.ph ilovevip.ph consensysblockchaincourses.ph siargaoproperty.ph bearcuddler.com.ph calyxta.ph vst-ecs.com.ph win1.ph immersion.com.ph merchant.ph 6pj.ph tds.ph ellana.com.ph jm1.ph h4d.ph was.ph oap.ph ska.ph it6.ph k9n.ph qsi.ph x8r.ph 50-jili.com.ph hyg.ph b6b822a0982b5df52c495e5f8368365ce6989241.ph zl9.ph datagen.ph q1f.ph tij.ph xrw.ph streamer.ph angeles2.com.ph macoyreyes.ph hearing.ph 8uw.ph fzg.ph fzp.ph hyc.ph dqv.ph omegle.ph guapo.ph o99.ph e0w.ph mwy.ph ckw.ph boxout.ph a5v.ph uqm.ph awrasafely.ph pominc.ph 7mx.ph r9z.ph dpy.ph lln.ph nem.ph yamiplay.ph northrail.com.ph n5f.ph grs.ph santafe.ph ww5.4ph.ph dej.ph qwi.ph idonails.ph 9et.ph tep.ph 0-j.ph hlz.ph idesialipa.com.ph 8ed.ph hitch.ph ikf.ph bj.ph dnk.ph adelas.ph fuv.ph bhx.ph tbk.ph mtk.ph fairyclean.ph slot8.ph p4i.ph ww5.naf.ph ovi.ph p1g.ph ly8.ph rc3.ph igorotscharmcafe.ph o9z.ph rule34.ph k58.ph qjhhkk.ph ns7.ph viontowers.com.ph sugpo.ph metreview.ph zmw.ph yogaforlife.ph gvt.ph ags.com.ph 2eb.ph 8pg.ph 6pf.ph 6jc.ph www.arai.ph ehealth4hepatitis.ph avocadoria.ph q4l.ph nhchomecare.com ihec.com.ph ww5.uu0.ph nr6.ph goegle.com.ph myco.ph homebuddies.ph aim.ph cou.ph vbx.ph g46.ph gqbarbershop.ph yanastore.ph floorball.org.ph joyauction.com ww5.4oe.ph z7r.ph 5jd.ph 51w.ph 57y.ph 2fc.ph 4bb.ph ww5.hpt.ph ww5.2jg.ph ww5.cng.ph ww5.cei.ph 4ew.ph ww5.phcash8.com.ph agx.com.ph ww5.drw.ph ww5.4br.ph aay.ph oe3.ph s35.ph had.ph 85r.ph ws.ph r49.ph b3n.ph 4nu.ph n69.ph 25v.ph kzw.ph secure.com.ph fora.pro ww5.anonib.ph ww5.hup.ph ww5.r6u.ph ww5.rh0.ph ww5.9kd.ph ww5.1vg.ph ww5.0v6.ph 98b.ph b7y.ph 5x5.ph ww5.r1y.ph ww5.7ei.ph aiq.ph bqw.ph ww5.k70.ph ww5.o93.ph ww5.wpp.ph ww5.nb4.ph 28k.ph 6xd.ph xbq.ph ww5.7a0.ph ww5.8oq.ph xiantasty.com ww5.g32.ph ww5.34p.ph ww5.tz9.ph ww5.c1i.ph 60b.ph 3vi.ph 43w.ph rushmoney.ph athenainstitute.ph allthingsbaby.com.ph ehome.ph vmallonline.ph okbet.ph gree-unitech.com.ph imawoman.ph canadcomputers.com ww5.0g2.ph evansvillecourierpress.com fat-titties.com freetoasthost.us glory-iptv.com ww5.rs4.ph yahhoo.in rarelust.org dialuxclub.com cec2aeb59ce74a933b249b838d5b182264cb6c83.ph der-anna-code.com ww5.0wn.ph 1uv.ph ph646.com.ph fllwedding.com bit.com.ph badbooksltd.com www.linda.ph linda.ph toa.ph 0k2.ph 0yf.ph kkq.ph l11.ph x6i.ph d0r.ph es3.ph iaz.ph 3p4.ph 9g6.ph qqw.ph rrt.ph n8t.ph 4gi.ph 9964hu.com 6v0.ph valleyfairwaysgolfcourse.com ww5.y10.ph 7p4.ph 2hx.ph ww5.uoz.ph ww5.fxe.ph ww5.tiw.ph 3t3.ph 4vy.ph z44.ph 2fp.ph ww5.0u9.ph oob.ph 39391117.com ww5.2nw.ph wholecatjournal.com niniye.com 49k.ph 1gt.ph ww5.3dn.ph ww5.z1u.ph c8e.ph 77k.ph 7xa.ph fhh.ph ww5.3wd.ph ww5.4wo.ph ww5.3gh.ph 0sn.ph zahistationtv.com fn8.ph 99n.ph bnx.ph 9va.ph bun.ph 7yo.ph 52u.ph imaginekind.com 0m8.ph ln0.ph ww5.3jq.ph model-castings.co.uk 03a.ph creditone.cc ww5.pa.ph dt.ph us.ph ve.ph ttk.ph eor.ph se5.ph ww12.maxiflex.com.ph waec2016.com aoz.ph 00p.ph rt1.ph los.ph www.vpn.fundspace.ph 8p3.ph gom.ph office-store.nl saveonsurplus.ph lvhd2.com thedesignersattic.com seede.cc bsrjc.com lacasablava.com xn–prednyam-95a.com tnregnet.in skinprints.net xiaomibacgiang.net jabinesflowershop.com.ph jingshuju.net dailyautoadvice.com 4rm.ph 3x1.ph rr.ph musclerhythm.com kayden420.com sbq.ph at4.ph businesstack.com 97q.ph 9k3.ph 8xj.ph 8u8.ph 9s2.ph 7tf.ph bxk.ph 92h.ph 1398live.net 6e3.ph sn9.ph 6wf.ph sbs.ph 8v3.ph b1w.ph 7qr.ph 9vo.ph ciq.ph pc4.ph 7vd.ph u2u.ph xjx.ph productio.ph immigration.com.ph gougle.com.ph ladyhethersfashions.com fblachina.org pistachiotoffee.com lldy44.com kuwanshou.com monogdb.com 9xu.ph z-8.ph bizarrovideo.com 8v0.ph mafaph.ph hombre.ph making.ph anzdremelcatalogue.com 4sd.ph p1.ph tq6.ph 8kc.ph n3h.ph 1j3.ph wqm.ph 0ut.ph uiz.ph ww5.rcammhc.org.ph v-giff.com autoramaservices.com 6bk.ph 6l7.ph 8i0.ph 6f6.ph 5fx.ph 6o7.ph 8oi.ph 4tj.ph 8f9.ph 5zm.ph 3sq.ph zeb.ph 5q6.ph 3vc.ph 57u.ph cnqualitygoods.com 07g.ph 4wk.ph z88.ph 47n.ph investmentfinder.ph ayalamalls.ph glance.com.ph r6g.ph axyy-filme.net 3es.ph streamingave.com 12w.ph r67.ph 3k7.ph 4ge.ph 0q2.ph 3pp.ph brevardartmuseum.org rv0.ph rnz.ph 0uj.ph tnu.ph 0ru.ph eportworks.com phillyvanman.com candid-city.com 9xfix.com mygdh1.com bulkaccounts.info activcommunities.com awwkar.com 0s6.ph wby.ph r9.ph oux.ph qvq.ph kvl.ph sng.ph 07v.ph l8y.ph hhc.ph qir.ph mariahcarey.lyricschords.net q9f.sm99.ph streetwheels.ph weazther.com himaya.ph daewoo.com.ph carlex.ph ww38.wthelpdesk.com shyjav.com 1.ns.ph ewioffers.com p2pover.com vegasbunnyrescue.org vidoza.me torrentqq79.com arrya.net d2armory.com tygras.com blogmaedeprimeiraviagem.com robberbaronscomedy.com musicgearguys.net livetv207.me akaracademy.com texaspropertycare.com twinksformoney.com wg2.tv sakshifarms.com manhaeim.com hotsatar.com tandoorichef.us ncelectricalgroup.com synolofy.com www.search-ftp.com momundo.se ribenfengsu.com wickeocampers.com optimalwellnesscryospa.com aakeys.com climbidy.com yt3s.com big10tens.com xeschool.com clinicakey.com saigaocy.org j2plan.com justseries.net xbjili.com.ph mig.ph ad411m.adk2.co ad370m.adk2.co americanexpress.com.tesdazambales.com.ph www.klvod.com ww16.0f461325bf56c3e1b9.com

Malware Detected on Host

Count: 170 573df17c323ca6e83d313d1fb1aaf9c0f1847cd4430a33130c72525c97283e89 020b61239ea0490401ce867c292cb6b9c7610f3fa73839f9d43dde39e12f3682 32d6fd6b8bbf60a7b8546eaca74312e8ade744de25ec470da386b145663a0cde 8425745996d556c78371b72a373cc3bd4bf272b946f1e3fd40d3adf86de720d7 378711d95b32dd64438d8270aac400e12430723a346329bd692c8e67618f51a7 5625c88c1a8312d065d0678f33ef7235b623c8a23115c63a40a4e895df49e8e5 508591582a32f940451d7fbdf39236b738b20f79a1c963c0e79a889dd4beb6bb bfda952216a36233c8b5f84295127aa1152d5c4764440f0b9f0e43382f05ea5c d3294d503765f17d3399cdb0234edbf7267b852ed2d3a4e2cda524edaebf7b51 4a688dc3cf4d413d6099161bce913c5865e79398ddfc4970ebef0968b78bb90e

Open Ports Detected

1022 443 53 80 8080 8444

Map

Whois Information

  • inetnum: 37.48.64.0 - 37.48.127.255
  • netname: NL-LEASEWEB-20120124
  • country: NL
  • org: ORG-OB3-RIPE
  • admin-c: lswn1-RIPE
  • tech-c: lswn1-RIPE
  • status: ALLOCATED PA
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: LEASEWEB-NL-MNT
  • mnt-lower: LEASEWEB-NL-MNT
  • mnt-domains: LEASEWEB-NL-MNT
  • mnt-routes: LEASEWEB-NL-MNT
  • created: 2012-01-24T10:32:05Z
  • last-modified: 2017-11-16T10:27:09Z
  • organisation: ORG-OB3-RIPE
  • org-name: LeaseWeb Netherlands B.V.
  • country: NL
  • org-type: LIR
  • address: Postbus 93054
  • address: 1090BB
  • address: Amsterdam
  • address: NETHERLANDS
  • phone: +31203162880
  • fax-no: +31203162890
  • admin-c: lswn1-RIPE
  • abuse-c: LWAD-RIPE
  • mnt-ref: RIPE-NCC-HM-MNT
  • mnt-ref: LEASEWEB-NL-MNT
  • mnt-by: RIPE-NCC-HM-MNT
  • mnt-by: LEASEWEB-NL-MNT
  • created: 2004-04-17T11:42:05Z
  • last-modified: 2020-12-16T12:49:01Z
  • role: Leaseweb NL NOC
  • address: Hessenbergweg 95, 1101 CX. Amsterdam
  • admin-c: SPW1-RIPE
  • nic-hdl: lswn1-RIPE
  • mnt-by: LEASEWEB-NL-MNT
  • created: 2017-11-16T10:05:00Z
  • last-modified: 2022-07-05T12:59:36Z
  • route: 37.48.64.0/18
  • descr: LEASEWEB
  • origin: AS60781
  • mnt-by: LEASEWEB-NL-MNT
  • created: 2014-03-10T13:15:47Z
  • last-modified: 2020-04-22T12:18:40Z

Links to attack logs

****** ****** ******

Share on: