64.98.145.30 Threat Intelligence and Host Information

General

This page contains threat intelligence information for the IPv4 address 64.98.145.30 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

Likely Malicious Host 🟠 70/100

Host and Network Information

• Mitre ATT&CK IDs: T1003 - OS Credential Dumping, T1105 - Ingress Tool Transfer, T1546 - Event Triggered Execution, T1566 - Phishing

• Tags: addresses, arrhdhwtbfu0jn, autoit, bazarloader, bbhbcxqrtxubn, bld8pmxrtbpub, bwlinlhdwt4p, bzl7notqhc, bzl7notqhc http, Christopher Pool, close, cofense, cofense phishme, compromise iocs, contact, demo, deploy phishing, domain names, download, email security, emotet, endpoint na, endpoint secure, glouglk8ftbp, https://www.virustotal.com/graph/g1c3f7a2e68ea4fb8a314bdf3925b31, iocs file, johnnie, json, kanaan, kknk6lwtrhh, kwi64h4pwvh, kwi6zfd0gnap, legal, lokibot, managed pdr, march, mikey, mitre att, na stealthwatch, nb1a1b0ljr58, occurrences ip, ofsdrvopzl, order, ouweuv1xjlmx, phishing, Pool’s Closed, professional, protect msp, qbot, quotation, quotation sheet, qxkkejehmp8p, registry keys, remcos, rpx7no4cht, rvjldgxl82y, ryuk, ryuk ransomware, see json, solutions, swisstransfer, szfircdl8l8ul2d, szfirdl8lhul2d, Timothy Pool, tofsee, tools, ttizzxl6ops, ukraine, upatre, ur0tvdix http, us federal, vrp4gfgtftbpsl, windows, worm, xixlh03dufwp, zbot, zeus

• View other sources: Spamhaus VirusTotal

• Contained within other IP sets: hphosts_ats, hphosts_emd, hphosts_fsa, hphosts_psh

• Country: Canada
• Network: AS32491 tucows.com co.
• Noticed: 1 times
• Protcols Attacked: SSH
• Countries Attacked: Switzerland, United States of America
• Passive DNS Results: pntg.com cloudcitycc.com gourmetive.org planedo.org suzukiakira.com vli-logis.tica.co vodovodem.com mailpalace.com 3080l.4murphys.live sharepoint.jefferyland.com labside.co.uk www.rcn.org esphome.local.raaps.net rss.local.raaps.net tang-institute.rygn.io bazarr.local.raaps.net ellysev.com investors-pr-19727.rockstonecap.com ETrFoODtRuCKs.BIz gREeN-ARChiTectS.BiZ GReEN-ARchitEcTure.bIz EHCO.bIz content-GeNesis.bIz NANO-dESIGNs.biz OPTICaLSwItChES.biZ lIthIumBattErY.BIz wwvic.com netnunes.com raaps.net radarr-4k.local.raaps.net oxfordbonepharm.org toddschultz.net investors-pr-19229.rockstonecap.com nvlab.me cocurrencies.com speaksster.com officelate.com prowlarr.local.raaps.net calibre.local.raaps.net calibre-desktop.local.raaps.net ramanretistudios.com postster.org identifiway.co.uk uptenancy.co.uk gearshouse.co.uk sleekatlas.org updigitals.co.uk naturelabel.org safertravel.co.uk namidafx.org radarr-standup.local.raaps.net tbpgp.net phoenixsemiconductor.net eduardodecastro.net edecastro.com investors-pr-18360.rockstonecap.com investors-pr-17919.rockstonecap.com investors-pr-17949.rockstonecap.com investors-pr-18110.rockstonecap.com investors-pr-18776.rockstonecap.com intelligentandsweet.com davidpurchaseart.com www.davidpurchaseart.com plex.local.raaps.net tautulli.local.raaps.net qbit.local.raaps.net portainer.local.raaps.net 2your-health.com www.2your-health.com emailcastle.com emaildrones.com rehabilitation24.com hcps.cdn.rygn.io prod-prometheus.hudsonmx.net concerted.tech voyagency.co.uk travellton.com charterbar.co.uk investifly.org coreilly6-lnx.coreilly.com docsana.com storyrow.co.uk teslamate.app.karamandi.ca pseudorandom.tech onnote.org airportio.co.uk eloperate.com shuttleset.co.uk inlectures.co.uk runsup.co.uk investors-pr-18514.rockstonecap.com lidarr.local.raaps.net 3080r.4murphys.live gratisview.io onlinedomainweb.com radarr.local.raaps.net twomenandatruckanderson-muncie.com transmission.local.raaps.net idemzastrea.com deconz.local.raaps.net konecnemamvousy.com garrettruskamp.com kingatcher.co.uk marwheel.co.uk bywhidby.co.uk polepole.co.uk aquatoy.co.uk escuelaeduonline.com mylaststand.co fuelmono.net qbittorrentvpn.local.raaps.net hobuy.com kupmidomenu.com massible.com argocd.hudsonmx.net willyougiveusatleastonehour.com mailbars.com myburgermail.com testnas.grs.engineering adguard.local.raaps.net rwol.local.raaps.net thebutchersbay.com solipuxese.life snadposlednitest.icu dns.app.karamandi.ca hereweare.work roigzauqykxuhtuvi.com gofreeweb.com gingergerbils.com emailsoul.com joybloomprint.com emailvisions.com leadwithstephany.com domainor2.site jackett.local.raaps.net ha.local.raaps.net poutqbhdg.live sonarr.local.raaps.net porcheisforkids.com bitvolley.com www.gallagherhvac.com wannaeatthat.com readarr.local.raaps.net leaves.house test.private.genericmed.org reviewsam.org processesset.com tradingity.com lapost.co.uk trekup.org inboxon.co.uk connectingairs.com astridsjourney.com updiscuss.org visitia.co.uk gofunction.org labudget.co.uk visitsify.com touringon.org rerailroad.com benefitio.org railwayla.com trainsmitia.com spotsla.com jetheap.com atclient.org minibusset.com isofeurope.com eddevelop.com savoyage.org workplacemax.com spotero.org karmamile.com emailsinc.co.uk inopress.co.uk labsium.co.uk emailmaps.co.uk explorefy.co.uk mailzen.co.uk mapsense.co.uk numberid.co.uk thrillhub.co.uk packcharm.co.uk wanderfit.co.uk safeacc.co.uk inboxdrop.co.uk gearfuel.co.uk techeable.co.uk enbackpack.co.uk planetcase.co.uk emailcrew.co.uk labsdesign.org packcentre.co.uk techgraphs.org solidinbox.org digitalates.org compassly.org gadgetport.org nomadish.org detourhub.org inboxshift.org nutrilix.org tripscape.org passportic.org tripella.org venturebliss.org profitspar.org voidexplore.org arcasflight.org books.fam-fa.net flightme.co.uk compzo.co.uk blog.d-str.cc mountainsnail.co.uk rainbowhaeven.co.uk bluewatterfall.co.uk wildowlfarm.co.uk contacteye.co.uk bytetarget.co.uk www.doveandbear.com thesunda.com phonena.com bcwra.org chancerewards.com diptard.com cpanel.share-file.org escort-modelle.com planeforward.com osirislight.com imnotdieting.com opnsense.solarity.ch ilikemyglasses.com jemuhodne.com ilikepowerhorse.com nenimunic.com pineforrest.com letimedosveta.com kedvesemjojjvelem.xyz mcrobertsmorgan.com jimcarryfanpage.com kewesekl.com jirikarafunpage.com pingmydomain.online kusyminexoer.wiki kivewykifyjitikwe.ink kehodiqudegumohumyfo.ink jindraselna.cafe omeyhiwout.ltd muhohebacabaco.wtf tylergress.com zeliezkovohni.net wiboxokahog.club wellplayedsoccer.com watermobiguru.com wdolonenulih.band vividemail.com kevinhchan.me vfeuaqihcut.ink thekandamail.com svartaskoc.com summeremail.com strongwindwins.icu stoneflinn.com springhillchip.com skinemail.com shiftemail.com sanjosewood.com handyemail.com ridomain.com www.flashfictionkitchen.com hienoponkofat.com grabthewin.info gimmebooking.com frankiesnuts.com fancyhotdog.com estateanubis.com englandcavaliers.com eneopauxidi.life emailga.com emailsilver.com emailmotors.com emailry.com emailice.com emailbags.com domainshoes.com ecariwhilowu.wiki dysioofevi.life domainkek.com domearivale.net domainwebmedia.com divineemail.com dartscompanyohio.com shanemorganhr.com cowmilkisgreat.com rainycloudysunny.club qacaciwxupoz.wiki postovnidomena.biz streaming.fam-fa.net choosenottochoose.net chairpolishing.com pma.app.karamandi.ca businesspeter.com bitcoinheap.com bentleyisdaway.com bennycorpo.com bealwayslate.com asuqusomava.life ballonmama.com baborad.info apophisspeak.com mysmeonline.work altaircorpus.com airfairpair.com interiordesignshowwest.com kvitle.net theartistproject.ca xn–li-9ia.com collabjet.org horizonpass.org profitpixie.org nuvehicle.org flyfinity.org tulipfield.co.uk crowskin.net munchkino.net dartblitz.org touchmove.org cragrock.org maraville.org miroal.org mottodeal.org doolian.org gamerpads.org glitchus.org gearpad.org mementoman.org ratchette.org opposal.org frugaldeal.org allorium.com aridgrove.com stickydrop.com skepterbone.com shiracave.com yohimba.com blastdex.com gatherl.com etherealdrop.com keystache.com keypapar.com healthwiz.app shotdart.com slabblad.com excelionist.co.uk monkeyo.org keykicker.org fligththeir.org mondbone.com vapourify.org www.coachdanika.com bucket.oceanlifeimages.com newsreportsme.com okoucho.com garlicbreath.co.uk tarrenpits.co.uk subtapture.co.uk craftsider.co.uk shywillow.co.uk westcoastheart.co.uk ciderbreeze.co.uk pnwholding.co.uk limpwurt.co.uk frealth.co.uk altawise.co.uk morytania.co.uk bookiez.co.uk scouthy.co.uk parkizia.co.uk swipejet.co.uk suttonacton.co.uk devonchester.co.uk carwashsplash.co.uk strideware.co.uk carltown.co.uk furrylove.co.uk imamentor.co.uk stonebkedpizza.co.uk saltfruitsalad.co.uk dirtypaw.co.uk sunreflectors.co.uk packmangame.co.uk mycodenames.co.uk stinkytuna.co.uk biblereading.co.uk ccooffee.co.uk redwineglass.co.uk herbsgarden.co.uk littlestatic.co.uk boiledpotato.co.uk travelring.co.uk trubicka.co.uk redleathersofa.co.uk habakuk.co.uk fitpregnancy.co.uk directbook.co.uk brocoli.co.uk mobilemirror.co.uk lightyellow.co.uk ananaspizza.co.uk crazedhouse.co.uk phonealpha.co.uk moneytraffic.co.uk tamcachcedomenu.com mendelcrew.net www.maliwi.com kouleweb.com mysanity.co infinityemail.co www.modern-ash.com modern-ash.com www.chantik-industries.com lapajdurko.com osoccipitale.com lordlovesu.com onearmfighters.com manualhard.com horseponnyriders.com loophoop7.com honeyplane.com packagedroids.com moneycobbs.com lynxcontact.com nonquantumaudio.com nondigitaltree.com magazineatomic.com multibulkdave.com olympicados.com johnbatterry.com pinkybrainstudios.com noteventwenty.com jirkakaraforever.com machinerybois.net jirkakaraforever.net irelandonitagain.icu meanbeanclean.icu nemamnechcemnevidim.xyz hrablekrhlaryl.shop nesahejnato.com jednamalakoalalala.net mammalystan.net hueydeweylouie.com pitahayovydzus.com kenttownboys.com leicestertownheroes.com newtandtoeblog.com morrisonlewy.com holdthecompany.co lorydihawy.wiki lsahatidar.wiki komeduzigrahe.site nygycuxkozy.live lvcydawemoohoqy.life lelapinestallepourunmarie.fun killbuugs.com necolevneho.club lyqiyvuxomowaky.band orbitdomainonline.com maklaforeverybody.com izyjygawexozamyr.tech hrajusisali.com ifyzyligubeny.work petrpanworld.com jirikarafanpage.co zasjedemebomby.xyz jirikarafanpage.com jirikaraforever.com myklvladce.com jirkakara.com jachcutakydomenu.com kekistanmail.com keweseklboi.com myvasudelame.com myolafdomain.com notrebelemail.com newstukaemail.com jonasemaildesign.com kvetinyshop.com myfialkadomain.com otaznikonline.com kedomain.com nonmaster.com mailtravels.com mailblogs.com panelemail.com mymyemail.com ojoridubetitolas.shop hyatesvucyceo.com nukgyxigapygejoix.co lyvawohapu.life izhiajiqysen.life

Malware Detected on Host

Count: 329 60d0cce487b135cd6d8c2ee01066215fedde843a1f12721750e4f1adfcccde9a 444785a229ad49a95ce3ac8e0b1e0485fb7dce76d521331397702cdfae648607 8ab36d13a7469aebd5752ee7ec5643d0e785d1c20e7435f98b43f316417d00e4 713dd9cedc37b42f8f8f7bd654a556a4376b8e8e2d918efd77713a8fe04ce4fa 417a8d88bbc213dcd5c9c850597c1e8985a220474079fe527388fc5333314611 c663442ba07c72d93cbf098eadfe1475b7bc470e361c1736ab2b457a57f2cf94 ec058403392b3777d938dfd092b169531b0aa89edb188b8bc7a1b9b0cafdccc3 1c954b67c62b161d839434243ebe4b9dfe2b790a91eb968ecbfbfae53a414e29 b695826ebfd171ddc5a1d86d2841daeada46702cfa0dff52ed03701d95d70076 3c745742070a4b26ec6dcb830936ac2b782880b36efca8a3b68b4381c8a055f8

Open Ports Detected

4949 80

CVEs Detected

CVE-2016-0742 CVE-2016-0746 CVE-2016-0747 CVE-2016-1247 CVE-2016-4450 CVE-2017-20005 CVE-2017-7529 CVE-2018-16845 CVE-2019-20372 CVE-2021-23017 CVE-2021-3618

Map

Whois Information

• NetRange: 64.98.0.0 - 64.99.255.255
• CIDR: 64.98.0.0/15
• NetName: TUCOWS-BLK2
• NetHandle: NET-64-98-0-0-1
• Parent: NET64 (NET-64-0-0-0-0)
• NetType: Direct Allocation
• OriginAS: AS15348, AS32491, AS394308
• Organization: Tucows.com Co. (TUCOW)
• RegDate: 2000-05-18
• Updated: 2022-02-11
• Comment: Geofeed https://geoip.tingfiber.net/tf-geofeed.csv
• Ref: https://rdap.arin.net/registry/ip/64.98.0.0
• OrgName: Tucows.com Co.
• OrgId: TUCOW
• Address: 96 Mowat Avenue
• City: Toronto
• StateProv: ON
• PostalCode: M6K-3M1
• Country: CA
• RegDate: 2006-02-07
• Updated: 2023-08-31
• Ref: https://rdap.arin.net/registry/entity/TUCOW
• OrgTechHandle: HALAS9-ARIN
• OrgTechName: Halassy-Creamer, Joshua
• OrgTechPhone: +1-416-688-3687
• OrgTechEmail: jhalassycreamer@tucowsinc.com
• OrgTechRef: https://rdap.arin.net/registry/entity/HALAS9-ARIN
• OrgTechHandle: LEVYR7-ARIN
• OrgTechName: Levy, Reg
• OrgTechPhone: +1-323-880-0831
• OrgTechEmail: rlevy@tucows.com
• OrgTechRef: https://rdap.arin.net/registry/entity/LEVYR7-ARIN
• OrgTechHandle: ZAMBR10-ARIN
• OrgTechName: Zambrano, Manuel
• OrgTechPhone: +1-949-706-2300
• OrgTechEmail: mzambrano@tucows.com
• OrgTechRef: https://rdap.arin.net/registry/entity/ZAMBR10-ARIN
• OrgTechHandle: LEHEU-ARIN
• OrgTechName: Le Heux, Alex
• OrgTechPhone: +1-416-535-0123
• OrgTechEmail: aleheux@tucowsinc.com
• OrgTechRef: https://rdap.arin.net/registry/entity/LEHEU-ARIN
• OrgTechHandle: NOC2038-ARIN
• OrgTechName: Network Operations Center
• OrgTechPhone: +1-416-535-0123
• OrgTechEmail: arin-maint@tucows.com
• OrgTechRef: https://rdap.arin.net/registry/entity/NOC2038-ARIN
• OrgTechHandle: LEEKE55-ARIN
• OrgTechName: Lee, Kevin
• OrgTechPhone: +1-416-535-0123
• OrgTechEmail: klee@tucows.com
• OrgTechRef: https://rdap.arin.net/registry/entity/LEEKE55-ARIN
• OrgNOCHandle: NOC12422-ARIN
• OrgNOCName: Network Operations Center
• OrgNOCPhone: +1-416-535-0123
• OrgNOCEmail: arin-noc@tucows.com
• OrgNOCRef: https://rdap.arin.net/registry/entity/NOC12422-ARIN
• OrgTechHandle: OPERA26-ARIN
• OrgTechName: Operations Team
• OrgTechPhone: +1-416-535-0123
• OrgTechEmail: dnstech@tucows.com
• OrgTechRef: https://rdap.arin.net/registry/entity/OPERA26-ARIN
• OrgTechHandle: VERME5-ARIN
• OrgTechName: Vermeer, Arnoud
• OrgTechPhone: +1-416-535-0123
• OrgTechEmail: avermeer@tucows.com
• OrgTechRef: https://rdap.arin.net/registry/entity/VERME5-ARIN
• OrgTechHandle: FJO19-ARIN
• OrgTechName: Obispo, Francisco Jose
• OrgTechPhone: +1-949-706-2300
• OrgTechEmail: fobispo@tucows.com
• OrgTechRef: https://rdap.arin.net/registry/entity/FJO19-ARIN
• OrgTechHandle: DIACO-ARIN
• OrgTechName: Diaconita, Dragos
• OrgTechPhone: +1-416-535-0123
• OrgTechEmail: ddiaconita@tucows.com
• OrgTechRef: https://rdap.arin.net/registry/entity/DIACO-ARIN
• OrgAbuseHandle: AST147-ARIN
• OrgAbuseName: Abuse Security Team
• OrgAbusePhone: +1-416-535-0123
• OrgAbuseEmail: arin-abuse@tucows.com
• OrgAbuseRef: https://rdap.arin.net/registry/entity/AST147-ARIN
• OrgTechHandle: SCURT4-ARIN
• OrgTechName: Scurt, Matei
• OrgTechPhone: +1-919-753-4126
• OrgTechEmail: mscurt@ting.com
• OrgTechRef: https://rdap.arin.net/registry/entity/SCURT4-ARIN
• OrgTechHandle: GIDOF-ARIN
• OrgTechName: Gidofalvy, Gordon
• OrgTechPhone: +1-416-535-0123
• OrgTechEmail: ggidofalvy@tucowsinc.com
• OrgTechRef: https://rdap.arin.net/registry/entity/GIDOF-ARIN
• RNOCHandle: NOC12422-ARIN
• RNOCName: Network Operations Center
• RNOCPhone: +1-416-535-0123
• RNOCEmail: arin-noc@tucows.com
• RNOCRef: https://rdap.arin.net/registry/entity/NOC12422-ARIN
• RTechHandle: DIACO-ARIN
• RTechName: Diaconita, Dragos
• RTechPhone: +1-416-535-0123
• RTechEmail: ddiaconita@tucows.com
• RTechRef: https://rdap.arin.net/registry/entity/DIACO-ARIN
• RTechHandle: OPERA26-ARIN
• RTechName: Operations Team
• RTechPhone: +1-416-535-0123
• RTechEmail: dnstech@tucows.com
• RTechRef: https://rdap.arin.net/registry/entity/OPERA26-ARIN
• RAbuseHandle: AST147-ARIN
• RAbuseName: Abuse Security Team
• RAbusePhone: +1-416-535-0123
• RAbuseEmail: arin-abuse@tucows.com
• RAbuseRef: https://rdap.arin.net/registry/entity/AST147-ARIN

Links to attack logs

****** ****** ******