64.99.64.37 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 64.99.64.37 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🔴 High Risk — 83/100

Geographic Location

Host and Network Information

  • View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
  • Country: Canada
  • Noticed: 4 times
  • Protocols Attacked: SSH
  • Open Ports: 80
  • Tor Node: No
  • Associated Malware Samples: 7

Tags

  • auto-generated security
  • command
  • control
  • ta0002
  • ta0003
  • ta0005
  • ta0006
  • ta0007
  • ta0008
  • ta0011
  • ta0043

MITRE ATT&CK TTPs

  • T1003 - OS Credential Dumping
  • T1082 - System Information Discovery
  • T1083 - File and Directory Discovery
  • T1087 - Account Discovery
  • T1102 - Web Service
  • T1105 - Ingress Tool Transfer
  • T1110 - Brute Force
  • T1203 - Exploitation for Client Execution
  • T1204 - User Execution
  • T1210 - Exploitation of Remote Services
  • T1211 - Exploitation for Defense Evasion
  • T1212 - Exploitation for Credential Access
  • T1213 - Data from Information Repositories
  • T1214 - Credentials in Registry
  • T1518 - Software Discovery
  • T1519 - Emond
  • T1542 - Pre-OS Boot
  • T1543 - Create or Modify System Process
  • T1546 - Event Triggered Execution
  • T1547 - Boot or Logon Autostart Execution
  • T1548 - Abuse Elevation Control Mechanism
  • T1550 - Use Alternate Authentication Material
  • T1552 - Unsecured Credentials
  • T1553 - Subvert Trust Controls
  • T1555 - Credentials from Password Stores
  • T1557 - Man-in-the-Middle
  • T1562 - Impair Defenses
  • T1564 - Hide Artifacts
  • T1565 - Data Manipulation
  • T1566 - Phishing
  • T1567 - Exfiltration Over Web Service
  • T1568 - Dynamic Resolution
  • T1571 - Non-Standard Port

Associated CVEs

  • CVE-2006-20001

Passive DNS

  • yapmabuildtech.com

Attack Log References

Whois Information

NetRange: 64.98.0.0 - 64.99.255.255 CIDR: 64.98.0.0/15 NetName: TUCOWS-BLK2 NetHandle: NET-64-98-0-0-1 Parent: NET64 (NET-64-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Tucows.com Co. (TUCOW) RegDate: 2000-05-18 Updated: 2022-02-11 Comment: Geofeed https://geoip.tingfiber.net/tf-geofeed.csv Ref: https://rdap.arin.net/registry/ip/64.98.0.0 OrgName: Tucows.com Co. OrgId: TUCOW Address: 96 Mowat Avenue City: Toronto StateProv: ON PostalCode: M6K-3M1 Country: CA RegDate: 2006-02-07 Updated: 2025-10-14 Ref: https://rdap.arin.net/registry/entity/TUCOW OrgTechHandle: LEVYR7-ARIN OrgTechName: Levy, Reg OrgTechPhone: +1-323-880-0831 OrgTechEmail: rlevy@tucows.com OrgTechRef: https://rdap.arin.net/registry/entity/LEVYR7-ARIN OrgTechHandle: ZAMBR10-ARIN OrgTechName: Zambrano, Manuel OrgTechPhone: +1-949-706-2300 OrgTechEmail: mzambrano@tucows.com OrgTechRef: https://rdap.arin.net/registry/entity/ZAMBR10-ARIN OrgTechHandle: OPERA26-ARIN OrgTechName: Operations Team OrgTechPhone: +1-416-531-5584 OrgTechEmail: dnstech@tucows.com OrgTechRef: https://rdap.arin.net/registry/entity/OPERA26-ARIN OrgTechHandle: FJO19-ARIN OrgTechName: Obispo, Francisco Jose OrgTechPhone: +1-949-706-2300 OrgTechEmail: francisco@unr.com OrgTechRef: https://rdap.arin.net/registry/entity/FJO19-ARIN OrgTechHandle: DIACO-ARIN OrgTechName: Diaconita, Dragos OrgTechPhone: +1-416-535-0123 OrgTechEmail: ddiaconita@tucows.com OrgTechRef: https://rdap.arin.net/registry/entity/DIACO-ARIN OrgTechHandle: HALAS9-ARIN OrgTechName: Halassy-Creamer, Joshua OrgTechPhone: +1-416-535-0123 OrgTechEmail: jhalassycreamer@tucowsinc.com OrgTechRef: https://rdap.arin.net/registry/entity/HALAS9-ARIN OrgTechHandle: NOC2038-ARIN OrgTechName: Network Operations Center OrgTechPhone: +1-416-535-0123 OrgTechEmail: arin-maint@tucows.com OrgTechRef: https://rdap.arin.net/registry/entity/NOC2038-ARIN OrgNOCHandle: NOC12422-ARIN OrgNOCName: Network Operations Center OrgNOCPhone: +1-416-531-5584 OrgNOCEmail: arin-noc@tucows.com OrgNOCRef: https://rdap.arin.net/registry/entity/NOC12422-ARIN OrgTechHandle: LEEKE55-ARIN OrgTechName: Lee, Kevin OrgTechPhone: +1-416-535-0123 OrgTechEmail: klee@tucows.com OrgTechRef: https://rdap.arin.net/registry/entity/LEEKE55-ARIN OrgAbuseHandle: AST147-ARIN OrgAbuseName: Abuse Security Team OrgAbusePhone: +1-416-531-5584 OrgAbuseEmail: arin-abuse@tucows.com OrgAbuseRef: https://rdap.arin.net/registry/entity/AST147-ARIN RAbuseHandle: AST147-ARIN RAbuseName: Abuse Security Team RAbusePhone: +1-416-531-5584 RAbuseEmail: arin-abuse@tucows.com RAbuseRef: https://rdap.arin.net/registry/entity/AST147-ARIN RTechHandle: OPERA26-ARIN RTechName: Operations Team RTechPhone: +1-416-531-5584 RTechEmail: dnstech@tucows.com RTechRef: https://rdap.arin.net/registry/entity/OPERA26-ARIN RNOCHandle: NOC12422-ARIN RNOCName: Network Operations Center RNOCPhone: +1-416-531-5584 RNOCEmail: arin-noc@tucows.com RNOCRef: https://rdap.arin.net/registry/entity/NOC12422-ARIN RTechHandle: DIACO-ARIN RTechName: Diaconita, Dragos RTechPhone: +1-416-535-0123 RTechEmail: ddiaconita@tucows.com RTechRef: https://rdap.arin.net/registry/entity/DIACO-ARIN