IP Address: 99.30.230.146Previously Malicious
IP Address: 99.30.230.146Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan SSH SCP Port 80 Scan Port 8080 Scan Superuser Operation Successful SSH Login Download and Execute Download File |
Associated Attack Servers |
120.224.34.31 123.132.238.210 124.223.14.100 125.161.27.96 161.70.98.32 172.64.110.32 172.64.111.32 |
IP Address |
99.30.230.146 |
|
Domain |
- |
|
ISP |
AT&T Internet Services |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-02 |
Last seen in Akamai Guardicore Segmentation |
2022-10-14 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
System file /etc/ifconfig was modified 9 times |
System File Modification |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
System file /etc/apache2 was modified 4 times |
System File Modification |
Process /etc/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
The file /etc/apache2 was downloaded and executed 174 times |
Download and Execute |
Process /etc/ifconfig generated outgoing network traffic to: 103.105.12.48:1234, 103.90.177.102:1234, 104.225.214.125:80, 104.225.214.125:8080, 116.91.182.157:80, 116.91.182.157:8080, 120.236.79.182:1234, 121.135.226.28:80, 123.132.238.210:1234, 124.223.14.100:1234, 124.82.106.90:80, 124.82.106.90:8080, 139.209.222.134:1234, 147.182.233.56:1234, 150.152.238.49:80, 150.152.238.49:8080, 158.148.140.241:80, 158.148.140.241:8080, 161.107.113.27:1234, 161.107.113.34:1234, 161.35.79.199:1234, 163.8.197.227:80, 163.8.197.227:8080, 165.98.128.5:80, 165.98.128.5:8080, 172.64.110.32:443, 172.64.111.32:443, 176.94.104.200:80, 176.94.104.200:8080, 179.203.242.243:80, 179.203.242.243:8080, 18.219.200.102:80, 18.219.200.102:8080, 185.210.144.122:1234, 185.83.18.144:80, 185.83.18.144:8080, 190.60.239.44:1234, 191.242.182.210:1234, 2.179.130.3:80, 2.179.130.3:8080, 20.141.185.205:1234, 202.42.55.15:80, 202.42.55.15:8080, 206.189.25.255:1234, 209.216.177.238:1234, 210.99.20.194:1234, 220.243.148.80:1234, 222.121.63.87:1234, 223.171.91.191:1234, 245.250.124.7:80, 245.250.124.7:8080, 251.166.139.100:80, 251.166.139.100:8080, 252.6.5.137:80, 252.6.5.137:8080, 29.52.30.236:80, 29.52.30.236:8080, 36.99.123.57:80, 36.99.123.57:8080, 37.237.96.78:80, 37.237.96.78:8080, 41.248.139.141:80, 41.248.139.141:8080, 43.55.147.185:80, 43.55.147.185:8080, 49.233.159.222:1234, 50.165.214.209:80, 50.165.214.209:8080, 51.75.146.174:443, 59.23.64.96:80, 59.23.64.96:8080, 61.124.111.154:80, 61.124.111.154:8080, 61.77.105.219:1234, 62.12.106.5:1234, 70.158.117.144:80, 70.158.117.144:8080, 71.12.137.156:80, 71.12.137.156:8080, 71.202.226.104:80, 71.202.226.104:8080, 8.88.171.77:80, 80.147.162.151:1234, 83.93.171.103:80, 83.93.171.103:8080, 93.179.171.171:80, 93.179.171.171:8080, 95.209.110.57:80 and 95.209.110.57:8080 |
Outgoing Connection |
Process /etc/ifconfig started listening on ports: 1234, 8089 and 8182 |
Listening |
Process /etc/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|
/var/tmp/ifconfig |
SHA256: 2aacc3f6c14a2bd120ce9f7cab7af1f4d3e207bea33d56f02a14f75613a7930c |
786432 bytes |
/var/tmp/ifconfig |
SHA256: 63ce5e408bc30df5efb4e48cb2e893e84b58da0ea31d834ce11db915f0dfaba2 |
32768 bytes |
/var/tmp/ifconfig |
SHA256: 861921d16b4f8870dda3d79aecaa828b713b8e41b29ec977aca10c236356144e |
1507328 bytes |
/var/tmp/ifconfig |
SHA256: 915f410de5799b81704f3695d8aa38d5da78b01b60cea17d3e0c3f162f9b0e9b |
1802240 bytes |
/var/tmp/ifconfig |
SHA256: 9516639b92dfb73072de6c5220e3ee130547680b8870c9288eccd928de847e35 |
2883584 bytes |
/var/tmp/ifconfig |
SHA256: b3b7551f344bdc4021e89ae74961531531a7dedf23e7b2d0364e21d052271ae2 |
1114112 bytes |
/var/tmp/ifconfig |
SHA256: bf9553be0290bc2603b057d3daa41cbcc7f761941ff5519b7d441abe836ec046 |
2457600 bytes |