34.98.99.30 Threat Intelligence and Host Information

ipinfopage

General

This page contains threat intelligence information for the IPv4 address 34.98.99.30 and was generated either as a result of observed malicious activity or as an information gathering exercise to assist with enrichment of security events and context. All information is gathered passively through aggregation of public sources, or observations through activity upon honeynets. The host score is calculated through a series of statistically weighted values and machine learning which takes into account metadata such as host information, frequency, volume and global distribution of malicious activity, association with other known malicious hosts or networks, proxying or anonymising behaviour such as with tor exit nodes, residential proxies or VPN services, and many other attributes. These values are historical and indicative only - and should not be taken to be an accurate representation of the users, businesses or networks in which they reside.

🔴 High Risk — 75/100

Geographic Location

Host and Network Information

View other sources: Spamhaus VirusTotal Shodan AbuseIPDB
Country: United States
Noticed: 50 times
Protocols Attacked: SSH
Countries Attacked: Anguilla, Aruba, Australia, Bahamas, Barbados, Canada, Cayman Islands, Costa Rica, Curaçao, Czechia, Denmark, Estonia, France, Georgia, Germany, Guatemala, Japan, Kazakhstan, Kyrgyzstan, Latvia, Lithuania, Mexico, Netherlands, Norway, Panama, Philippines, Poland, Romania, Russian Federation, Saint Kitts and Nevis, Saint Martin (French part), Saint Vincent and the Grenadines, Sint Maarten (Dutch part), Spain, Tajikistan, Tanzania United Republic of, Trinidad and Tobago, Turkey, Ukraine, United Arab Emirates, United Kingdom of Great Britain and Northern Ireland, United States of America, Uzbekistan, Virgin Islands British
Open Ports: 443, 80
Tor Node: No
Associated Malware Samples: 8213

MITRE ATT&CK TTPs

T1003 - OS Credential Dumping
T1005 - Data from Local System
T1012 - Query Registry
T1014 - Rootkit
T1018 - Remote System Discovery
T1021 - Remote Services
T1027 - Obfuscated Files or Information
T1030 - Data Transfer Size Limits
T1031 - Modify Existing Service
T1035 - Service Execution
T1036.004 - Masquerade Task or Service
T1036 - Masquerading
T1040 - Network Sniffing
T1041 - Exfiltration Over C2 Channel
T1043 - Commonly Used Port
T1045 - Software Packing
T1047 - Windows Management Instrumentation
T1049 - System Network Connections Discovery
T1053 - Scheduled Task/Job
T1055.012 - Process Hollowing
T1055 - Process Injection
T1056.001 - Keylogging
T1056 - Input Capture
T1057 - Process Discovery
T1059.002 - AppleScript
T1059.005 - Visual Basic
T1059.006 - Python
T1059.007 - JavaScript
T1059 - Command and Scripting Interpreter
T1060 - Registry Run Keys / Startup Folder
T1063 - Security Software Discovery
T1068 - Exploitation for Privilege Escalation
T1070 - Indicator Removal on Host
T1071.001 - Web Protocols
T1071.002 - File Transfer Protocols
T1071.003 - Mail Protocols
T1071.004 - DNS
T1071 - Application Layer Protocol
T1081 - Credentials in Files
T1082 - System Information Discovery
T1083 - File and Directory Discovery
T1089 - Disabling Security Tools
T1090 - Proxy
T1091 - Replication Through Removable Media
T1095 - Non-Application Layer Protocol
T1096 - NTFS File Attributes
T1100 - Web Shell
T1102 - Web Service
T1104 - Multi-Stage Channels
T1105 - Ingress Tool Transfer
T1106 - Native API
T1107 - File Deletion
T1110.002 - Password Cracking
T1110 - Brute Force
T1111 - Two-Factor Authentication Interception
T1112 - Modify Registry
T1113 - Screen Capture
T1114.001 - Local Email Collection
T1114 - Email Collection
T1119 - Automated Collection
T1122 - Component Object Model Hijacking
T1123 - Audio Capture
T1125 - Video Capture
T1129 - Shared Modules
T1132 - Data Encoding
T1140 - Deobfuscate/Decode Files or Information
T1143 - Hidden Window
T1155 - AppleScript
T1156 - Malicious Shell Modification
T1158 - Hidden Files and Directories
T1173 - Dynamic Data Exchange
T1176 - Browser Extensions
T1179 - Hooking
T1185 - Man in the Browser
T1189 - Drive-by Compromise
T1203 - Exploitation for Client Execution
T1204.001 - Malicious Link
T1204.002 - Malicious File
T1204.003 - Malicious Image
T1210 - Exploitation of Remote Services
T1222 - File and Directory Permissions Modification
T1410 - Network Traffic Capture or Redirection
T1415 - URL Scheme Hijacking
T1423 - Network Service Scanning
T1427 - Attack PC via USB Connection
T1444 - Masquerade as Legitimate Application
T1445 - Abuse of iOS Enterprise App Signing Key
T1447 - Delete Device Data
T1449 - Exploit SS7 to Redirect Phone Calls/SMS
T1450 - Exploit SS7 to Track Device Location
T1453 - Abuse Accessibility Features
T1457 - Malicious Media Content
T1472 - Generate Fraudulent Advertising Revenue
T1485 - Data Destruction
T1491 - Defacement
T1496 - Resource Hijacking
T1497.001 - System Checks
T1497 - Virtualization/Sandbox Evasion
T1505.001 - SQL Stored Procedures
T1512 - Capture Camera
T1518.001 - Security Software Discovery
T1518 - Software Discovery
T1523 - Evade Analysis Environment
T1543 - Create or Modify System Process
T1547.001 - Registry Run Keys / Startup Folder
T1547 - Boot or Logon Autostart Execution
T1552.001 - Credentials In Files
T1552 - Unsecured Credentials
T1553.002 - Code Signing
T1553 - Subvert Trust Controls
T1555.003 - Credentials from Web Browsers
T1555 - Credentials from Password Stores
T1560 - Archive Collected Data
T1562.003 - Impair Command History Logging
T1563 - Remote Service Session Hijacking
T1564 - Hide Artifacts
T1566 - Phishing
T1568.002 - Domain Generation Algorithms
T1568 - Dynamic Resolution
T1569 - System Services
T1573 - Encrypted Channel
T1574.006 - Dynamic Linker Hijacking
T1574 - Hijack Execution Flow
T1578.003 - Delete Cloud Instance
T1583.001 - Domains
T1583.004 - Server
T1583.005 - Botnet
T1583 - Acquire Infrastructure
T1588.001 - Malware
T1595 - Active Scanning
T1598 - Phishing for Information
T1602.002 - Network Device Configuration Dump
T1605 - Command-Line Interface
T1610 - Deploy Container
TA0003 - Persistence
TA0004 - Privilege Escalation
TA0005 - Defense Evasion
TA0006 - Credential Access
TA0007 - Discovery
TA0009 - Collection
TA0011 - Command and Control
TA0034 - Impact
TA0037 - Command and Control
TA0040 - Impact

Passive DNS

jupiterminingcraft.com

Attack Log References

Whois Information

NetRange: 34.64.0.0 - 34.127.255.255 CIDR: 34.64.0.0/10 NetName: GOOGL-2 NetHandle: NET-34-64-0-0-1 Parent: NET34 (NET-34-0-0-0-0) NetType: Direct Allocation OriginAS: Organization: Google LLC (GOOGL-2) RegDate: 2018-09-28 Updated: 2018-09-28 Ref: https://rdap.arin.net/registry/ip/34.64.0.0 OrgName: Google LLC OrgId: GOOGL-2 Address: 1600 Amphitheatre Parkway City: Mountain View StateProv: CA PostalCode: 94043 Country: US RegDate: 2006-09-29 Updated: 2019-11-01 Comment: *** The IP addresses under this Org-ID are in use by Google Cloud customers *** Comment: Comment: Direct all copyright and legal complaints to Comment: https://support.google.com/legal/go/report Comment: Comment: Direct all spam and abuse complaints to Comment: https://support.google.com/code/go/gce_abuse_report Comment: Comment: For fastest response, use the relevant forms above. Comment: Comment: Complaints can also be sent to the GC Abuse desk Comment: (google-cloud-compliance@google.com) Comment: but may have longer turnaround times. Comment: Comment: Complaints sent to any other POC will be ignored. Ref: https://rdap.arin.net/registry/entity/GOOGL-2 OrgAbuseHandle: GCABU-ARIN OrgAbuseName: GC Abuse OrgAbusePhone: +1-650-253-0000 OrgAbuseEmail: google-cloud-compliance@google.com OrgAbuseRef: https://rdap.arin.net/registry/entity/GCABU-ARIN OrgTechHandle: ZG39-ARIN OrgTechName: Google LLC OrgTechPhone: +1-650-253-0000 OrgTechEmail: arin-contact@google.com OrgTechRef: https://rdap.arin.net/registry/entity/ZG39-ARIN OrgNOCHandle: GCABU-ARIN OrgNOCName: GC Abuse OrgNOCPhone: +1-650-253-0000 OrgNOCEmail: google-cloud-compliance@google.com OrgNOCRef: https://rdap.arin.net/registry/entity/GCABU-ARIN