IP Address: 34.87.22.121Previously Malicious
IP Address: 34.87.22.121Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
2.46.94.180 12.153.175.66 17.157.13.94 26.224.126.152 47.112.205.162 65.177.186.107 82.157.127.47 85.105.82.39 89.127.146.49 95.154.21.210 110.42.173.235 114.123.122.151 133.231.86.139 145.197.89.38 146.56.115.54 166.212.207.206 195.162.180.82 207.25.73.144 215.24.97.181 216.219.13.33 241.251.183.97 248.121.150.157 |
IP Address |
34.87.22.121 |
|
Domain |
- |
|
ISP |
Google Cloud |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-26 |
Last seen in Akamai Guardicore Segmentation |
2022-03-27 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 102.71.9.48:80, 102.71.9.48:8080, 104.21.25.86:443, 108.37.116.177:80, 108.37.116.177:8080, 110.42.173.235:1234, 114.123.122.151:2222, 117.11.105.96:80, 117.11.105.96:8080, 118.134.194.99:80, 118.134.194.99:8080, 12.153.175.66:22, 123.242.26.203:80, 123.242.26.203:8080, 124.251.148.50:80, 124.251.148.50:8080, 131.4.34.108:80, 131.4.34.108:8080, 132.245.161.64:80, 132.245.161.64:8080, 133.231.86.139:22, 136.65.56.179:80, 136.65.56.179:8080, 145.197.89.38:22, 146.56.115.54:1234, 15.8.162.59:80, 15.8.162.59:8080, 150.121.134.119:80, 150.121.134.119:8080, 151.226.123.162:80, 151.226.123.162:8080, 155.78.178.116:80, 155.78.178.116:8080, 166.212.207.206:2222, 17.157.13.94:22, 171.100.1.166:80, 171.100.1.166:8080, 172.67.133.228:443, 176.235.81.57:80, 176.235.81.57:8080, 190.161.174.153:80, 190.161.174.153:8080, 195.162.180.82:1234, 2.46.94.180:22, 200.195.26.96:80, 200.195.26.96:8080, 207.25.73.144:2222, 215.24.97.181:2222, 216.219.13.33:2222, 241.251.183.97:22, 247.207.20.80:80, 247.207.20.80:8080, 248.121.150.157:2222, 26.218.176.6:80, 26.218.176.6:8080, 26.224.126.152:2222, 28.208.17.105:80, 28.208.17.105:8080, 37.211.1.229:80, 37.211.1.229:8080, 38.188.71.170:80, 38.188.71.170:8080, 41.227.197.226:80, 41.227.197.226:8080, 45.109.95.136:80, 45.109.95.136:8080, 47.112.205.162:1234, 50.158.32.143:80, 50.158.32.143:8080, 51.75.146.174:443, 65.177.186.107:22, 68.33.94.213:80, 68.33.94.213:8080, 74.24.186.36:80, 74.24.186.36:8080, 74.38.240.151:80, 74.38.240.151:8080, 74.77.183.35:80, 74.77.183.35:8080, 77.68.108.166:80, 77.68.108.166:8080, 82.157.127.47:1234, 85.105.82.39:1234, 87.14.2.7:80, 87.14.2.7:8080, 89.127.146.49:22, 91.77.124.158:80, 91.77.124.158:8080 and 95.154.21.210:1234 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8088 and 8185 |
Listening |
Process /dev/shm/ifconfig attempted to access suspicious domains: invalid, networktel.net and sefiber.dk |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|