IP Address: 134.209.29.73Previously Malicious
IP Address: 134.209.29.73Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Outgoing Connection Successful SSH Login SSH Access Suspicious Domain New SSH Key Download and Execute |
Associated Attack Servers |
18.214.132.216 23.223.159.192 37.56.66.158 39.105.175.226 39.178.129.154 46.101.101.24 47.101.192.165 47.102.103.5 47.102.195.168 49.235.136.220 49.235.172.144 58.209.253.169 61.147.109.203 66.171.248.178 68.183.183.187 101.132.172.189 103.27.42.46 103.40.48.219 103.77.166.38 103.230.240.110 106.2.1.241 106.12.21.231 106.12.29.87 106.13.65.237 106.54.218.3 107.161.27.33 111.229.53.39 116.202.244.153 117.73.8.17 118.25.193.16 |
IP Address |
134.209.29.73 |
|
Domain |
- |
|
ISP |
Digital Ocean |
|
Country |
United Kingdom |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-04 |
Last seen in Akamai Guardicore Segmentation |
2020-05-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
The file /usr/bin/aoicxh was downloaded and executed 45 times |
Download and Execute |
Process /usr/bin/aoicxh generated outgoing network traffic to: 1.1.1.1:53, 101.132.172.189:45419, 103.230.240.110:45547, 103.27.42.46:36673, 103.40.48.219:46598, 103.77.166.38:44503, 106.12.21.231:34059, 106.12.29.87:39672, 106.13.65.237:42996, 106.2.1.241:42117, 106.54.218.3:44787, 107.161.27.33:37384, 111.229.53.39:41106, 116.202.244.153:80, 117.73.8.17:36397, 118.25.193.16:42927, 120.77.244.64:39016, 121.36.18.182:34305, 121.43.40.121:40368, 122.51.138.77:35400, 122.51.68.129:35571, 122.51.68.129:46309, 123.206.201.67:37098, 123.207.3.213:35391, 176.58.123.25:80, 18.214.132.216:80, 180.101.226.149:56217, 185.193.38.221:34983, 193.112.127.90:42036, 206.81.5.154:8000, 208.67.222.222:443, 211.23.131.134:33838, 216.239.32.21:80, 216.239.34.21:80, 23.223.159.192:80, 37.56.66.158:50355, 39.105.175.226:16440, 39.178.129.154:32251, 46.101.101.24:37951, 47.101.192.165:38404, 47.102.103.5:32948, 47.102.195.168:35870, 49.235.136.220:36437, 49.235.172.144:44700, 58.209.253.169:44728, 61.147.109.203:60229, 66.171.248.178:80 and 68.183.183.187:37692 |
Outgoing Connection |
Process /usr/bin/aoicxh attempted to access suspicious domains: hwclouds-dns.com, hybs-pro.net, icanhazip.com and one.one |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|
An attempt to download /root/.ssh/authorized_keys was made 25 times |
New SSH Key |