IP Address: 3.91.21.110Previously Malicious
IP Address: 3.91.21.110Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
3.91.21.110 |
|
Domain |
- |
|
ISP |
Amazon.com |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-26 |
Last seen in Akamai Guardicore Segmentation |
2022-04-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 1.25.229.104:80, 1.25.229.104:8080, 102.24.50.248:80, 102.24.50.248:8080, 104.248.34.146:1234, 106.107.124.233:80, 106.107.124.233:8080, 111.53.11.133:1234, 117.129.120.37:80, 117.129.120.37:8080, 120.211.227.11:1234, 121.5.146.101:1234, 123.245.152.225:22, 131.221.125.80:22, 136.81.75.74:80, 136.81.75.74:8080, 138.160.23.137:80, 138.160.23.137:8080, 14.193.178.80:80, 14.193.178.80:8080, 140.113.85.152:2222, 141.114.210.236:2222, 141.94.30.107:80, 141.94.30.107:8080, 142.151.198.20:80, 142.151.198.20:8080, 145.88.163.227:80, 145.88.163.227:8080, 148.54.46.88:80, 148.54.46.88:8080, 151.157.199.159:80, 151.157.199.159:8080, 159.97.112.19:2222, 166.223.179.245:80, 166.223.179.245:8080, 178.243.227.116:2222, 178.38.100.28:2222, 185.123.48.243:80, 185.123.48.243:8080, 187.245.180.24:80, 187.245.180.24:8080, 193.185.135.113:80, 193.185.135.113:8080, 202.176.90.159:80, 202.176.90.159:8080, 202.183.190.8:80, 202.183.190.8:8080, 202.90.131.38:1234, 216.85.3.247:22, 218.175.39.115:80, 218.175.39.115:8080, 221.192.55.206:80, 221.192.55.206:8080, 223.10.21.222:22, 23.59.113.194:22, 240.125.157.42:80, 240.125.157.42:8080, 241.229.52.67:2222, 244.136.188.87:80, 244.136.188.87:8080, 249.34.154.78:80, 249.34.154.78:8080, 253.60.119.228:80, 253.60.119.228:8080, 3.91.21.110:1234, 30.7.145.137:80, 30.7.145.137:8080, 31.84.182.19:2222, 37.197.46.75:80, 37.197.46.75:8080, 38.14.93.2:2222, 47.227.209.72:22, 52.131.32.110:1234, 59.26.90.194:80, 59.26.90.194:8080, 60.240.92.160:80, 60.240.92.160:8080, 7.170.143.9:80, 7.170.143.9:8080, 79.169.180.41:22, 81.69.26.83:80, 81.69.26.83:8080, 81.71.206.32:80, 81.71.206.32:8080, 90.87.48.87:80, 90.87.48.87:8080, 95.155.71.59:2222 and 95.243.220.219:2222 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8084 and 8189 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: gtecnet.com.br and netcabo.pt |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|