IP Address: 34.92.90.235Previously Malicious
IP Address: 34.92.90.235Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 2222 Scan SSH Listening Port 22 Scan Outgoing Connection Access Suspicious Domain Successful SSH Login Download and Allow Execution Download and Execute 19 Shell Commands |
Associated Attack Servers |
3.236.39.46 47.91.87.67 100.0.197.18 166.168.111.151 166.255.227.179 181.189.223.145 217.109.225.188 |
IP Address |
34.92.90.235 |
|
Domain |
- |
|
ISP |
Google Cloud |
|
Country |
- |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-07-23 |
Last seen in Akamai Guardicore Segmentation |
2020-07-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 133 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig started listening on ports: 1234 |
Listening |
Process /root/ifconfig generated outgoing network traffic to: 111.119.223.4:22, 112.84.63.154:22, 112.84.63.154:2222, 113.105.193.7:22, 113.105.193.7:2222, 118.33.14.75:22, 118.33.14.75:2222, 121.211.120.111:2222, 123.167.103.80:22, 123.167.103.80:2222, 132.192.102.182:2222, 135.154.93.151:22, 135.154.93.151:2222, 139.198.191.245:1234, 145.139.21.162:22, 145.139.21.162:2222, 149.133.160.252:22, 149.209.109.175:22, 149.209.109.175:2222, 15.54.72.217:2222, 152.202.147.146:22, 152.202.147.146:2222, 153.149.134.214:22, 153.149.134.214:2222, 158.26.133.61:22, 158.26.133.61:2222, 166.168.111.151:1234, 166.255.227.179:1234, 169.20.13.113:22, 169.20.13.113:2222, 169.88.53.84:2222, 170.233.234.186:22, 172.85.106.151:2222, 179.85.119.168:22, 181.85.144.141:22, 181.85.144.141:2222, 184.202.109.209:22, 184.202.109.209:2222, 187.181.82.247:22, 187.181.82.247:2222, 194.128.36.59:22, 194.128.36.59:2222, 196.102.49.253:22, 196.102.49.253:2222, 200.122.174.73:2222, 200.79.202.166:22, 200.79.202.166:2222, 204.68.146.209:2222, 205.102.227.63:2222, 208.79.117.230:22, 208.79.117.230:2222, 212.52.120.189:22, 212.52.120.189:2222, 216.246.212.169:22, 216.246.212.169:2222, 217.109.225.188:1234, 218.178.208.253:2222, 218.93.239.44:1234, 246.62.192.183:2222, 250.136.102.6:2222, 250.206.100.157:22, 250.206.100.157:2222, 3.236.39.46:1234, 34.204.123.229:22, 42.98.246.190:22, 49.70.56.45:22, 49.70.56.45:2222, 50.42.206.177:22, 50.42.206.177:2222, 51.75.31.39:1234, 6.118.30.75:22, 63.111.103.27:22, 63.111.103.27:2222, 64.169.247.227:2222, 64.41.148.66:22, 64.41.148.66:2222, 65.185.131.132:22, 65.185.131.132:2222, 72.11.71.74:22, 72.11.71.74:2222, 73.157.138.19:2222, 83.199.12.196:22, 83.199.12.196:2222, 85.47.90.44:22, 86.170.245.58:22, 9.164.121.137:2222 and 95.217.34.11:2222 |
Outgoing Connection |
Process /root/ifconfig attempted to access suspicious domains: ip-51-75-31.eu and oleane.fr |
Access Suspicious Domain Outgoing Connection |
Process /root/ifconfig scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /root/php-fpm was downloaded and executed 25 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /root/php-fpm was downloaded and executed 3 times |
Download and Execute |
Connection was closed due to timeout |
|