IP Address: 95.154.21.210Previously Malicious
IP Address: 95.154.21.210Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
IP Address |
95.154.21.210 |
|
|
Domain |
- |
|
|
ISP |
Stofa |
|
|
Country |
Denmark |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-03-02 |
|
Last seen in Akamai Guardicore Segmentation |
2022-10-25 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 3 times |
Successful SSH Login |
|
Process /dev/shm/ifconfig scanned port 1234 on 40 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
Process /dev/shm/ifconfig scanned port 80 on 40 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
Process /dev/shm/ifconfig scanned port 1234 on 20 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
Process /usr/sbin/sshd scanned port 1234 on 40 IP Addresses |
Port 1234 Scan |
|
Process /bin/nc.openbsd scanned port 1234 on 40 IP Addresses |
Port 1234 Scan |
|
Process /usr/sbin/sshd scanned port 1234 on 40 IP Addresses |
Port 1234 Scan |
|
Process /tmp/ifconfig scanned port 1234 on 40 IP Addresses |
Port 1234 Scan |
|
Process /root/ifconfig scanned port 1234 on 40 IP Addresses |
Port 1234 Scan |
|
Process /var/tmp/ifconfig scanned port 1234 on 40 IP Addresses |
Port 1234 Scan |
|
A possibly malicious Superuser Operation was detected 12 times |
Superuser Operation |
|
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 1.220.98.197:1234, 103.105.12.48:1234, 103.152.118.20:1234, 103.90.177.102:1234, 104.118.235.196:80, 111.53.11.130:1234, 117.54.14.169:1234, 117.80.212.33:1234, 118.41.204.72:1234, 118.41.204.72:22, 120.224.34.31:1234, 120.236.78.194:1234, 120.31.133.162:1234, 124.115.231.214:1234, 132.114.249.215:80, 132.252.199.74:80, 133.100.134.57:80, 137.54.201.6:80, 142.250.191.228:443, 147.182.233.56:1234, 150.187.79.78:80, 151.86.89.37:80, 153.40.76.213:80, 172.64.200.11:443, 173.155.143.42:80, 182.224.177.56:1234, 184.83.112.246:1234, 190.138.240.233:1234, 191.242.182.210:1234, 191.242.188.103:1234, 195.98.236.209:80, 20.141.185.205:1234, 202.61.203.229:1234, 211.162.184.120:1234, 213.83.40.3:80, 220.243.148.80:1234, 222.165.136.99:1234, 223.171.91.127:1234, 223.171.91.160:1234, 241.228.93.105:80, 248.104.161.42:80, 28.95.170.138:80, 46.13.164.29:1234, 49.215.173.111:80, 49.233.159.222:1234, 50.117.190.47:80, 51.159.19.47:1234, 51.75.146.174:443, 52.131.32.110:1234, 54.87.42.197:80, 56.102.134.207:80, 58.229.125.66:1234, 59.101.155.84:80, 59.3.186.45:1234, 61.84.162.66:1234, 61.84.162.66:22, 62.12.106.5:1234, 8.8.8.8:443, 80.147.162.151:1234, 82.66.5.84:1234, 86.133.233.66:1234, 89.5.238.14:80, 93.176.229.145:1234, 95.154.21.210:1234 and 95.154.21.210:2222 |
Outgoing Connection |
|
Process /dev/shm/ifconfig started listening on ports: 1234, 8084 and 8181 |
Listening |
|
Process /dev/shm/ifconfig attempted to access suspicious domains: sefiber.dk |
Access Suspicious Domain Outgoing Connection |
|
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /tmp/apache2 was downloaded and executed 3 times |
Download and Execute |
|
./ifconfig was downloaded |
Download File |
|
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 19 times |
Download and Execute |
|
Process /root/ifconfig generated outgoing network traffic to: 172.64.200.11:443 |
Outgoing Connection |
|
Process /dev/shm/ifconfig scanned port 80 on 20 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
The file /var/tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /var/tmp/apache2 was downloaded and executed 6 times |
Download and Execute |
|
Process /var/tmp/ifconfig generated outgoing network traffic to: 172.64.200.11:443 |
Outgoing Connection |
|
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 6 times |
Download and Execute |
|
System file /etc/apache2 was modified 4 times |
System File Modification |
|
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /etc/apache2 was downloaded and executed 16 times |
Download and Execute |
|
Connection was closed due to timeout |
|
|
/var/tmp/ifconfig |
SHA256: 1a44fca7624fff41bb0115d35ece06c6b145c23503b4e50eddc373c148b94a1d |
720896 bytes |
|
/var/tmp/ifconfig |
SHA256: 1b40245f21f1cb845b7fdf2428315166a8b1d8d5e1e42cd290cd8e479ed61ad7 |
2129920 bytes |
|
/var/tmp/ifconfig |
SHA256: 2aacc3f6c14a2bd120ce9f7cab7af1f4d3e207bea33d56f02a14f75613a7930c |
786432 bytes |
|
/var/tmp/ifconfig |
SHA256: 2fd96aa6470f930f543ef665fcc62ffa4dfe6646b8f506c11b452a191800285b |
2392064 bytes |
|
/var/tmp/ifconfig |
SHA256: 376f8f665f43984bf5aa16524421600b638fc1a7b331e8ac78b60a387fcf8dbb |
2621440 bytes |
|
/var/tmp/ifconfig |
SHA256: 58fa8bd74efa3caed2b8c22662b98aa7c00b022788181ed80396406a813226a4 |
1114112 bytes |
|
/var/tmp/ifconfig |
SHA256: 861921d16b4f8870dda3d79aecaa828b713b8e41b29ec977aca10c236356144e |
1507328 bytes |
|
/var/tmp/ifconfig |
SHA256: 9516639b92dfb73072de6c5220e3ee130547680b8870c9288eccd928de847e35 |
2883584 bytes |
|
/etc/ifconfig |
SHA256: bf9553be0290bc2603b057d3daa41cbcc7f761941ff5519b7d441abe836ec046 |
2457600 bytes |
© 2023 Akamai Technologies