IP Address: 139.209.222.134Malicious
IP Address: 139.209.222.134Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SCP |
|
Tags |
Port 8080 Scan Successful SSH Login Port 22 Scan SSH SCP Port 80 Scan Access Suspicious Domain Outgoing Connection Download File Superuser Operation 4 Shell Commands Listening |
|
Associated Attack Servers |
cps.com.ar indo.net.id jlccptt.net.cn softex.cz vodafonedsl.it vsnl.net.in 1.1.1.1 59.161.200.84 80.147.162.151 81.70.147.119 82.157.131.41 85.207.133.119 93.145.173.56 111.53.11.133 117.16.44.111 117.54.14.169 142.131.113.76 190.12.120.30 214.195.232.159 215.126.24.28 240.65.148.36 243.216.133.80 |
|
IP Address |
139.209.222.134 |
|
|
Domain |
- |
|
|
ISP |
China Unicom Liaoning |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-02-28 |
|
Last seen in Akamai Guardicore Segmentation |
2023-05-24 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
/dev/shm/ifconfig was downloaded 2 times |
Download File |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 4 times |
Superuser Operation |
|
Process /dev/shm/apache2 scanned port 22 on 10 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 80 on 10 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 10 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 22 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 22 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 1.92.83.19:80, 1.92.83.19:8080, 101.152.212.66:80, 101.152.212.66:8080, 105.21.78.109:80, 105.21.78.109:8080, 107.65.106.236:80, 107.65.106.236:8080, 111.230.207.29:80, 111.230.207.29:8080, 111.53.11.133:1234, 117.16.44.111:1234, 117.54.14.169:1234, 118.208.27.190:80, 118.208.27.190:8080, 128.163.184.92:80, 128.163.184.92:8080, 129.82.176.158:80, 129.82.176.158:8080, 131.27.93.24:22, 132.17.107.113:80, 132.17.107.113:8080, 134.32.207.38:80, 134.32.207.38:8080, 139.209.222.134:1234, 140.194.23.164:80, 140.194.23.164:8080, 142.131.113.76:22, 142.131.113.76:2222, 158.205.56.181:80, 158.205.56.181:8080, 177.47.250.68:22, 18.209.244.88:80, 18.209.244.88:8080, 182.68.209.85:80, 182.68.209.85:8080, 186.188.129.173:80, 186.188.129.173:8080, 186.225.183.78:80, 186.225.183.78:8080, 186.251.93.111:80, 186.251.93.111:8080, 190.12.120.30:1234, 191.26.68.234:80, 191.26.68.234:8080, 192.193.181.248:80, 192.193.181.248:8080, 195.109.147.219:80, 195.109.147.219:8080, 2.192.64.40:22, 214.195.232.159:2222, 215.126.24.28:2222, 217.216.172.184:80, 217.216.172.184:8080, 223.188.23.186:80, 223.188.23.186:8080, 240.65.148.36:2222, 241.221.230.206:80, 241.221.230.206:8080, 243.216.133.80:2222, 248.221.116.25:80, 248.221.116.25:8080, 249.172.249.46:80, 249.172.249.46:8080, 253.238.25.171:22, 3.97.189.228:80, 3.97.189.228:8080, 31.20.43.195:80, 31.20.43.195:8080, 34.143.35.169:80, 34.143.35.169:8080, 42.130.228.100:80, 42.130.228.100:8080, 44.113.54.70:80, 44.113.54.70:8080, 44.53.1.15:80, 44.53.1.15:8080, 53.221.53.196:22, 59.161.200.84:2222, 73.208.168.249:22, 76.199.117.236:80, 76.199.117.236:8080, 81.70.147.119:1234, 82.157.131.41:1234, 85.207.133.119:2222, 93.145.173.56:22, 93.145.173.56:2222 and 94.25.69.180:22 |
Outgoing Connection |
|
Process /dev/shm/apache2 started listening on ports: 1234, 8089 and 8183 |
Listening |
|
Process /dev/shm/apache2 attempted to access suspicious domains: cps.com.ar, jlccptt.net.cn, softex.cz, vodafonedsl.it and vsnl.net.in |
Outgoing Connection Access Suspicious Domain |
|
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies