IP Address: 191.96.224.39Previously Malicious
IP Address: 191.96.224.39Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Successful SSH Login Port 8080 Scan SSH System File Modification Download and Allow Execution Download and Execute Superuser Operation Port 80 Scan Port 1234 Scan |
Associated Attack Servers |
IP Address |
191.96.224.39 |
|
Domain |
- |
|
ISP |
Digital Energy Technologies Chile SpA |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-08-03 |
Last seen in Akamai Guardicore Segmentation |
2022-08-17 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
System file /etc/ifconfig was modified 4 times |
System File Modification |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /etc/apache2 scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
System file /etc/apache2 was modified 4 times |
System File Modification |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /etc/apache2 was downloaded and executed 176 times |
Download and Execute |
Process /etc/apache2 started listening on ports: 1234, 8082 and 8185 |
Listening |
Process /etc/apache2 generated outgoing network traffic to: 103.45.251.99:80, 103.45.251.99:8080, 104.21.25.86:443, 111.53.11.130:1234, 117.16.44.111:1234, 117.80.212.33:1234, 118.218.209.149:1234, 118.41.204.72:1234, 12.246.136.40:80, 12.246.136.40:8080, 12.80.157.32:80, 12.80.157.32:8080, 120.236.79.182:1234, 120.31.133.162:1234, 123.132.238.210:1234, 124.115.231.214:1234, 142.7.59.32:80, 142.7.59.32:8080, 15.143.47.137:80, 15.143.47.137:8080, 150.107.95.20:1234, 156.193.69.189:80, 156.193.69.189:8080, 161.70.98.32:1234, 163.118.233.129:80, 163.118.233.129:8080, 172.67.133.228:443, 179.95.101.168:80, 184.83.112.246:1234, 185.210.144.122:1234, 189.249.149.183:80, 189.249.149.183:8080, 189.84.154.149:80, 189.84.154.149:8080, 191.187.54.232:80, 191.187.54.232:8080, 196.59.136.24:80, 196.59.136.24:8080, 201.227.205.47:80, 202.61.203.229:1234, 207.230.51.74:80, 207.230.51.74:8080, 210.126.41.48:80, 210.126.41.48:8080, 211.187.44.217:80, 211.187.44.217:8080, 215.179.40.242:80, 215.179.40.242:8080, 221.133.96.23:80, 221.133.96.23:8080, 222.103.98.58:1234, 223.171.91.127:1234, 240.31.48.141:80, 240.31.48.141:8080, 242.137.142.178:80, 242.137.142.178:8080, 245.7.89.175:80, 245.7.89.175:8080, 39.175.68.100:1234, 46.211.93.217:80, 46.211.93.217:8080, 51.75.146.174:443, 58.76.71.99:80, 58.76.71.99:8080, 59.102.116.35:80, 59.3.186.45:1234, 61.77.105.219:1234, 65.171.127.151:80, 65.171.127.151:8080, 68.228.3.204:80, 68.228.3.204:8080, 7.11.121.158:80, 7.11.121.158:8080, 71.103.240.156:80, 71.103.240.156:8080, 75.139.21.102:80, 75.139.21.102:8080, 76.222.170.130:80, 76.222.170.130:8080, 8.82.18.90:80, 80.147.162.151:1234, 82.66.5.84:1234, 84.204.148.99:1234, 88.164.156.128:80, 88.164.156.128:8080, 89.212.123.191:1234 and 94.153.165.43:1234 |
Outgoing Connection |
Process /etc/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/local/bin/dash was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|