IP Address: 217.85.239.81Previously Malicious
IP Address: 217.85.239.81Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan SSH 5 Shell Commands Listening SCP Port 80 Scan Port 8080 Scan Superuser Operation Outgoing Connection Successful SSH Login Download and Execute Download File |
Associated Attack Servers |
bsnl.in iforte.net.id quicksrv.de 5.28.139.161 35.236.89.215 46.38.242.160 49.156.148.140 117.247.172.37 123.132.238.210 128.8.238.32 172.64.110.32 172.64.111.32 172.64.200.11 172.64.201.11 182.16.160.129 188.93.232.104 218.87.28.32 222.117.95.174 |
IP Address |
217.85.239.81 |
|
Domain |
- |
|
ISP |
Deutsche Telekom AG |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-18 |
Last seen in Akamai Guardicore Segmentation |
2022-10-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /root/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig generated outgoing network traffic to: 1.220.98.197:1234, 104.21.75.20:443, 116.137.107.164:80, 116.137.107.164:8080, 120.224.34.31:1234, 120.31.133.162:1234, 123.43.249.246:80, 123.43.249.246:8080, 124.31.91.2:80, 124.31.91.2:8080, 124.97.247.235:80, 128.74.197.105:80, 128.74.197.105:8080, 129.105.162.91:80, 129.105.162.91:8080, 135.122.49.182:80, 135.122.49.182:8080, 139.209.222.134:1234, 146.239.62.252:80, 146.239.62.252:8080, 147.182.233.56:1234, 149.140.95.78:80, 149.140.95.78:8080, 155.220.130.215:80, 155.220.130.215:8080, 159.113.64.192:80, 159.113.64.192:8080, 161.70.98.32:1234, 162.87.125.4:80, 162.87.125.4:8080, 170.141.208.118:80, 170.141.208.118:8080, 172.137.100.21:80, 172.137.100.21:8080, 172.67.210.60:443, 182.224.177.56:1234, 184.83.112.246:1234, 185.188.122.206:80, 185.188.122.206:8080, 19.249.49.50:80, 19.249.49.50:8080, 190.12.120.30:1234, 196.206.100.145:80, 196.206.100.145:8080, 196.99.184.179:80, 196.99.184.179:8080, 207.179.164.134:80, 207.179.164.134:8080, 212.167.28.195:80, 212.167.28.195:8080, 218.146.15.97:1234, 221.219.6.63:80, 221.219.6.63:8080, 222.100.124.62:1234, 222.103.98.58:1234, 222.121.63.87:1234, 222.134.240.91:1234, 222.220.111.250:80, 222.220.111.250:8080, 223.171.91.127:1234, 223.171.91.160:1234, 246.93.241.77:80, 246.93.241.77:8080, 253.60.103.238:80, 253.60.103.238:8080, 26.75.107.77:80, 26.75.107.77:8080, 31.148.184.123:80, 31.148.184.123:8080, 31.237.101.165:80, 43.242.247.139:1234, 45.120.216.114:1234, 46.169.175.59:80, 46.169.175.59:8080, 49.233.159.222:1234, 51.75.146.174:443, 52.131.32.110:1234, 54.215.250.4:80, 54.215.250.4:8080, 55.63.29.248:80, 55.63.29.248:8080, 59.19.217.226:80, 59.19.217.226:8080, 59.3.186.45:1234, 61.84.162.66:1234, 82.149.112.170:1234, 82.66.5.84:1234, 89.20.49.159:80 and 89.20.49.159:8080 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8082 and 8187 |
Listening |
The file /root/apache2 was downloaded and executed 171 times |
Download and Execute |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Process /usr/local/mysql/bin/mysqld started listening on ports: 3306 |
Listening |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|