IP Address: 58.216.8.121Previously Malicious
IP Address: 58.216.8.121Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Port 1234 Scan SSH Listening SCP Port 80 Scan Port 8080 Scan Superuser Operation Outgoing Connection Successful SSH Login Download and Execute Download File 4 Shell Commands |
Associated Attack Servers |
IP Address |
58.216.8.121 |
|
Domain |
- |
|
ISP |
China Telecom jiangsu |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-08-17 |
Last seen in Akamai Guardicore Segmentation |
2022-10-31 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /var/tmp/apache2 was downloaded and executed 148 times |
Download and Execute |
Process /var/tmp/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /var/tmp/ifconfig generated outgoing network traffic to: 1.156.19.180:80, 1.156.19.180:8080, 102.64.102.199:80, 102.64.102.199:8080, 104.83.21.141:80, 104.83.21.141:8080, 11.144.213.42:80, 11.144.213.42:8080, 117.54.14.169:1234, 118.218.209.149:1234, 120.236.79.182:1234, 120.31.133.162:1234, 132.134.88.243:80, 132.134.88.243:8080, 142.172.146.123:80, 142.172.146.123:8080, 143.218.122.102:80, 143.218.122.102:8080, 147.182.233.56:1234, 147.225.72.253:80, 147.225.72.253:8080, 161.107.113.27:1234, 161.70.98.32:1234, 172.64.162.15:443, 172.64.163.15:443, 173.18.35.41:1234, 174.81.175.193:80, 174.81.175.193:8080, 185.210.144.122:1234, 19.44.9.98:80, 19.44.9.98:8080, 190.60.239.44:1234, 191.165.193.208:80, 191.165.193.208:8080, 191.242.182.210:1234, 192.106.122.135:80, 192.106.122.135:8080, 193.48.41.202:80, 193.48.41.202:8080, 199.135.251.140:80, 206.96.122.153:80, 206.96.122.153:8080, 209.216.177.238:1234, 211.162.184.120:1234, 212.57.36.20:1234, 219.117.181.57:80, 219.117.181.57:8080, 220.243.148.80:1234, 222.100.124.62:1234, 222.121.63.87:1234, 222.165.136.99:1234, 223.171.91.191:1234, 243.205.34.248:80, 243.205.34.248:8080, 243.227.43.89:80, 243.227.43.89:8080, 244.128.28.48:80, 244.128.28.48:8080, 245.39.176.15:80, 245.39.176.15:8080, 247.185.60.79:80, 247.185.60.79:8080, 251.142.123.38:80, 251.142.123.38:8080, 34.229.235.37:80, 34.229.235.37:8080, 37.46.208.101:80, 37.46.208.101:8080, 39.175.68.100:1234, 4.8.98.158:80, 44.71.118.22:80, 44.71.118.22:8080, 46.13.164.29:1234, 5.218.211.112:80, 5.218.211.112:8080, 51.75.146.174:443, 59.79.89.19:80, 59.79.89.19:8080, 62.12.106.5:1234, 71.249.35.230:80, 71.249.35.230:8080, 80.147.162.151:1234, 82.149.112.170:1234, 82.154.96.36:80, 82.154.96.36:8080, 89.193.28.185:80, 89.193.28.185:8080, 93.162.200.73:80 and 93.162.200.73:8080 |
Outgoing Connection |
Process /var/tmp/ifconfig started listening on ports: 1234, 8082 and 8189 |
Listening |
Process /var/tmp/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/ifconfig scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/ifconfig scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to user inactivity |
|