IP Address: 80.153.159.119Previously Malicious
IP Address: 80.153.159.119Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
SSH SCP Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Download File |
Associated Attack Servers |
6.152.195.109 22.9.225.243 22.90.201.176 24.62.245.7 25.121.182.211 26.9.58.151 36.69.131.107 37.208.106.195 51.80.221.83 51.159.19.47 81.68.166.127 81.87.61.158 82.157.131.41 89.171.165.234 95.154.21.210 101.69.135.110 106.52.252.228 116.225.43.137 142.23.54.183 147.182.233.56 160.119.253.51 161.70.98.32 161.187.83.169 172.64.110.32 172.64.111.32 172.64.200.11 172.64.201.11 172.105.162.113 173.26.87.143 |
IP Address |
80.153.159.119 |
|
Domain |
- |
|
ISP |
Deutsche Telekom Business |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-17 |
Last seen in Akamai Guardicore Segmentation |
2022-10-31 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 186 times |
Download and Execute |
Process /tmp/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 1234 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /tmp/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 103.152.118.20:1234, 103.90.177.102:1234, 110.223.68.8:80, 110.223.68.8:8080, 113.120.26.211:80, 113.120.26.211:8080, 115.69.57.37:80, 115.69.57.37:8080, 139.209.222.134:1234, 142.250.191.228:443, 147.125.106.79:80, 147.125.106.79:8080, 152.12.21.53:80, 152.12.21.53:8080, 153.162.247.60:80, 159.227.111.88:80, 159.227.111.88:8080, 172.64.131.4:443, 174.154.217.111:80, 174.154.217.111:8080, 177.15.150.200:80, 177.15.150.200:8080, 182.224.177.56:1234, 186.205.175.231:80, 186.205.175.231:8080, 191.242.182.210:1234, 191.242.188.103:1234, 202.61.203.229:1234, 209.216.177.238:1234, 210.99.20.194:1234, 214.16.186.116:80, 214.16.186.116:8080, 219.161.26.228:80, 219.161.26.228:8080, 220.243.148.80:1234, 222.121.63.87:1234, 222.134.240.92:1234, 223.171.91.127:1234, 223.171.91.149:1234, 223.171.91.191:1234, 223.33.150.108:80, 223.94.112.99:80, 223.94.112.99:8080, 240.51.34.33:80, 240.51.34.33:8080, 243.101.106.244:80, 243.101.106.244:8080, 243.117.64.78:80, 243.117.64.78:8080, 252.179.40.30:80, 31.151.238.52:80, 31.151.238.52:8080, 36.72.20.137:80, 36.72.20.137:8080, 43.202.185.40:80, 43.202.185.40:8080, 45.195.179.219:80, 45.195.179.219:8080, 49.125.144.242:80, 49.125.144.242:8080, 49.233.159.222:1234, 51.75.146.174:443, 52.131.32.110:1234, 53.83.167.143:80, 53.83.167.143:8080, 58.229.125.66:1234, 60.64.203.102:80, 60.64.203.102:8080, 61.77.105.219:1234, 61.84.162.66:1234, 62.172.151.4:80, 64.227.132.175:1234, 71.134.186.218:80, 71.134.186.218:8080, 75.187.145.138:80, 78.237.82.199:80, 78.237.82.199:8080, 8.8.4.4:443, 8.8.8.8:443, 85.105.82.39:1234, 86.133.233.66:1234, 93.133.77.126:80, 93.133.77.126:8080, 95.154.21.210:1234, 97.100.205.23:80, 97.100.205.23:8080, 98.152.81.66:80 and 98.152.81.66:8080 |
Outgoing Connection |
Process /tmp/ifconfig started listening on ports: 1234, 8081 and 8187 |
Listening |
Process /tmp/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 80 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /usr/local/mysql/bin/mysqld started listening on ports: 3306 2 times |
Listening |
Process /usr/local/apache2/bin/httpd started listening on ports: 80 |
Listening |
Process /usr/local/mysql/bin/mysqld started listening on ports: 3306 2 times |
Listening |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|
/var/tmp/ifconfig |
SHA256: 6ee5b0eadb32669e495a5d4157119d3a8248235f0b3e21084070fb6bb45ca89e |
950272 bytes |
/var/tmp/ifconfig |
SHA256: 861921d16b4f8870dda3d79aecaa828b713b8e41b29ec977aca10c236356144e |
1507328 bytes |
/var/tmp/ifconfig |
SHA256: 8a53c1d12942d21d2876a4b8d1eeed8a33a4a9d9f6d1ff3474980278e76a7cc9 |
1310720 bytes |
/var/tmp/ifconfig |
SHA256: 9f26c9e5240ac92baa25aadfd4f23dcb35723982204e00da5cbfb5cb88bf56af |
1867776 bytes |
/var/tmp/ifconfig |
SHA256: b2712bdabd192560eb201c14818ff1368c742242fee50fb164ef9f84142462fc |
2031616 bytes |
/var/tmp/ifconfig |
SHA256: c04b32a7c24533bc14fdd18b6cff3756d284640b23569d19c8e268ece7666b43 |
1540096 bytes |
/var/tmp/ifconfig |
SHA256: fc67a5ff1acc35f9c4ef21c8429bb047e956486f2c12d401950cc7551f601195 |
2326528 bytes |