IP Address: 81.83.31.3Previously Malicious
IP Address: 81.83.31.3Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Port 1234 Scan Port 80 Scan Successful SSH Login SCP Download File SSH Download and Execute Outgoing Connection Port 8080 Scan Superuser Operation |
Associated Attack Servers |
1.119.152.110 13.94.102.8 15.152.213.8 18.176.208.194 21.72.205.221 31.39.246.235 34.106.28.7 43.242.247.139 80.222.144.180 88.67.131.152 95.63.162.63 102.9.15.18 104.101.122.59 110.42.161.158 111.53.11.130 125.137.1.121 134.138.34.41 149.90.162.219 178.215.99.26 222.100.124.62 |
IP Address |
81.83.31.3 |
|
Domain |
- |
|
ISP |
Telenet BVBA |
|
Country |
Belgium |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
Last seen in Akamai Guardicore Segmentation |
2022-05-13 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 177 times |
Download and Execute |
Process /root/apache2 scanned port 1234 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 1234 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /root/apache2 generated outgoing network traffic to: 102.42.141.29:80, 102.42.141.29:8080, 104.114.180.215:80, 104.114.180.215:8080, 104.21.25.86:443, 11.60.193.200:80, 118.218.209.149:1234, 118.41.204.72:1234, 120.224.34.31:1234, 120.236.79.182:1234, 124.115.231.214:1234, 126.152.172.216:80, 126.152.172.216:8080, 142.250.191.196:443, 146.171.99.155:80, 146.171.99.155:8080, 147.182.233.56:1234, 150.107.95.20:1234, 154.192.163.242:80, 154.192.163.242:8080, 159.86.175.46:80, 159.86.175.46:8080, 161.107.113.27:1234, 161.107.113.34:1234, 161.35.79.199:1234, 163.39.190.170:80, 163.39.190.170:8080, 164.236.153.9:80, 164.236.153.9:8080, 165.108.231.6:80, 165.108.231.6:8080, 166.235.67.212:80, 166.235.67.212:8080, 168.41.47.22:80, 168.41.47.22:8080, 172.11.217.21:80, 172.67.133.228:443, 174.6.39.89:80, 174.6.39.89:8080, 188.68.229.99:80, 188.68.229.99:8080, 188.95.187.180:80, 188.95.187.180:8080, 190.12.120.30:1234, 190.138.240.233:1234, 191.242.182.210:1234, 199.72.212.31:80, 199.72.212.31:8080, 20.141.185.205:1234, 20.179.208.121:80, 20.179.208.121:8080, 202.61.203.229:1234, 21.144.184.191:80, 21.144.184.191:8080, 211.162.184.120:1234, 216.131.230.211:80, 216.131.230.211:8080, 220.243.148.80:1234, 222.134.240.91:1234, 223.171.91.191:1234, 223.99.166.104:1234, 23.146.25.122:80, 246.66.121.184:80, 246.66.121.184:8080, 248.196.123.163:80, 248.196.123.163:8080, 31.65.109.78:80, 31.65.109.78:8080, 4.55.217.140:80, 4.55.217.140:8080, 43.242.247.139:1234, 46.228.111.210:80, 46.228.111.210:8080, 47.161.180.19:80, 47.161.180.19:8080, 49.233.159.222:1234, 52.131.32.110:1234, 62.116.25.96:80, 62.116.25.96:8080, 81.60.113.228:80, 81.60.113.228:8080, 85.105.82.39:1234, 86.236.118.75:80, 86.236.118.75:8080, 90.19.136.109:80, 90.19.136.109:8080, 95.154.21.210:1234, 97.215.69.69:80 and 97.215.69.69:8080 |
Outgoing Connection |
Process /root/apache2 started listening on ports: 1234, 8084 and 8183 |
Listening |
Process /root/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|