IP Address: 82.66.109.74Malicious
IP Address: 82.66.109.74Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SCP SSH |
|
Tags |
Port 1234 Scan SSH 6 Shell Commands Listening SCP Port 80 Scan Port 8080 Scan Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Download File Outgoing Connection |
|
Associated Attack Servers |
15.237.48.145 66.37.47.77 103.158.58.2 120.224.34.31 172.64.201.11 188.93.232.104 222.103.98.58 222.117.95.174 222.121.63.87 |
|
IP Address |
82.66.109.74 |
|
|
Domain |
- |
|
|
ISP |
Free SAS |
|
|
Country |
France |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2021-12-27 |
|
Last seen in Akamai Guardicore Segmentation |
2023-06-17 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
The file /tmp/ifconfig was downloaded and granted execution privileges |
Download and Allow Execution |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 4 times |
Successful SSH Login |
|
./ifconfig was downloaded |
Download File |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
Process /var/tmp/apache2 scanned port 1234 on 26 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
|
Process /var/tmp/apache2 scanned port 1234 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
|
Process /var/tmp/apache2 scanned port 1234 on 27 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
|
Process /var/tmp/apache2 scanned port 80 on 26 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
|
Process /var/tmp/apache2 scanned port 8080 on 26 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
|
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
|
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
|
The file /var/tmp/apache2 was downloaded and executed 131 times |
Download and Execute |
|
Process /var/tmp/apache2 generated outgoing network traffic to: 1.1.1.1:443, 103.152.118.20:1234, 111.140.162.134:80, 111.140.162.134:8080, 117.54.14.169:1234, 118.218.209.149:1234, 118.70.86.187:80, 118.70.86.187:8080, 119.252.58.252:80, 119.252.58.252:8080, 120.224.34.31:1234, 120.236.78.194:1234, 120.31.133.162:1234, 129.113.35.230:80, 129.113.35.230:8080, 137.71.250.169:80, 137.71.250.169:8080, 138.195.70.199:80, 138.195.70.199:8080, 138.25.195.16:80, 14.33.100.229:80, 14.33.100.229:8080, 141.36.54.56:80, 141.36.54.56:8080, 148.74.170.183:80, 148.74.170.183:8080, 153.184.44.95:80, 153.184.44.95:8080, 158.18.139.18:80, 158.18.139.18:8080, 161.107.113.34:1234, 163.213.7.179:80, 163.213.7.179:8080, 164.12.156.140:80, 17.8.215.13:80, 17.8.215.13:8080, 172.217.2.36:443, 172.67.133.228:443, 182.247.30.70:80, 182.247.30.70:8080, 183.213.26.13:1234, 185.210.144.122:1234, 188.3.21.170:80, 188.3.21.170:8080, 194.27.24.122:80, 194.27.24.122:8080, 209.216.177.158:1234, 209.216.177.238:1234, 210.99.20.194:1234, 211.66.226.25:80, 217.104.98.42:80, 217.104.98.42:8080, 221.61.241.121:80, 221.61.241.121:8080, 222.103.98.58:1234, 222.121.63.87:1234, 222.134.240.91:1234, 222.165.136.99:1234, 223.171.91.127:1234, 223.171.91.191:1234, 242.120.44.73:80, 242.120.44.73:8080, 252.237.23.129:80, 252.237.23.129:8080, 26.182.204.110:80, 26.182.204.110:8080, 33.26.176.205:80, 33.26.176.205:8080, 42.158.194.3:80, 45.120.216.114:1234, 46.13.164.29:1234, 48.201.113.65:80, 48.201.113.65:8080, 51.75.146.174:443, 65.64.40.208:80, 78.78.104.72:80, 78.78.104.72:8080, 8.8.8.8:443, 80.147.162.151:1234, 84.204.148.99:1234, 85.105.82.39:1234, 89.212.123.191:1234, 91.56.178.87:80, 91.56.178.87:8080, 97.148.212.37:80, 97.148.212.37:8080, 99.42.136.40:80 and 99.42.136.40:8080 |
Outgoing Connection |
|
Process /var/tmp/apache2 started listening on ports: 1234, 8089 and 8183 |
Listening |
|
Process /var/tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
|
Process /var/tmp/apache2 scanned port 80 on 27 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
|
Process /var/tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
|
Process /var/tmp/apache2 scanned port 8080 on 27 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
|
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies
