IP Address: 83.66.33.75Previously Malicious
IP Address: 83.66.33.75Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Successful SSH Login SSH Download and Execute Download and Allow Execution Superuser Operation |
Associated Attack Servers |
51.84.61.93 77.81.181.231 92.91.153.181 106.5.125.158 111.53.11.130 135.181.104.81 139.148.26.70 139.148.27.150 147.182.233.56 156.55.20.200 242.119.67.72 |
IP Address |
83.66.33.75 |
|
Domain |
- |
|
ISP |
Demiroren Tv Digital Platform Isletmeciligi A.s. |
|
Country |
Turkey |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-08 |
Last seen in Akamai Guardicore Segmentation |
2022-06-09 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
System file /etc/ifconfig was modified 16 times |
System File Modification |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /etc/apache2 was downloaded and executed 184 times |
Download and Execute |
Process /etc/apache2 scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 28 IP Addresses 2 times |
Port 1234 Scan |
Process /etc/apache2 generated outgoing network traffic to: 1.220.98.197:1234, 103.90.177.102:1234, 104.21.25.86:443, 107.152.219.184:80, 107.152.219.184:8080, 111.53.11.130:1234, 117.221.34.239:80, 117.221.34.239:8080, 117.80.212.33:1234, 118.41.204.72:1234, 124.115.231.214:1234, 124.223.14.100:1234, 139.209.222.134:1234, 14.14.77.10:80, 141.54.50.224:80, 141.54.50.224:8080, 148.108.101.47:80, 148.108.101.47:8080, 158.105.135.177:80, 158.105.135.177:8080, 161.107.113.34:1234, 161.35.79.199:1234, 168.242.250.58:80, 168.242.250.58:8080, 17.85.129.159:80, 17.85.129.159:8080, 172.250.15.26:80, 172.67.133.228:443, 173.18.35.41:1234, 175.123.131.24:80, 175.123.131.24:8080, 176.74.169.50:80, 176.74.169.50:8080, 181.82.247.232:80, 181.82.247.232:8080, 182.224.177.56:1234, 184.83.112.246:1234, 190.12.120.30:1234, 190.138.240.233:1234, 191.242.182.210:1234, 194.75.5.51:80, 194.75.5.51:8080, 198.113.102.207:80, 198.113.102.207:8080, 198.33.16.190:80, 198.33.16.190:8080, 200.123.37.236:80, 200.123.37.236:8080, 206.189.25.255:1234, 211.162.184.120:1234, 211.173.198.220:80, 212.57.36.20:1234, 22.164.208.80:80, 22.164.208.80:8080, 220.20.53.2:80, 220.20.53.2:8080, 221.1.229.134:80, 221.1.229.134:8080, 222.134.240.91:1234, 223.171.91.149:1234, 223.171.91.160:1234, 23.140.172.117:80, 23.140.172.117:8080, 242.119.75.76:80, 242.119.75.76:8080, 26.131.49.13:80, 26.131.49.13:8080, 26.228.194.101:80, 26.228.194.101:8080, 33.88.17.42:80, 33.88.17.42:8080, 44.236.215.242:80, 44.236.215.242:8080, 45.120.216.114:1234, 51.75.146.174:443, 61.77.105.219:1234, 70.189.95.212:80, 74.183.93.120:80, 74.183.93.120:8080, 84.204.148.99:1234, 85.105.82.39:1234, 89.69.193.72:80, 89.69.193.72:8080, 9.248.160.93:80, 9.248.160.93:8080, 90.215.238.63:80, 90.215.238.63:8080, 92.224.60.2:80 and 92.224.60.2:8080 |
Outgoing Connection |
Process /etc/apache2 started listening on ports: 1234, 8082 and 8181 |
Listening |
Process /etc/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|