IP Address: 84.56.116.96Malicious
IP Address: 84.56.116.96Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 1919 Scan Outgoing Connection Service Creation Download and Execute Download and Allow Execution Successful SSH Login SSH Listening 1 Shell Commands Download File SFTP Port 22 Scan |
Associated Attack Servers |
IP Address |
84.56.116.96 |
|
Domain |
- |
|
ISP |
- |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2023-06-16 |
Last seen in Akamai Guardicore Segmentation |
2023-06-16 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./.8698048063678358714/sshd was downloaded |
Download File |
The file /root/.8698048063678358714/sshd was downloaded and executed 15 times |
Download and Execute |
Process /root/.8698048063678358714/sshd generated outgoing network traffic to: 101.32.141.62:1919, 101.68.78.75:1919, 101.68.78.76:1919, 103.123.63.116:1919, 107.174.172.47:1919, 109.184.141.23:22, 111.204.142.244:1919, 114.206.86.141:1919, 117.123.243.147:22, 117.160.3.132:1919, 12.215.246.218:22, 121.88.78.147:22, 124.193.179.118:1919, 128.199.204.155:1919, 129.150.60.180:1919, 13.214.2.237:1919, 13.215.251.171:1919, 13.40.174.113:1919, 131.100.164.234:1919, 133.242.169.47:1919, 134.3.121.27:22, 135.125.68.145:1919, 137.184.223.177:1919, 138.122.15.170:1919, 139.59.163.107:1919, 142.23.99.164:22, 142.93.178.224:1919, 143.110.222.3:1919, 143.29.114.144:22, 145.239.234.234:1919, 15.207.220.76:1919, 15.207.249.156:1919, 154.130.249.231:22, 154.142.129.117:22, 158.199.63.33:22, 161.132.39.94:1919, 161.35.202.102:1919, 162.159.128.233:443, 167.99.68.54:1919, 170.197.88.173:22, 170.221.42.37:22, 173.68.154.53:22, 179.1.87.42:1919, 18.141.13.50:1919, 18.177.141.251:1919, 181.113.114.115:1919, 185.114.35.231:1919, 185.253.20.26:22, 185.44.82.13:1919, 192.95.51.96:1919, 197.54.139.49:22, 207.168.94.206:22, 208.201.50.243:22, 211.154.194.21:1919, 212.0.227.84:22, 213.122.108.48:22, 214.165.196.126:22, 216.99.181.116:22, 219.46.197.234:22, 22.189.91.147:22, 22.214.144.90:22, 221.17.162.64:22, 23.157.154.177:22, 26.115.174.200:22, 29.183.52.227:22, 29.203.237.27:22, 3.0.78.127:1919, 31.18.125.222:22, 32.20.211.244:22, 34.152.9.198:1919, 35.85.36.196:1919, 37.172.156.122:22, 40.140.120.74:22, 41.178.82.237:22, 41.93.28.30:1919, 43.201.71.18:1919, 43.204.198.128:1919, 45.86.64.249:1919, 51.178.250.208:22, 53.200.152.213:22, 54.151.142.143:1919, 54.199.198.224:1919, 58.240.120.242:1919, 60.46.94.70:22, 64.226.80.213:1919, 66.32.67.176:22, 68.74.98.218:22, 70.135.241.101:22, 71.188.12.213:22, 73.116.137.35:22, 73.7.0.84:22, 78.113.92.4:22, 78.135.83.12:1919, 79.133.56.156:1919, 89.15.29.180:22, 91.236.248.41:1919, 92.191.41.146:22, 94.181.94.248:1919, 94.240.168.216:22 and 99.62.206.138:22 |
Outgoing Connection |
Process /root/.8698048063678358714/sshd scanned port 1919 on 51 IP Addresses |
Port 22 Scan Port 1919 Scan |
Process /root/.8698048063678358714/sshd scanned port 22 on 51 IP Addresses |
Port 22 Scan Port 1919 Scan |
Process /root/.8698048063678358714/sshd scanned port 1919 on 48 IP Addresses |
Port 22 Scan Port 1919 Scan |
Process /root/.8698048063678358714/sshd scanned port 22 on 48 IP Addresses |
Port 22 Scan Port 1919 Scan |
Process /root/.8698048063678358714/sshd started listening on ports: 1919 and 22 |
Listening |
Service systemd-worker was created |
Service Creation |
Connection was closed due to timeout |
|
/root/.8571702920854282542/sshd |
SHA256: 94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00 |
30304472 bytes |