IP Address: 85.214.170.125Previously Malicious
IP Address: 85.214.170.125Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan Port 80 Scan Superuser Operation 6 Shell Commands Download and Allow Execution Successful SSH Login Download and Execute Port 8080 Scan SSH System File Modification Outgoing Connection Listening |
Associated Attack Servers |
35.241.45.135 46.229.221.78 120.224.34.31 161.70.98.32 209.216.177.238 |
IP Address |
85.214.170.125 |
|
Domain |
- |
|
ISP |
Strato AG |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-06-29 |
Last seen in Akamai Guardicore Segmentation |
2022-07-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
System file /etc/ifconfig was modified 4 times |
System File Modification |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /etc/apache2 was downloaded and executed 108 times |
Download and Execute |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /etc/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /etc/ifconfig generated outgoing network traffic to: 1.220.98.197:1234, 101.42.90.177:1234, 103.16.103.237:80, 104.21.25.86:443, 111.53.11.130:1234, 113.167.2.195:80, 113.167.2.195:8080, 120.236.78.194:1234, 120.31.133.162:1234, 120.70.199.46:80, 120.70.199.46:8080, 123.132.238.210:1234, 124.115.231.214:1234, 126.186.30.9:80, 128.33.179.247:80, 128.33.179.247:8080, 137.66.17.195:80, 137.66.17.195:8080, 142.77.187.77:80, 142.77.187.77:8080, 144.6.122.141:80, 144.6.122.141:8080, 164.26.155.95:80, 164.26.155.95:8080, 164.8.150.241:80, 164.8.150.241:8080, 172.24.212.146:80, 172.24.212.146:8080, 172.67.133.228:443, 179.247.66.78:80, 179.247.66.78:8080, 185.210.144.122:1234, 187.76.150.158:80, 187.76.150.158:8080, 19.62.28.186:80, 19.62.28.186:8080, 190.12.120.30:1234, 200.58.102.200:80, 200.58.102.200:8080, 208.119.235.183:80, 208.119.235.183:8080, 210.99.20.194:1234, 211.173.92.90:80, 211.173.92.90:8080, 218.179.170.175:80, 218.179.170.175:8080, 220.136.107.121:80, 220.136.107.121:8080, 220.243.148.80:1234, 222.121.63.87:1234, 222.134.240.91:1234, 222.165.136.99:1234, 24.180.111.82:80, 24.180.111.82:8080, 24.75.197.221:80, 24.75.197.221:8080, 247.163.34.26:80, 247.163.34.26:8080, 251.149.39.136:80, 3.61.113.78:80, 3.61.113.78:8080, 31.19.237.170:1234, 39.175.68.100:1234, 43.17.64.20:80, 43.17.64.20:8080, 45.120.216.114:1234, 46.109.219.249:80, 46.109.219.249:8080, 49.233.159.222:1234, 5.220.169.237:80, 5.220.169.237:8080, 51.75.146.174:443, 56.198.160.66:80, 56.198.160.66:8080, 58.130.157.249:80, 58.130.157.249:8080, 58.229.125.66:1234, 62.12.106.5:1234, 64.227.132.175:1234, 69.178.76.248:80, 69.178.76.248:8080, 75.21.82.222:80, 75.21.82.222:8080, 75.58.107.197:80, 75.58.107.197:8080, 82.66.5.84:1234, 85.105.82.39:1234 and 89.212.123.191:1234 |
Outgoing Connection |
Process /etc/ifconfig started listening on ports: 1234, 8083 and 8186 |
Listening |
Process /etc/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to user inactivity |
|