IP Address: 85.242.243.167Previously Malicious
IP Address: 85.242.243.167Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan SSH 5 Shell Commands Listening Port 80 Scan Port 8080 Scan Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Outgoing Connection |
Associated Attack Servers |
123.132.238.210 147.182.233.56 161.35.79.199 172.64.110.32 172.64.111.32 |
IP Address |
85.242.243.167 |
|
Domain |
- |
|
ISP |
MEO |
|
Country |
Portugal |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-28 |
Last seen in Akamai Guardicore Segmentation |
2022-10-01 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /var/tmp/ifconfig was downloaded and executed |
Download and Execute |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /var/tmp/apache2 scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
The file /var/tmp/apache2 was downloaded and executed 177 times |
Download and Execute |
Process /var/tmp/apache2 generated outgoing network traffic to: 1.220.98.197:1234, 103.152.118.20:1234, 104.107.211.130:80, 104.107.211.130:8080, 105.231.37.99:80, 105.231.37.99:8080, 108.180.225.61:80, 108.180.225.61:8080, 116.198.211.227:80, 116.198.211.227:8080, 117.54.14.169:1234, 117.80.212.33:1234, 118.150.242.96:80, 118.150.242.96:8080, 118.41.204.72:1234, 123.132.238.210:1234, 124.115.231.214:1234, 132.139.41.58:80, 132.139.41.58:8080, 142.250.191.228:443, 145.165.128.93:80, 145.165.128.93:8080, 147.182.233.56:1234, 151.209.62.62:80, 151.209.62.62:8080, 155.220.116.88:80, 155.220.116.88:8080, 155.243.81.182:80, 155.243.81.182:8080, 161.107.113.34:1234, 163.251.116.7:80, 166.235.212.140:80, 166.235.212.140:8080, 169.246.84.98:80, 169.246.84.98:8080, 170.247.171.201:80, 170.247.171.201:8080, 172.64.110.32:443, 172.64.111.32:443, 176.204.73.248:80, 176.204.73.248:8080, 182.224.177.56:1234, 190.12.120.30:1234, 197.204.136.207:80, 197.204.136.207:8080, 209.216.177.158:1234, 209.216.177.238:1234, 211.162.184.120:1234, 212.120.116.209:80, 212.120.116.209:8080, 212.55.71.34:80, 212.55.71.34:8080, 217.35.180.247:80, 217.35.180.247:8080, 222.103.98.58:1234, 222.134.240.92:1234, 223.171.91.127:1234, 223.171.91.160:1234, 250.201.239.56:80, 250.201.239.56:8080, 33.47.110.68:80, 33.47.110.68:8080, 38.105.36.243:80, 38.105.36.243:8080, 39.175.68.100:1234, 45.120.216.114:1234, 46.13.252.200:80, 46.13.252.200:8080, 49.147.3.29:80, 49.147.3.29:8080, 52.131.32.110:1234, 52.133.50.117:80, 52.133.50.117:8080, 52.184.241.217:80, 52.184.241.217:8080, 81.203.18.76:80, 81.203.18.76:8080, 82.177.58.36:80, 82.177.58.36:8080, 84.204.148.99:1234, 85.211.86.135:80, 85.211.86.135:8080, 86.133.233.66:1234, 9.243.170.32:80, 9.243.170.32:8080, 94.97.4.226:80, 94.97.4.226:8080, 95.154.21.210:1234 and 96.40.142.91:80 |
Outgoing Connection |
Process /var/tmp/apache2 started listening on ports: 1234, 8085 and 8180 |
Listening |
Process /var/tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Process /usr/local/mysql/bin/mysqld started listening on ports: 3306 |
Listening |
Process /lib/systemd/systemd started listening on ports: 80 |
Listening |
Connection was closed due to timeout |
|