IP Address: 91.224.192.121Previously Malicious
IP Address: 91.224.192.121Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Port 22 Scan Access Suspicious Domain Port 8080 Scan 3 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
15.116.78.151 31.25.33.123 47.170.96.224 52.236.133.183 61.102.42.5 67.114.235.21 73.168.202.75 80.141.157.234 81.68.115.169 91.205.8.110 111.74.195.124 119.91.140.230 119.91.157.192 121.5.146.101 126.219.143.207 134.209.32.120 141.72.128.86 150.158.85.157 190.14.48.123 191.72.104.203 191.242.182.210 202.90.131.38 210.101.83.129 |
IP Address |
91.224.192.121 |
|
Domain |
- |
|
ISP |
DATA-COM Piotr Data |
|
Country |
Poland |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-17 |
Last seen in Akamai Guardicore Segmentation |
2022-04-21 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 scanned port 22 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 109.75.117.165:80, 109.75.117.165:8080, 111.74.195.124:2222, 119.91.157.192:1234, 121.111.221.68:80, 121.111.221.68:8080, 126.219.143.207:2222, 126.32.30.11:80, 126.32.30.11:8080, 126.69.209.198:22, 137.222.180.80:22, 139.200.53.123:80, 139.200.53.123:8080, 142.237.97.63:80, 142.237.97.63:8080, 147.196.87.252:22, 148.180.139.105:80, 148.180.139.105:8080, 150.158.85.157:1234, 154.98.60.112:80, 154.98.60.112:8080, 159.36.6.20:80, 159.36.6.20:8080, 166.167.38.248:22, 168.107.148.35:80, 168.107.148.35:8080, 171.91.59.177:80, 171.91.59.177:8080, 179.30.38.214:80, 179.30.38.214:8080, 189.125.137.23:80, 189.125.137.23:8080, 190.14.48.123:1234, 191.242.182.210:1234, 191.53.119.26:80, 191.53.119.26:8080, 196.62.226.145:80, 196.62.226.145:8080, 198.183.163.241:80, 198.183.163.241:8080, 201.61.189.150:80, 201.61.189.150:8080, 202.166.151.247:80, 202.166.151.247:8080, 207.62.124.114:80, 207.62.124.114:8080, 210.101.83.129:1234, 212.87.109.194:22, 214.13.203.91:80, 214.13.203.91:8080, 216.34.9.111:80, 216.34.9.111:8080, 217.206.234.64:80, 217.206.234.64:8080, 250.214.42.77:80, 250.214.42.77:8080, 28.122.149.131:80, 28.122.149.131:8080, 30.155.21.28:22, 30.213.122.11:80, 30.213.122.11:8080, 43.227.225.153:80, 43.227.225.153:8080, 45.38.223.109:80, 45.38.223.109:8080, 46.120.165.126:80, 46.120.165.126:8080, 58.108.235.140:80, 58.108.235.140:8080, 58.181.52.191:80, 58.181.52.191:8080, 61.102.42.5:1234, 63.97.170.160:80, 63.97.170.160:8080, 67.114.235.21:2222, 68.67.127.44:22, 76.146.158.45:22, 80.141.157.234:2222, 81.68.115.169:1234, 88.24.64.142:22, 90.1.56.15:80, 90.1.56.15:8080, 91.205.8.110:22, 91.205.8.110:2222, 96.178.76.224:80 and 96.178.76.224:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8089 and 8189 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: bbtec.net, conecttelecom.com.br, iia.cl and t-ipconnect.de |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to user inactivity |
|