IP Address: 91.65.215.106Previously Malicious
IP Address: 91.65.215.106Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
System File Modification Port 1234 Scan SSH Listening SCP Port 80 Scan Port 8080 Scan Superuser Operation Outgoing Connection Successful SSH Login Download and Execute Download File 4 Shell Commands |
Associated Attack Servers |
IP Address |
91.65.215.106 |
|
Domain |
- |
|
ISP |
Vodafone Kabel Deutschland |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-07 |
Last seen in Akamai Guardicore Segmentation |
2022-10-16 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
System file /etc/apache2 was modified 4 times |
System File Modification |
The file /etc/apache2 was downloaded and executed 116 times |
Download and Execute |
Process /etc/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /etc/ifconfig generated outgoing network traffic to: 101.215.238.222:80, 101.215.238.222:8080, 101.42.90.177:1234, 103.105.12.48:1234, 104.115.148.164:80, 104.115.148.164:8080, 111.166.166.198:80, 111.166.166.198:8080, 117.54.14.169:1234, 120.224.34.31:1234, 120.236.79.182:1234, 122.221.8.100:80, 122.221.8.100:8080, 122.73.49.244:80, 122.73.49.244:8080, 124.115.231.214:1234, 124.223.14.100:1234, 125.185.45.235:80, 125.185.45.235:8080, 140.250.45.6:80, 140.250.45.6:8080, 141.194.118.48:80, 141.194.118.48:8080, 147.182.233.56:1234, 153.236.117.27:80, 153.236.117.27:8080, 159.94.123.5:80, 159.94.123.5:8080, 161.107.113.27:1234, 161.107.113.34:1234, 163.184.170.92:80, 163.184.170.92:8080, 165.19.175.157:80, 165.19.175.157:8080, 167.117.247.93:80, 167.117.247.93:8080, 172.64.162.15:443, 172.64.163.15:443, 176.66.180.53:80, 176.66.180.53:8080, 177.163.93.128:80, 177.163.93.128:8080, 184.142.9.34:80, 184.142.9.34:8080, 193.123.127.108:80, 193.123.127.108:8080, 197.89.50.76:80, 197.89.50.76:8080, 200.26.22.3:80, 210.99.20.194:1234, 211.162.184.120:1234, 212.57.36.20:1234, 220.243.148.80:1234, 221.139.219.102:80, 221.139.219.102:8080, 222.165.136.99:1234, 223.171.91.191:1234, 24.25.189.86:80, 24.25.189.86:8080, 250.155.34.99:80, 250.155.34.99:8080, 253.50.132.117:80, 253.50.132.117:8080, 30.83.246.218:80, 30.83.246.218:8080, 31.19.237.170:1234, 39.175.68.100:1234, 42.144.139.238:80, 43.242.247.139:1234, 48.229.203.204:80, 48.229.203.204:8080, 49.246.106.122:80, 49.246.106.122:8080, 51.75.146.174:443, 52.167.17.17:80, 52.167.17.17:8080, 59.3.186.45:1234, 62.55.91.224:80, 62.55.91.224:8080, 64.227.132.175:1234, 70.172.51.170:80, 70.172.51.170:8080, 78.238.167.155:80, 78.238.167.155:8080, 82.66.5.84:1234, 84.126.16.219:80, 84.126.16.219:8080, 86.133.233.66:1234 and 95.154.21.210:1234 |
Outgoing Connection |
Process /etc/ifconfig started listening on ports: 1234, 8082 and 8187 |
Listening |
Process /etc/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to user inactivity |
|