IP Address: 86.120.130.186Previously Malicious
IP Address: 86.120.130.186Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Download and Allow Execution Human Successful SSH Login Superuser Operation Download Operation Port 22 Scan DNS Query Download and Execute Access Suspicious Domain 24 Shell Commands Download File Outgoing Connection HTTP SSH |
Associated Attack Servers |
IP Address |
86.120.130.186 |
|
Domain |
- |
|
ISP |
RCS & RDS |
|
Country |
Romania |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-11-06 |
Last seen in Akamai Guardicore Segmentation |
2020-11-06 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: mysql / ***** - Authentication policy: White List |
Successful SSH Login |
A possibly malicious Superuser Operation was detected |
Download Operation Superuser Operation |
A possibly malicious Download Operation was detected |
Download Operation Superuser Operation |
Process /usr/bin/wget attempted to access suspicious domains: nasapaul.com |
DNS Query Access Suspicious Domain Outgoing Connection |
Process /usr/bin/wget generated outgoing network traffic to: 104.18.36.209:443 and 104.18.36.209:80 |
Outgoing Connection |
/home/mysql/Nasa.zip was downloaded |
Download File |
/home/mysql/.wget-hsts was downloaded |
Download File |
The file /home/mysql/Nasa/n was downloaded and granted execution privileges 2 times |
Download and Allow Execution |
The file /home/mysql/Nasa/1 was downloaded and granted execution privileges |
Download and Allow Execution |
The file /home/mysql/Nasa/screen was downloaded and granted execution privileges |
Download and Allow Execution |
The file /home/mysql/Nasa/port was downloaded and granted execution privileges |
Download and Allow Execution |
The file /home/mysql/Nasa/pscan2 was downloaded and executed |
Download and Execute |
Process /home/mysql/Nasa/pscan2 generated outgoing network traffic to: 178.128.0.10:22, 178.128.0.11:22, 178.128.0.12:22, 178.128.0.13:22, 178.128.0.14:22, 178.128.0.15:22, 178.128.0.16:22, 178.128.0.17:22, 178.128.0.18:22, 178.128.0.19:22, 178.128.0.1:22, 178.128.0.20:22, 178.128.0.21:22, 178.128.0.22:22, 178.128.0.23:22, 178.128.0.24:22, 178.128.0.25:22, 178.128.0.26:22, 178.128.0.27:22, 178.128.0.28:22, 178.128.0.29:22, 178.128.0.2:22, 178.128.0.30:22, 178.128.0.31:22, 178.128.0.32:22, 178.128.0.33:22, 178.128.0.34:22, 178.128.0.35:22, 178.128.0.36:22, 178.128.0.37:22, 178.128.0.38:22, 178.128.0.39:22, 178.128.0.3:22, 178.128.0.40:22, 178.128.0.41:22, 178.128.0.42:22, 178.128.0.43:22, 178.128.0.44:22, 178.128.0.45:22, 178.128.0.46:22, 178.128.0.47:22, 178.128.0.48:22, 178.128.0.49:22, 178.128.0.4:22, 178.128.0.50:22, 178.128.0.51:22, 178.128.0.52:22, 178.128.0.53:22, 178.128.0.54:22, 178.128.0.55:22, 178.128.0.56:22, 178.128.0.57:22, 178.128.0.58:22, 178.128.0.59:22, 178.128.0.5:22, 178.128.0.60:22, 178.128.0.61:22, 178.128.0.62:22, 178.128.0.63:22, 178.128.0.64:22, 178.128.0.65:22, 178.128.0.66:22, 178.128.0.67:22, 178.128.0.68:22, 178.128.0.69:22, 178.128.0.6:22, 178.128.0.70:22, 178.128.0.71:22, 178.128.0.72:22, 178.128.0.73:22, 178.128.0.74:22, 178.128.0.75:22, 178.128.0.76:22, 178.128.0.77:22, 178.128.0.78:22, 178.128.0.79:22, 178.128.0.7:22, 178.128.0.80:22, 178.128.0.81:22, 178.128.0.82:22, 178.128.0.83:22, 178.128.0.84:22, 178.128.0.85:22, 178.128.0.86:22, 178.128.0.87:22, 178.128.0.88:22, 178.128.0.89:22, 178.128.0.8:22, 178.128.0.90:22, 178.128.0.91:22, 178.128.0.92:22, 178.128.0.93:22, 178.128.0.94:22, 178.128.0.95:22, 178.128.0.96:22, 178.128.0.97:22, 178.128.0.98:22 and 178.128.0.9:22 |
|
Process /home/mysql/Nasa/pscan2 scanned port 22 on 98 IP Addresses |
Port 22 Scan |
The file /home/mysql/Nasa/nhdd was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|