IP Address: 89.212.123.191Malicious
IP Address: 89.212.123.191Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SCP |
|
Tags |
Superuser Operation SCP Download and Execute Successful SSH Login SSH Download File Download and Allow Execution |
|
Associated Attack Servers |
dns.google iia.cl t-2.net xmrpool.eu 1.1.1.1 8.8.4.4 8.8.8.8 20.141.185.205 51.75.146.174 52.170.42.103 101.43.173.48 103.111.211.61 103.152.37.54 172.64.162.15 190.14.48.123 |
|
IP Address |
89.212.123.191 |
|
|
Domain |
- |
|
|
ISP |
T-2 Access Network |
|
|
Country |
Slovenia |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-03-06 |
|
Last seen in Akamai Guardicore Segmentation |
2023-05-24 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
./ifconfig was downloaded |
Download File |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 182 times |
Download and Execute |
|
Process /root/ifconfig scanned port 22 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 2222 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 22 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig started listening on ports: 1234 and 8080 |
Listening |
|
Process /root/ifconfig generated outgoing network traffic to: 107.105.107.140:2222, 111.43.203.171:2222, 112.220.50.192:2222, 112.251.57.102:22, 112.92.164.125:2222, 116.149.105.82:22, 116.238.140.246:22, 119.211.183.44:2222, 12.126.41.168:2222, 120.15.161.203:2222, 120.15.239.80:22, 121.206.122.14:2222, 121.99.179.45:22, 13.198.130.93:2222, 131.215.225.14:2222, 132.150.44.87:2222, 133.15.171.19:2222, 134.84.211.130:2222, 136.125.130.93:2222, 14.136.75.169:2222, 141.77.49.130:2222, 144.191.150.38:2222, 146.96.217.242:22, 147.107.235.208:22, 15.20.78.114:22, 155.68.226.213:2222, 156.191.240.154:2222, 156.69.46.124:22, 160.117.150.119:22, 163.11.3.209:2222, 163.185.191.15:22, 165.122.169.237:2222, 166.221.3.17:22, 171.51.157.80:22, 172.54.252.33:22, 176.62.218.94:2222, 180.108.27.105:22, 180.42.197.62:2222, 181.62.36.37:2222, 183.152.137.229:2222, 184.182.40.217:2222, 185.197.158.79:2222, 191.22.94.249:22, 192.70.111.121:22, 196.92.127.8:2222, 197.91.193.49:2222, 199.58.152.70:2222, 2.89.197.178:22, 207.197.142.103:22, 208.42.211.187:2222, 208.65.231.108:22, 214.244.220.169:22, 221.132.131.80:22, 221.132.131.80:2222, 222.146.11.207:2222, 23.14.2.85:22, 240.248.228.203:22, 242.65.96.210:2222, 242.98.171.222:22, 243.57.230.247:2222, 245.103.214.148:2222, 247.65.237.250:22, 252.13.240.165:22, 252.37.3.141:22, 29.172.206.71:22, 35.139.78.113:2222, 35.36.191.64:2222, 41.214.122.65:2222, 46.120.61.164:22, 46.211.51.94:2222, 50.12.29.162:22, 54.225.2.48:2222, 55.248.232.33:22, 59.139.181.173:22, 60.253.177.173:22, 62.137.214.15:22, 62.142.207.225:22, 62.142.207.225:2222, 66.23.115.241:22, 66.32.153.134:22, 68.189.224.7:22, 69.229.141.169:2222, 73.62.81.13:22, 76.249.149.132:22, 92.200.104.242:22, 93.246.197.51:22, 94.81.246.33:22, 96.73.243.111:22 and 97.88.58.27:2222 |
|
|
Process /root/ifconfig scanned port 2222 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies