IP Address: 92.128.99.140Previously Malicious
IP Address: 92.128.99.140Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SCP SSH |
|
Tags |
Port 1234 Scan System File Modification Port 80 Scan 5 Shell Commands Successful SSH Login SSH Download and Execute Listening Outgoing Connection Port 8080 Scan Superuser Operation |
|
Associated Attack Servers |
3.110.236.209 13.87.67.199 21.163.132.187 23.221.27.159 28.38.237.112 33.50.131.14 45.11.19.163 47.113.190.219 59.91.239.38 61.102.42.5 62.182.236.139 67.59.155.167 75.210.29.247 93.215.68.100 94.153.165.43 101.42.237.46 133.54.87.118 145.234.31.35 152.136.216.29 159.89.155.149 172.25.120.8 173.82.48.50 192.144.229.35 218.146.15.97 |
|
IP Address |
92.128.99.140 |
|
|
Domain |
- |
|
|
ISP |
Orange |
|
|
Country |
France |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-03-28 |
|
Last seen in Akamai Guardicore Segmentation |
2022-05-15 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
System file /etc/ifconfig was modified 16 times |
System File Modification |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
System file /etc/apache2 was modified 4 times |
System File Modification |
|
The file /etc/apache2 was downloaded and executed 115 times |
Download and Execute |
|
Process /etc/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /etc/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /etc/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /etc/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /etc/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
|
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
|
Process /etc/ifconfig generated outgoing network traffic to: 104.21.25.86:443, 117.16.44.111:1234, 117.80.212.33:1234, 118.218.209.149:1234, 120.31.133.162:1234, 123.13.119.154:80, 123.13.119.154:8080, 126.229.191.64:80, 126.229.191.64:8080, 132.90.12.175:80, 132.90.12.175:8080, 139.209.222.134:1234, 140.165.163.16:80, 140.165.163.16:8080, 140.91.158.174:80, 140.91.158.174:8080, 147.182.233.56:1234, 152.101.145.50:80, 152.101.145.50:8080, 153.243.192.190:80, 161.35.79.199:1234, 164.12.113.199:80, 164.12.113.199:8080, 169.208.39.154:80, 169.208.39.154:8080, 172.203.230.17:80, 172.203.230.17:8080, 172.67.133.228:443, 182.106.140.111:80, 182.106.140.111:8080, 182.59.121.173:80, 182.59.121.173:8080, 187.165.134.193:80, 187.165.134.193:8080, 20.141.185.205:1234, 206.189.25.255:1234, 209.216.177.158:1234, 210.99.20.194:1234, 212.156.111.49:80, 212.156.111.49:8080, 222.103.98.58:1234, 223.171.91.127:1234, 223.171.91.191:1234, 223.205.118.138:80, 223.205.118.138:8080, 223.99.166.104:1234, 250.17.129.176:80, 250.17.129.176:8080, 253.218.62.29:80, 253.218.62.29:8080, 31.19.237.170:1234, 31.219.80.236:80, 31.219.80.236:8080, 36.216.227.228:80, 36.216.227.228:8080, 40.182.113.207:80, 40.182.113.207:8080, 43.242.247.139:1234, 49.123.175.98:80, 49.123.175.98:8080, 49.233.159.222:1234, 51.75.146.174:443, 57.89.98.88:80, 57.89.98.88:8080, 58.229.125.66:1234, 58.81.77.148:80, 58.81.77.148:8080, 61.77.105.219:1234, 62.12.106.5:1234, 63.192.44.45:80, 63.192.44.45:8080, 70.248.24.136:80, 70.248.24.136:8080, 79.220.71.74:80, 79.220.71.74:8080, 82.205.223.207:80, 82.205.223.207:8080, 84.204.148.99:1234, 87.197.57.181:80, 87.197.57.181:8080, 88.103.223.211:80, 89.212.123.191:1234, 90.173.162.190:80, 90.173.162.190:8080, 93.137.235.55:80, 93.137.235.55:8080, 93.191.45.212:80, 93.191.45.212:8080 and 95.154.21.210:1234 |
Outgoing Connection |
|
Process /etc/ifconfig started listening on ports: 1234, 8084 and 8185 |
Listening |
|
Process /etc/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /etc/ifconfig scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /etc/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /etc/ifconfig scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Connection was closed due to user inactivity |
|
© 2023 Akamai Technologies