IP Address: 92.205.21.38Previously Malicious
IP Address: 92.205.21.38Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan Port 80 Scan 8 Shell Commands Successful SSH Login SSH Download and Execute Download and Allow Execution Listening Outgoing Connection Port 8080 Scan Superuser Operation |
Associated Attack Servers |
Dal.Ca fetnet.net rdsnet.ro unitelecom.com.br 5.13.90.135 23.104.16.195 34.128.214.155 39.163.166.147 44.183.208.34 46.179.9.186 46.231.50.103 61.219.11.153 113.21.206.219 118.231.211.68 131.86.242.114 134.190.222.151 138.26.73.222 141.102.57.246 147.239.121.105 169.142.243.25 177.221.29.188 178.37.26.84 180.72.161.55 182.111.172.231 188.218.50.39 212.20.135.155 242.93.218.87 |
IP Address |
92.205.21.38 |
|
Domain |
- |
|
ISP |
Host Europe GmbH |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-01-03 |
Last seen in Akamai Guardicore Segmentation |
2022-06-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 4 times |
Superuser Operation |
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /var/tmp/apache2 was downloaded and executed 5 times |
Download and Execute |
Process /var/tmp/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan |
Process /tmp/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 1234 on 18 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 30 IP Addresses 2 times |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 30 IP Addresses |
Port 1234 Scan |
Process /var/tmp/ifconfig generated outgoing network traffic to: 101.42.223.157:1234, 104.21.25.86:443, 117.54.14.169:1234, 124.222.218.129:1234, 20.141.185.205:1234 and 82.157.139.183:1234 |
Outgoing Connection |
Process /var/tmp/ifconfig started listening on ports: 1234, 8084 and 8182 |
Listening |
The file /tmp/ifconfig was downloaded and executed |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 121 times |
Download and Execute |
Process /tmp/ifconfig generated outgoing network traffic to: 101.42.225.97:1234, 101.43.173.48:1234, 103.16.70.245:1234, 104.21.25.86:443, 106.57.128.235:80, 111.26.161.204:1234, 115.188.68.202:80, 115.188.68.202:8080, 115.196.130.154:1234, 119.146.31.88:80, 119.146.31.88:8080, 119.91.93.231:80, 119.91.93.231:8080, 120.136.134.153:1234, 120.224.34.31:1234, 120.70.231.14:80, 122.14.222.124:1234, 122.4.32.179:80, 123.205.135.209:80, 123.205.135.209:8080, 128.50.242.194:80, 128.99.95.178:80, 128.99.95.178:8080, 134.46.220.213:80, 142.250.191.132:443, 143.244.138.59:1234, 144.217.5.204:1234, 144.50.165.20:80, 147.182.233.56:1234, 152.136.255.57:1234, 159.65.242.113:1234, 159.89.155.149:1234, 161.209.33.127:80, 161.209.33.127:8080, 172.67.133.228:443, 192.144.229.35:1234, 192.25.159.210:80, 192.25.159.210:8080, 197.222.93.57:80, 206.189.25.255:1234, 211.161.90.158:1234, 221.1.45.54:80, 221.1.45.54:8080, 223.209.30.56:80, 223.99.166.104:1234, 24.212.193.39:80, 24.212.193.39:8080, 247.168.186.13:80, 33.112.105.100:80, 33.112.105.100:8080, 44.4.156.131:80, 44.4.156.131:8080, 46.226.72.242:80, 46.226.72.242:8080, 47.246.233.200:80, 52.131.32.110:1234, 55.55.194.246:80, 57.14.3.194:80, 57.14.3.194:8080, 57.155.141.159:80, 57.155.141.159:8080, 6.123.174.80:80, 6.123.174.80:8080, 61.146.58.103:80, 61.146.58.103:8080, 74.253.84.171:80, 77.81.181.231:1234, 78.197.17.72:80, 8.110.221.77:80, 8.110.221.77:8080, 81.68.115.169:1234, 82.156.179.219:1234, 89.138.72.37:80, 89.138.72.37:8080, 92.246.89.8:1234 and 92.80.13.85:80 |
Outgoing Connection |
Process /tmp/ifconfig started listening on ports: 1234, 8083 and 8188 |
Listening |
Process /tmp/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 80 on 18 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 18 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to user inactivity |
|