IP Address: 1.220.98.197Previously Malicious
IP Address: 1.220.98.197Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 1234 Scan SSH Listening 5 Shell Commands Port 80 Scan Port 8080 Scan Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Outgoing Connection |
Associated Attack Servers |
IP Address |
1.220.98.197 |
|
Domain |
- |
|
ISP |
LG DACOM Corporation |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-31 |
Last seen in Akamai Guardicore Segmentation |
2022-10-31 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /var/tmp/apache2 was downloaded and executed 97 times |
Download and Execute |
Process /var/tmp/apache2 scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses 2 times |
Port 1234 Scan |
Process /var/tmp/apache2 generated outgoing network traffic to: 103.105.12.48:1234, 11.186.40.130:80, 11.186.40.130:8080, 115.238.50.243:80, 115.238.50.243:8080, 118.41.204.72:1234, 121.229.135.118:80, 121.229.135.118:8080, 128.108.172.56:80, 128.108.172.56:8080, 134.129.8.10:80, 137.208.251.216:80, 137.208.251.216:8080, 139.209.222.134:1234, 14.251.185.191:80, 14.251.185.191:8080, 144.168.121.247:80, 144.168.121.247:8080, 145.246.49.196:80, 147.182.233.56:1234, 161.70.98.32:1234, 171.171.48.134:80, 171.171.48.134:8080, 172.64.130.4:443, 172.64.131.4:443, 173.18.35.41:1234, 176.186.218.81:80, 176.186.218.81:8080, 183.145.224.72:80, 183.145.224.72:8080, 183.213.26.13:1234, 184.83.112.246:1234, 186.186.7.210:80, 186.186.7.210:8080, 190.60.239.44:1234, 191.242.182.210:1234, 194.45.59.141:80, 194.45.59.141:8080, 197.12.24.212:80, 197.12.24.212:8080, 197.206.46.143:80, 197.206.46.143:8080, 197.47.210.69:80, 197.47.210.69:8080, 198.44.19.42:80, 198.44.19.42:8080, 199.113.190.95:80, 199.113.190.95:8080, 202.61.203.229:1234, 206.189.25.255:1234, 211.162.184.120:1234, 212.41.195.155:80, 212.41.195.155:8080, 212.57.36.20:1234, 218.146.15.97:1234, 220.219.51.21:80, 220.219.51.21:8080, 222.121.63.87:1234, 222.134.240.91:1234, 223.171.91.149:1234, 247.210.81.181:80, 247.210.81.181:8080, 247.242.82.169:80, 247.242.82.169:8080, 4.187.218.105:80, 4.187.218.105:8080, 45.142.229.76:80, 45.142.229.76:8080, 46.13.164.29:1234, 49.233.159.222:1234, 51.159.19.47:1234, 51.75.146.174:443, 54.215.49.128:80, 54.215.49.128:8080, 58.233.14.44:80, 58.233.14.44:8080, 59.3.186.45:1234, 61.223.113.127:80, 61.223.113.127:8080, 61.84.162.66:1234, 7.24.61.12:80, 7.24.61.12:8080, 8.185.154.125:80, 8.185.154.125:8080, 82.149.112.170:1234, 85.182.247.123:80, 85.182.247.123:8080, 97.49.212.223:80 and 97.49.212.223:8080 |
Outgoing Connection |
Process /var/tmp/apache2 started listening on ports: 1234, 8082 and 8180 |
Listening |
Process /var/tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /usr/local/apache2/bin/httpd started listening on ports: 80 |
Listening |
Connection was closed due to user inactivity |
|