IP Address: 102.223.37.58Previously Malicious
IP Address: 102.223.37.58Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation Listening 7 Shell Commands SCP Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File |
Associated Attack Servers |
heartcareassoc.com myrepublic.co.id 50.216.208.27 94.133.158.230 101.34.16.17 104.226.0.82 119.91.218.244 158.140.160.214 |
IP Address |
102.223.37.58 |
|
Domain |
- |
|
ISP |
- |
|
Country |
- |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-10-08 |
Last seen in Akamai Guardicore Segmentation |
2021-12-20 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 6 times |
Superuser Operation |
Process /root/apache2 scanned port 22 on 41 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/apache2 scanned port 22 on 36 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/apache2 scanned port 2222 on 41 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 22 on 41 IP Addresses |
Port 22 Scan |
Process /dev/shm/ifconfig started listening on ports: 1234 and 8089 |
Listening |
The file /root/ifconfig was downloaded and executed 3 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 122 times |
Download and Execute |
Process /root/apache2 started listening on ports: 1234 and 8085 |
Listening |
The file /tmp/apache2 was downloaded and granted execution privileges |
|
The file /tmp/ifconfig was downloaded and executed 2 times |
Download and Execute |
Process /root/apache2 generated outgoing network traffic to: 1.171.126.118:22, 104.4.71.249:2222, 104.50.105.253:2222, 107.51.103.186:2222, 108.243.85.240:2222, 11.207.171.123:22, 110.108.224.203:2222, 112.55.4.213:2222, 117.172.4.247:2222, 123.116.20.102:2222, 124.129.131.181:22, 128.179.103.183:2222, 128.29.148.52:22, 129.106.253.187:22, 129.133.82.109:2222, 130.184.234.145:2222, 131.4.238.107:22, 139.134.247.188:22, 140.227.122.76:2222, 142.134.37.28:2222, 143.199.248.16:2222, 145.87.234.25:22, 146.33.105.56:22, 159.129.225.33:22, 159.20.75.60:22, 160.34.59.143:22, 162.175.7.161:22, 166.170.208.50:22, 166.70.84.241:2222, 167.39.114.164:22, 172.243.81.177:22, 172.99.143.19:2222, 178.188.159.67:22, 180.84.224.11:22, 181.10.132.45:22, 189.223.125.212:2222, 190.233.38.148:2222, 195.231.231.1:2222, 195.61.108.232:2222, 197.110.146.41:22, 201.13.64.123:22, 206.57.76.158:2222, 210.22.4.243:22, 210.54.141.18:22, 222.242.113.179:22, 240.126.26.119:2222, 243.81.184.178:22, 244.97.2.178:2222, 247.248.18.226:22, 248.213.63.27:2222, 27.44.206.26:22, 31.112.113.88:22, 33.71.43.249:22, 38.219.47.71:22, 44.110.156.195:22, 44.89.154.32:22, 46.165.132.150:22, 50.115.250.215:2222, 51.54.13.154:22, 54.251.105.156:22, 56.60.134.13:22, 59.26.53.68:2222, 63.22.95.66:2222, 69.44.114.68:22, 7.47.80.36:2222, 71.138.143.145:22, 71.16.6.163:22, 76.240.167.51:2222, 77.245.82.138:2222, 79.171.174.209:2222, 79.194.117.241:2222, 81.199.44.76:2222, 85.18.95.7:22, 87.14.43.68:2222, 89.89.248.218:2222 and 99.243.174.185:2222 |
|
Process /root/apache2 scanned port 2222 on 36 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|