IP Address: 103.145.148.138Previously Malicious
IP Address: 103.145.148.138Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation SCP Download and Execute Successful SSH Login SSH Download File Download and Allow Execution |
Associated Attack Servers |
1.117.204.70 5.61.57.196 82.157.55.240 104.226.0.80 117.80.212.33 117.146.172.106 120.194.157.165 183.252.37.216 |
IP Address |
103.145.148.138 |
|
Domain |
- |
|
ISP |
- |
|
Country |
- |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-13 |
Last seen in Akamai Guardicore Segmentation |
2022-02-01 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 4 times |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 144 times |
Download and Execute |
Process /tmp/apache2 scanned port 22 on 49 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 22 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 2222 on 49 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 started listening on ports: 1234 and 8088 |
Listening |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
Process /tmp/apache2 generated outgoing network traffic to: 102.231.121.115:2222, 103.214.79.30:22, 105.129.33.94:2222, 106.15.135.99:22, 11.212.191.145:2222, 110.193.14.1:2222, 117.169.232.241:2222, 121.238.114.72:22, 128.237.148.79:2222, 129.217.6.116:22, 130.154.14.73:22, 131.95.146.100:2222, 132.65.241.40:22, 135.14.99.211:22, 135.202.113.170:22, 137.222.181.193:22, 138.84.122.233:2222, 14.217.45.163:22, 143.35.130.231:22, 143.35.130.231:2222, 151.67.88.131:22, 152.152.164.146:22, 152.79.16.17:2222, 153.13.153.26:22, 157.220.248.83:22, 158.249.96.145:22, 16.84.229.201:2222, 161.147.233.215:22, 162.171.60.73:2222, 170.248.197.6:2222, 173.17.41.126:2222, 178.221.48.206:2222, 179.161.96.105:2222, 18.109.193.30:22, 180.234.201.157:22, 182.2.247.133:22, 188.50.181.25:2222, 189.149.39.65:2222, 19.164.11.9:22, 19.249.30.204:2222, 19.9.144.18:22, 192.42.101.224:22, 197.123.16.22:22, 198.117.216.103:22, 20.105.165.228:22, 202.241.240.20:2222, 206.212.140.124:22, 210.57.196.200:22, 211.3.37.56:22, 212.252.235.88:2222, 213.80.121.216:2222, 214.2.144.214:2222, 214.50.52.208:22, 217.238.241.176:2222, 22.205.129.235:22, 24.163.131.208:22, 242.124.62.85:22, 244.144.157.169:22, 244.16.197.25:2222, 251.53.30.120:2222, 29.249.11.131:22, 39.189.23.178:22, 42.39.80.185:2222, 45.7.165.87:22, 48.132.253.170:22, 49.241.29.98:2222, 5.106.204.224:22, 5.187.131.58:2222, 53.170.203.159:22, 54.147.133.220:22, 57.142.197.130:22, 58.162.43.57:22, 59.179.108.10:22, 60.29.150.49:22, 66.52.86.233:2222, 67.115.85.156:2222, 67.139.41.101:22, 67.139.41.101:2222, 70.90.13.215:22, 81.115.58.168:2222, 81.194.170.80:2222, 85.251.20.58:2222, 87.33.121.29:22, 90.110.82.118:2222, 95.190.94.77:2222 and 95.25.215.138:2222 |
|
Process /tmp/apache2 scanned port 2222 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and granted execution privileges 2 times |
|
The file /tmp/php-fpm was downloaded and executed 6 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 26 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 5 times |
Download and Execute |
Connection was closed due to timeout |
|