IP Address: 103.152.48.32Previously Malicious
IP Address: 103.152.48.32Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation Listening 6 Shell Commands Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download and Allow Execution |
Associated Attack Servers |
50.216.208.27 50.237.89.162 103.141.246.254 119.29.141.189 202.186.42.73 |
IP Address |
103.152.48.32 |
|
Domain |
- |
|
ISP |
- |
|
Country |
- |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-13 |
Last seen in Akamai Guardicore Segmentation |
2021-12-17 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 123 times |
Download and Execute |
Process /root/apache2 scanned port 22 on 58 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/apache2 scanned port 2222 on 58 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/apache2 started listening on ports: 1234 and 8083 |
Listening |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
Process /root/apache2 generated outgoing network traffic to: 102.95.72.122:2222, 104.130.71.218:22, 105.22.111.187:22, 105.42.83.86:2222, 111.62.167.125:22, 112.18.55.194:22, 113.158.51.247:2222, 114.157.61.68:22, 118.19.143.32:22, 119.68.69.61:22, 119.8.26.118:2222, 12.120.50.53:22, 120.243.84.80:22, 120.98.66.13:2222, 122.157.142.76:22, 122.210.250.239:2222, 123.216.115.65:22, 125.41.136.214:22, 128.35.160.71:2222, 13.241.149.232:2222, 135.50.73.37:22, 141.191.214.47:22, 146.226.51.86:22, 147.77.20.144:22, 148.215.101.56:22, 148.215.101.56:2222, 150.151.173.238:22, 151.68.186.228:22, 153.205.25.105:22, 158.224.82.24:2222, 158.29.22.162:2222, 159.213.74.192:2222, 164.129.151.73:2222, 169.55.31.160:2222, 174.106.16.79:22, 174.84.45.153:22, 177.110.153.189:22, 180.207.1.108:2222, 180.233.26.198:22, 181.107.110.63:22, 184.58.45.84:22, 187.219.141.119:2222, 188.243.39.78:2222, 19.227.155.187:2222, 191.25.43.159:22, 192.183.53.110:22, 192.85.78.1:2222, 195.192.203.194:22, 21.40.179.61:22, 214.138.211.41:22, 214.187.117.189:22, 219.147.183.50:22, 219.40.111.122:22, 22.101.149.94:22, 22.46.250.27:2222, 248.127.200.173:2222, 25.5.171.139:22, 251.57.203.93:22, 253.177.108.11:22, 27.107.44.252:22, 28.222.204.218:22, 29.53.31.203:22, 29.67.171.163:2222, 36.78.83.235:2222, 39.240.6.242:22, 40.237.182.180:2222, 42.190.119.153:2222, 43.246.162.17:22, 46.123.37.198:22, 46.128.80.37:2222, 5.248.137.151:22, 51.145.70.61:22, 51.237.203.253:2222, 54.21.223.60:2222, 55.2.88.2:22, 59.201.253.207:22, 6.190.72.158:2222, 71.111.3.207:2222, 74.191.198.152:22, 79.124.183.39:22, 79.91.71.58:22, 82.165.176.38:2222, 82.29.204.49:2222, 82.54.32.167:22, 85.118.214.150:22, 88.243.8.247:22, 88.51.219.81:22, 91.234.20.195:22 and 93.194.164.250:22 |
|
Process /root/apache2 scanned port 2222 on 32 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /root/php-fpm was downloaded and granted execution privileges |
|
The file /root/php-fpm was downloaded and executed 6 times |
Download and Execute |
Connection was closed due to timeout |
|