IP Address: 106.52.252.228Malicious
IP Address: 106.52.252.228Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
106.52.252.228 |
|
Domain |
- |
|
ISP |
KNET Techonlogy (BeiJing) Co.,Ltd. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
Last seen in Akamai Guardicore Segmentation |
2023-05-24 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
The file /tmp/ifconfig was downloaded and granted execution privileges |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 28 times |
Download and Execute |
Process /root/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 100.47.27.130:2222, 101.42.237.46:1234, 103.16.70.245:1234, 103.180.59.77:2222, 106.52.252.228:1234, 11.239.66.200:80, 11.239.66.200:8080, 111.7.82.200:1234, 112.137.131.107:22, 123.104.18.176:80, 123.104.18.176:8080, 125.43.192.134:2222, 125.9.158.21:80, 125.9.158.21:8080, 128.182.245.252:80, 128.182.245.252:8080, 135.228.39.81:80, 135.228.39.81:8080, 140.178.71.113:80, 140.178.71.113:8080, 15.110.48.214:80, 15.110.48.214:8080, 156.87.38.253:80, 156.87.38.253:8080, 157.225.7.15:2222, 158.206.172.143:80, 158.206.172.143:8080, 159.194.120.128:80, 159.194.120.128:8080, 159.75.135.54:1234, 163.141.176.212:22, 17.146.151.215:80, 17.146.151.215:8080, 170.223.2.100:80, 170.223.2.100:8080, 171.59.20.237:80, 171.59.20.237:8080, 173.154.143.215:80, 173.154.143.215:8080, 179.21.42.160:80, 179.21.42.160:8080, 183.14.234.54:80, 183.14.234.54:8080, 185.183.188.253:2222, 189.229.229.36:2222, 190.52.96.140:22, 194.53.108.16:1234, 2.69.72.48:80, 2.69.72.48:8080, 209.208.116.253:80, 209.208.116.253:8080, 216.42.6.55:80, 216.42.6.55:8080, 23.220.211.139:2222, 240.186.231.253:22, 247.81.166.99:80, 247.81.166.99:8080, 249.177.213.54:2222, 31.213.75.54:2222, 36.67.103.173:80, 36.67.103.173:8080, 37.150.251.184:80, 37.150.251.184:8080, 43.219.224.136:22, 45.90.46.182:2222, 47.47.18.24:2222, 52.26.56.72:80, 52.26.56.72:8080, 7.89.46.60:80, 7.89.46.60:8080, 77.137.98.138:2222, 77.206.219.107:80, 77.206.219.107:8080, 78.189.25.224:1234, 78.93.53.13:80, 78.93.53.13:8080, 84.170.143.55:80, 84.170.143.55:8080, 84.220.152.134:80, 84.220.152.134:8080, 84.241.235.224:80, 84.241.235.224:8080, 85.15.116.73:80, 85.15.116.73:8080, 85.222.237.157:80, 85.222.237.157:8080, 92.80.149.67:80 and 92.80.149.67:8080 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8081 and 8186 |
Listening |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 8080 Scan Port 2222 Scan Port 80 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 8080 Scan Port 2222 Scan Port 80 Scan |
Process /root/ifconfig scanned port 2222 on 32 IP Addresses |
Port 8080 Scan Port 2222 Scan Port 80 Scan |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 8080 Scan Port 2222 Scan Port 80 Scan |
Process /root/ifconfig scanned port 80 on 12 IP Addresses |
Port 8080 Scan Port 2222 Scan Port 80 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 8080 Scan Port 2222 Scan Port 80 Scan |
Process /root/ifconfig scanned port 2222 on 32 IP Addresses |
Port 8080 Scan Port 2222 Scan Port 80 Scan |
Process /root/ifconfig scanned port 8080 on 12 IP Addresses |
Port 8080 Scan Port 2222 Scan Port 80 Scan |
Process /root/ifconfig scanned port 2222 on 12 IP Addresses |
Port 8080 Scan Port 2222 Scan Port 80 Scan |
Connection was closed due to timeout |
|
/var/tmp/php-fpm |
SHA256: 10aaadaf66ae0b4f687aa7239e1b0b6959973c5d0c973a7a34db0ac78f070078 |
2875664 bytes |