IP Address: 141.147.52.70Previously Malicious
IP Address: 141.147.52.70Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
141.147.52.70 |
|
Domain |
- |
|
ISP |
Oracle Svenska AB |
|
Country |
Sweden |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-13 |
Last seen in Akamai Guardicore Segmentation |
2022-04-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 33 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig generated outgoing network traffic to: 101.212.28.160:22, 101.42.90.177:1234, 104.21.25.86:443, 104.248.36.230:1234, 109.15.184.151:22, 109.58.248.108:22, 11.200.224.220:22, 111.204.136.234:80, 111.204.136.234:8080, 111.26.161.204:1234, 126.241.48.84:2222, 138.144.46.208:80, 138.144.46.208:8080, 14.228.50.58:80, 14.228.50.58:8080, 140.23.149.114:80, 140.23.149.114:8080, 141.140.16.77:80, 141.140.16.77:8080, 141.147.52.70:1234, 142.248.207.232:80, 142.248.207.232:8080, 143.5.139.100:80, 143.5.139.100:8080, 147.142.63.1:80, 147.142.63.1:8080, 150.38.137.85:2222, 157.174.215.217:80, 157.174.215.217:8080, 161.236.93.103:22, 164.235.133.3:80, 164.235.133.3:8080, 165.195.218.99:80, 165.195.218.99:8080, 172.67.133.228:443, 179.145.41.88:80, 179.145.41.88:8080, 18.195.237.53:80, 18.195.237.53:8080, 185.41.17.97:22, 186.11.158.183:2222, 186.51.27.16:80, 186.51.27.16:8080, 187.164.140.10:80, 187.164.140.10:8080, 187.239.242.143:2222, 19.229.46.12:80, 19.229.46.12:8080, 191.54.109.145:80, 191.54.109.145:8080, 192.8.138.205:22, 198.53.145.55:80, 198.53.145.55:8080, 207.250.51.110:80, 207.250.51.110:8080, 210.44.39.178:80, 210.44.39.178:8080, 22.17.20.194:80, 22.17.20.194:8080, 221.215.9.151:22, 221.219.79.53:1234, 222.178.26.234:80, 222.178.26.234:8080, 24.134.173.129:80, 24.134.173.129:8080, 247.190.141.94:22, 249.87.93.51:22, 28.142.169.136:80, 28.142.169.136:8080, 32.16.228.244:80, 32.16.228.244:8080, 47.41.4.3:80, 47.41.4.3:8080, 49.233.176.20:1234, 51.75.146.174:443, 64.227.132.175:1234, 70.250.11.149:80, 70.250.11.149:8080, 72.236.52.184:80, 72.236.52.184:8080, 77.54.95.147:80, 77.54.95.147:8080, 79.79.204.171:2222, 9.90.30.1:80, 9.90.30.1:8080, 96.175.117.156:80, 96.175.117.156:8080, 98.164.188.245:80 and 98.164.188.245:8080 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8088 and 8185 |
Listening |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig attempted to access suspicious domains: bbtec.net, entelpcs.cl, kanto-gakuin.ac.jp and uninet.net.mx |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to user inactivity |
|