IP Address: 147.46.114.218Previously Malicious
IP Address: 147.46.114.218Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan SSH Listening 9 Shell Commands SCP Port 80 Scan Port 8080 Scan Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Download File Outgoing Connection |
Associated Attack Servers |
IP Address |
147.46.114.218 |
|
Domain |
- |
|
ISP |
Seoul National University |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-28 |
Last seen in Akamai Guardicore Segmentation |
2022-10-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 3 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 6 times |
Superuser Operation |
Process /dev/shm/apache2 scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 1234 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 28 IP Addresses |
Port 1234 Scan |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 1.220.98.197:1234, 103.90.177.102:1234, 105.171.7.33:80, 105.171.7.33:8080, 113.171.129.63:80, 113.171.129.63:8080, 115.115.224.37:80, 115.115.224.37:8080, 118.41.204.72:1234, 120.236.78.194:1234, 120.31.133.162:1234, 124.115.231.214:1234, 143.243.21.105:80, 143.243.21.105:8080, 145.65.145.70:80, 145.65.145.70:8080, 146.87.132.96:80, 146.87.132.96:8080, 147.182.233.56:1234, 148.98.131.119:80, 148.98.131.119:8080, 149.23.5.252:80, 149.23.5.252:8080, 149.69.196.154:80, 149.69.196.154:8080, 154.6.93.106:80, 154.6.93.106:8080, 154.9.206.208:80, 154.9.206.208:8080, 170.153.28.226:80, 170.153.28.226:8080, 170.35.102.4:80, 170.35.102.4:8080, 173.18.35.41:1234, 18.176.202.169:80, 18.176.202.169:8080, 184.191.85.194:80, 184.191.85.194:8080, 185.210.144.122:1234, 186.57.214.8:80, 186.57.214.8:8080, 19.76.23.53:80, 19.76.23.53:8080, 190.12.120.30:1234, 191.242.182.210:1234, 196.62.5.175:80, 196.62.5.175:8080, 20.141.185.205:1234, 202.61.203.229:1234, 205.230.87.62:80, 205.230.87.62:8080, 206.189.25.255:1234, 208.42.245.50:80, 208.42.245.50:8080, 211.162.184.120:1234, 212.57.36.20:1234, 216.249.94.22:80, 216.249.94.22:8080, 222.165.136.99:1234, 223.171.91.191:1234, 245.253.64.186:80, 245.253.64.186:8080, 28.117.246.134:80, 28.117.246.134:8080, 28.123.225.134:80, 28.123.225.134:8080, 35.204.30.114:80, 35.204.30.114:8080, 45.120.216.114:1234, 46.13.164.29:1234, 5.221.185.198:80, 5.221.185.198:8080, 51.159.19.47:1234, 59.3.186.45:1234, 60.105.182.103:80, 60.105.182.103:8080, 64.227.132.175:1234, 64.88.32.220:80, 64.88.32.220:8080, 65.221.210.71:80, 77.69.58.162:80, 77.69.58.162:8080, 80.147.162.151:1234, 82.169.199.78:80, 82.169.199.78:8080, 82.66.5.84:1234, 85.105.82.39:1234, 90.115.41.13:80 and 90.115.41.13:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8089 and 8188 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /usr/local/apache2/bin/httpd started listening on ports: 80 |
Listening |
The file /tmp/ifconfig was downloaded and granted execution privileges |
|
The file /tmp/apache2 was downloaded and executed 77 times |
Download and Execute |
Process /tmp/apache2 started listening on ports: 1234, 8082 and 8180 |
Listening |
./ifconfig was downloaded |
Download File |
The file /root/ifconfig was downloaded and executed 4 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 39 times |
Download and Execute |
Process /root/ifconfig started listening on ports: 1234, 8080 and 8187 |
Listening |
Connection was closed due to timeout |
|