IP Address: 158.140.160.214Previously Malicious
IP Address: 158.140.160.214Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation Listening SCP 2 Shell Commands Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File Download and Allow Execution |
Associated Attack Servers |
heartcareassoc.com myrepublic.co.id 50.216.208.27 94.133.158.230 101.34.16.17 102.223.37.58 104.226.0.82 119.91.218.244 |
IP Address |
158.140.160.214 |
|
Domain |
- |
|
ISP |
My Republic ID |
|
Country |
Indonesia |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-13 |
Last seen in Akamai Guardicore Segmentation |
2021-12-28 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 126 times |
Download and Execute |
Process /tmp/ifconfig scanned port 22 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 22 on 42 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 2222 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig started listening on ports: 1234 and 8080 |
Listening |
Process /tmp/ifconfig generated outgoing network traffic to: 106.221.137.18:22, 11.94.153.117:22, 113.209.197.40:22, 118.152.47.249:2222, 124.51.221.20:2222, 126.136.34.9:22, 126.95.114.183:22, 130.187.247.13:22, 131.106.203.91:22, 136.205.136.71:22, 137.75.250.148:2222, 138.194.109.6:2222, 138.211.120.117:2222, 139.41.39.51:2222, 14.33.234.125:22, 141.172.107.249:2222, 141.60.79.246:2222, 142.77.143.13:22, 143.145.13.186:22, 143.145.13.186:2222, 147.207.163.183:2222, 152.162.67.88:2222, 157.72.192.122:2222, 159.161.122.83:2222, 163.227.131.253:22, 164.194.17.92:22, 167.1.253.197:2222, 168.164.251.68:22, 168.205.23.52:22, 171.25.103.37:22, 173.22.243.249:22, 174.101.23.124:22, 174.148.79.219:22, 181.104.188.104:2222, 185.26.240.9:2222, 187.64.208.7:2222, 191.107.209.125:22, 193.129.109.168:2222, 194.75.102.108:2222, 198.189.116.46:2222, 199.72.240.129:2222, 2.5.49.192:2222, 20.225.227.154:22, 207.69.61.59:22, 221.200.171.213:22, 24.28.231.184:22, 240.211.223.177:22, 242.221.77.108:22, 242.96.247.97:22, 244.52.102.111:22, 246.194.19.158:2222, 250.126.136.236:22, 250.99.146.128:2222, 253.152.142.103:22, 26.234.179.126:2222, 28.197.247.185:22, 28.41.54.167:22, 28.64.86.106:2222, 3.23.209.86:2222, 33.84.155.66:22, 36.100.163.149:22, 38.198.130.203:2222, 38.226.185.99:22, 4.172.135.48:2222, 41.132.32.9:22, 41.61.1.139:22, 42.224.175.54:2222, 42.242.49.75:22, 49.21.57.102:22, 51.102.215.199:2222, 55.103.246.145:22, 57.141.203.153:2222, 57.203.178.240:2222, 60.186.22.185:2222, 65.184.105.237:22, 65.188.123.141:22, 69.163.199.4:2222, 7.127.111.170:22, 71.131.149.147:22, 73.12.232.142:22, 74.128.144.174:2222, 78.150.193.42:2222, 79.164.164.24:2222, 80.166.43.7:2222, 84.147.124.49:22, 86.216.1.80:22, 93.182.62.243:2222, 98.84.182.220:2222 and 99.194.149.97:2222 |
|
Process /tmp/ifconfig scanned port 2222 on 42 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|