IP Address: 193.123.244.240Previously Malicious
IP Address: 193.123.244.240Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Superuser Operation Listening SCP 2 Shell Commands Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File Download and Allow Execution |
Associated Attack Servers |
IP Address |
193.123.244.240 |
|
Domain |
- |
|
ISP |
Oracle Corporation |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-17 |
Last seen in Akamai Guardicore Segmentation |
2022-01-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 123 times |
Download and Execute |
Process /tmp/ifconfig scanned port 22 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 22 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 2222 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig started listening on ports: 1234 and 8082 |
Listening |
Process /tmp/ifconfig generated outgoing network traffic to: 1.66.137.120:22, 106.233.229.73:2222, 106.233.231.12:2222, 107.68.74.121:22, 113.18.114.27:22, 114.170.115.29:2222, 114.18.91.41:2222, 115.179.253.12:2222, 130.59.182.29:22, 136.28.247.5:22, 142.111.132.118:2222, 144.114.113.129:22, 145.249.116.200:2222, 146.125.21.32:22, 146.159.110.6:2222, 148.50.225.57:22, 148.88.235.10:2222, 15.169.176.175:2222, 15.35.240.64:22, 15.35.240.64:2222, 154.146.111.47:2222, 156.100.148.27:2222, 162.59.84.240:2222, 162.70.251.2:22, 166.19.185.11:22, 166.208.47.172:22, 166.41.93.117:22, 179.5.222.32:22, 179.73.240.135:2222, 184.33.31.159:2222, 188.8.214.147:22, 192.42.184.9:2222, 193.81.119.125:22, 199.99.120.135:2222, 20.78.65.154:22, 200.206.157.248:2222, 201.112.7.128:22, 203.222.180.239:22, 203.89.147.227:22, 21.236.83.66:22, 218.70.66.141:2222, 220.45.97.197:2222, 240.235.55.180:2222, 25.55.35.37:2222, 25.92.161.131:2222, 250.207.172.119:2222, 27.59.176.137:22, 29.179.66.113:22, 30.59.6.231:2222, 30.61.42.199:2222, 32.31.1.73:2222, 33.59.212.52:22, 33.77.96.122:22, 35.35.102.183:2222, 36.16.61.40:2222, 44.146.123.228:22, 44.249.50.62:22, 48.115.92.64:22, 5.228.208.106:22, 50.145.24.203:2222, 50.163.163.66:22, 51.240.218.57:22, 51.88.217.249:22, 51.88.217.249:2222, 52.109.211.195:2222, 52.138.57.134:22, 55.11.187.90:22, 59.238.22.179:22, 59.51.102.144:2222, 6.151.175.90:22, 6.53.176.4:2222, 61.64.26.45:22, 61.64.26.45:2222, 62.75.113.163:2222, 64.219.47.54:2222, 7.220.56.242:22, 71.6.222.206:22, 72.15.171.173:2222, 75.53.215.19:22, 77.3.147.206:2222, 79.106.137.22:2222, 80.137.49.144:22, 83.53.237.145:2222, 84.193.128.169:2222, 84.79.149.13:22, 88.147.30.166:2222, 89.74.155.199:2222, 93.83.125.240:22 and 97.165.56.110:2222 |
|
Process /tmp/ifconfig scanned port 2222 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|