IP Address: 199.195.248.37Previously Malicious
IP Address: 199.195.248.37Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Successful SSH Login Port 8080 Scan SSH Download and Allow Execution Download and Execute Superuser Operation Port 80 Scan Outgoing Connection Port 1234 Scan |
Associated Attack Servers |
IP Address |
199.195.248.37 |
|
Domain |
- |
|
ISP |
FranTech Solutions |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-09-02 |
Last seen in Akamai Guardicore Segmentation |
2022-07-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
System file /etc/apache2 was modified 4 times |
System File Modification |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /etc/apache2 scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 28 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 28 IP Addresses |
Port 1234 Scan |
Process /etc/apache2 generated outgoing network traffic to: 103.105.12.48:1234, 104.21.25.86:443, 111.179.152.21:80, 111.179.152.21:8080, 117.16.44.111:1234, 121.227.102.37:80, 121.227.102.37:8080, 122.216.32.20:80, 122.216.32.20:8080, 123.61.158.107:80, 123.61.158.107:8080, 124.223.14.100:1234, 13.107.71.124:80, 13.107.71.124:8080, 138.241.250.139:80, 138.241.250.139:8080, 139.209.222.134:1234, 154.158.186.66:80, 154.158.186.66:8080, 156.162.170.43:80, 156.162.170.43:8080, 17.174.21.251:80, 17.174.21.251:8080, 172.67.133.228:443, 183.41.199.51:80, 183.41.199.51:8080, 184.83.112.246:1234, 185.210.144.122:1234, 19.66.110.97:80, 191.230.149.106:80, 191.230.149.106:8080, 191.242.188.103:1234, 20.141.185.205:1234, 202.61.203.229:1234, 202.71.87.139:80, 202.71.87.139:8080, 209.216.177.158:1234, 210.99.20.194:1234, 211.162.184.120:1234, 212.57.36.20:1234, 218.146.15.97:1234, 222.100.124.62:1234, 222.103.98.58:1234, 222.134.240.91:1234, 223.171.91.127:1234, 223.171.91.191:1234, 243.166.50.67:80, 243.166.50.67:8080, 246.107.101.129:80, 246.107.101.129:8080, 246.22.161.77:80, 30.31.211.78:80, 30.31.211.78:8080, 31.19.237.170:1234, 32.120.191.156:80, 32.120.191.156:8080, 33.147.204.33:80, 33.147.204.33:8080, 39.175.68.100:1234, 41.110.49.240:80, 41.110.49.240:8080, 46.13.164.29:1234, 51.75.146.174:443, 52.240.29.18:80, 55.201.12.222:80, 55.201.12.222:8080, 58.199.193.78:80, 58.199.193.78:8080, 65.43.133.231:80, 65.43.133.231:8080, 65.72.60.177:80, 66.102.234.86:80, 66.102.234.86:8080, 70.163.146.57:80, 70.163.146.57:8080, 75.19.196.18:80, 75.19.196.18:8080, 78.33.177.119:80, 78.33.177.119:8080, 80.147.162.151:1234, 82.162.13.176:80, 82.162.13.176:8080, 82.66.5.84:1234, 83.198.147.243:80, 83.198.147.243:8080, 86.133.233.66:1234, 89.212.123.191:1234, 95.179.161.243:80 and 95.179.161.243:8080 |
Outgoing Connection |
Process /etc/apache2 started listening on ports: 1234, 8080 and 8186 |
Listening |
The file /etc/apache2 was downloaded and executed 176 times |
Download and Execute |
Process /etc/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|