IP Address: 20.127.227.20Previously Malicious
IP Address: 20.127.227.20Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Successful SSH Login SCP Download File SSH Download and Execute Download and Allow Execution Superuser Operation |
Associated Attack Servers |
87.32.32.120 120.224.34.31 124.223.14.100 209.216.177.158 218.146.15.97 |
IP Address |
20.127.227.20 |
|
Domain |
- |
|
ISP |
- |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-07-02 |
Last seen in Akamai Guardicore Segmentation |
2022-08-02 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /etc/ifconfig was downloaded and executed 4 times |
Download and Execute |
The file /etc/apache2 was downloaded and executed 191 times |
Download and Execute |
Process /etc/apache2 scanned port 1234 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /etc/apache2 generated outgoing network traffic to: 1.220.98.197:1234, 100.229.127.170:80, 100.229.127.170:8080, 104.248.207.87:80, 104.248.207.87:8080, 105.137.195.57:80, 105.137.195.57:8080, 118.41.204.72:1234, 129.149.64.106:80, 133.106.217.52:80, 133.106.217.52:8080, 139.209.222.134:1234, 161.35.79.199:1234, 170.131.58.69:80, 170.131.58.69:8080, 171.48.148.202:80, 171.48.148.202:8080, 173.73.19.221:80, 173.73.19.221:8080, 184.83.112.246:1234, 185.210.144.122:1234, 187.9.227.22:80, 187.9.227.22:8080, 190.60.239.44:1234, 191.187.62.96:80, 191.187.62.96:8080, 191.242.182.210:1234, 191.242.188.103:1234, 2.59.181.249:80, 2.59.181.249:8080, 20.141.185.205:1234, 20.89.67.2:80, 20.89.67.2:8080, 206.189.25.255:1234, 208.45.13.103:80, 208.45.13.103:8080, 209.216.177.158:1234, 210.99.20.194:1234, 211.162.184.120:1234, 212.57.36.20:1234, 218.146.15.97:1234, 220.55.88.12:80, 220.55.88.12:8080, 222.103.98.58:1234, 222.121.63.87:1234, 223.171.91.149:1234, 241.17.110.200:80, 241.17.110.200:8080, 241.245.34.156:80, 241.245.34.156:8080, 245.230.210.167:80, 245.230.210.167:8080, 28.13.69.43:80, 28.13.69.43:8080, 31.19.237.170:1234, 43.99.167.89:80, 43.99.167.89:8080, 46.13.164.29:1234, 51.159.19.47:1234, 51.75.146.174:443, 59.3.186.45:1234, 62.96.6.92:80, 62.96.6.92:8080, 64.21.173.179:80, 64.21.173.179:8080, 72.238.248.18:80, 72.238.248.18:8080, 79.110.93.90:80, 79.110.93.90:8080, 8.128.140.25:80, 8.128.140.25:8080, 80.228.64.101:80, 80.228.64.101:8080, 82.66.5.84:1234, 85.105.82.39:1234, 86.15.15.219:80, 86.15.15.219:8080, 87.190.222.17:80, 87.190.222.17:8080, 87.97.142.195:80, 87.97.142.195:8080, 88.253.47.1:80, 88.253.47.1:8080, 89.47.92.20:80, 89.47.92.20:8080, 94.194.127.61:80, 94.194.127.61:8080, 99.129.184.156:80 and 99.129.184.156:8080 |
Outgoing Connection |
Process /etc/apache2 started listening on ports: 1234, 8086 and 8183 |
Listening |
Process /etc/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Process /lib/systemd/systemd started listening on ports: 80 |
Listening |
Process /usr/local/apache2/bin/httpd started listening on ports: 80 |
Listening |
Connection was closed due to timeout |
|