IP Address: 202.186.42.73Previously Malicious
IP Address: 202.186.42.73Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation Listening 6 Shell Commands Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download and Allow Execution |
Associated Attack Servers |
50.216.208.27 50.237.89.162 103.141.246.254 103.152.48.32 119.29.141.189 |
IP Address |
202.186.42.73 |
|
Domain |
- |
|
ISP |
Tt Dotcom Sdn Bhd |
|
Country |
Malaysia |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-10 |
Last seen in Akamai Guardicore Segmentation |
2021-12-22 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 114 times |
Download and Execute |
Process /tmp/ifconfig scanned port 22 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 2222 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 22 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig started listening on ports: 1234 and 8086 |
Listening |
Process /tmp/ifconfig generated outgoing network traffic to: 104.242.94.126:22, 105.49.136.197:2222, 106.237.124.63:22, 107.215.238.107:2222, 116.35.245.28:22, 119.87.253.100:22, 123.143.5.58:22, 123.224.44.252:22, 125.214.246.153:2222, 137.148.182.74:2222, 138.26.196.35:22, 139.41.18.65:22, 140.79.219.175:22, 144.105.231.145:22, 147.104.228.34:2222, 147.150.157.122:2222, 148.167.166.232:22, 149.184.60.174:22, 15.134.196.56:2222, 150.245.109.177:22, 165.235.130.59:2222, 166.182.132.101:2222, 169.161.22.46:2222, 174.191.199.174:2222, 175.196.192.188:22, 175.20.62.128:2222, 177.73.100.150:2222, 182.30.236.121:22, 186.214.113.94:2222, 187.100.131.219:2222, 189.28.56.167:22, 189.28.56.167:2222, 196.225.77.188:2222, 197.74.68.103:2222, 199.116.141.197:22, 2.157.171.140:2222, 200.99.166.13:22, 201.50.94.66:2222, 202.83.80.217:22, 203.179.40.124:22, 205.20.125.161:22, 206.129.146.174:2222, 206.192.117.201:22, 207.125.160.80:22, 209.43.16.193:22, 210.168.94.1:2222, 211.17.32.97:2222, 214.51.180.150:2222, 22.39.34.92:2222, 22.67.204.202:2222, 22.9.69.87:22, 22.9.69.87:2222, 221.51.140.214:2222, 222.152.151.19:22, 222.3.221.18:2222, 23.1.37.192:2222, 24.37.126.18:22, 241.120.88.39:2222, 25.75.116.17:22, 250.26.64.185:22, 26.102.239.153:2222, 26.77.189.190:22, 27.120.23.240:2222, 28.125.161.158:22, 29.206.138.170:2222, 3.231.51.105:2222, 30.113.135.143:22, 31.48.198.9:22, 31.72.253.36:2222, 32.99.51.68:22, 35.111.161.190:2222, 35.19.35.57:22, 56.189.139.199:2222, 6.238.167.221:2222, 62.16.55.10:2222, 67.111.120.32:2222, 68.141.247.80:2222, 73.198.137.230:2222, 75.84.69.20:2222, 80.59.37.195:22, 81.199.128.179:2222, 82.186.47.221:2222, 83.158.195.129:2222, 88.37.85.174:2222, 88.99.239.75:22 and 96.78.131.237:22 |
|
Process /tmp/ifconfig scanned port 2222 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed 3 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 5 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 6 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 12 times |
Download and Execute |
Connection was closed due to timeout |
|