IP Address: 217.160.172.168Previously Malicious
IP Address: 217.160.172.168Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation Download and Execute Successful SSH Login SSH Download and Allow Execution |
Associated Attack Servers |
3.35.185.49 5.182.17.252 15.185.34.173 50.217.22.109 80.200.70.166 183.252.37.196 |
IP Address |
217.160.172.168 |
|
Domain |
- |
|
ISP |
1&1 Internet AG |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-13 |
Last seen in Akamai Guardicore Segmentation |
2022-01-02 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
The file /tmp/ifconfig was downloaded and granted execution privileges |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/apache2 was downloaded and executed 147 times |
Download and Execute |
Process /tmp/apache2 scanned port 1234 on 15 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 22 on 15 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 2222 on 15 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 1234 on 40 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 1234 on 34 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /bin/nc.openbsd scanned port 1234 on 15 IP Addresses 2 times |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 15 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 15 IP Addresses |
Port 1234 Scan |
Process /tmp/apache2 scanned port 22 on 40 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 2222 on 40 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 22 on 34 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 started listening on ports: 1234 and 8088 |
Listening |
Process /tmp/apache2 generated outgoing network traffic to: 101.246.82.214:2222, 105.91.101.195:22, 111.132.82.122:22, 111.43.48.176:22, 116.228.63.21:2222, 117.131.24.150:2222, 117.93.116.251:1234, 12.247.38.13:2222, 120.36.161.123:1234, 122.129.195.247:2222, 123.172.193.98:2222, 123.207.26.100:1234, 125.125.170.72:22, 132.226.125.143:1234, 133.144.149.163:22, 134.15.145.103:2222, 139.187.184.118:22, 140.234.248.252:2222, 140.65.236.87:22, 146.126.129.21:22, 151.182.94.218:2222, 152.253.122.181:2222, 153.14.217.186:2222, 154.214.135.124:22, 158.155.57.111:22, 158.174.109.243:1234, 159.65.2.94:22, 16.113.226.192:2222, 170.157.23.25:2222, 173.181.105.97:22, 174.74.135.4:22, 182.29.181.31:22, 182.29.181.31:2222, 185.230.138.105:1234, 185.230.138.110:1234, 187.105.230.55:22, 19.56.185.37:22, 193.209.41.15:2222, 194.219.134.234:1234, 197.32.172.237:2222, 198.23.207.250:22, 2.125.85.87:22, 200.164.167.166:2222, 205.56.24.41:22, 216.224.122.47:22, 218.148.229.105:22, 218.187.233.91:2222, 219.50.196.10:22, 221.59.107.124:2222, 223.107.140.229:22, 23.114.107.141:1234, 24.158.29.166:1234, 24.171.220.244:2222, 242.242.221.141:2222, 246.167.173.106:2222, 25.40.120.101:2222, 250.240.119.197:22, 27.156.196.249:22, 29.244.8.115:22, 31.118.198.218:22, 33.16.207.202:22, 34.198.89.191:2222, 35.252.45.71:22, 37.185.181.1:22, 38.239.115.136:22, 39.155.210.109:2222, 48.93.221.88:22, 5.219.60.178:22, 50.161.167.205:22, 55.224.196.190:22, 56.174.124.154:2222, 59.151.99.245:2222, 6.52.29.79:2222, 6.8.192.175:22, 62.118.153.242:2222, 67.177.92.201:2222, 73.61.9.189:2222, 75.236.163.76:22, 81.227.187.142:22, 82.119.96.254:1234, 82.146.54.75:1234, 83.56.9.96:1234, 88.210.209.244:2222, 90.109.245.5:22, 91.94.59.129:2222 and 96.239.114.57:2222 |
|
Process /tmp/apache2 scanned port 2222 on 34 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 7 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 40 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 3 times |
Download and Execute |
Connection was closed due to timeout |
|