IP Address: 222.121.63.87Previously Malicious
IP Address: 222.121.63.87Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
222.121.63.87 |
|
Domain |
- |
|
ISP |
Korea Telecom |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
Last seen in Akamai Guardicore Segmentation |
2022-10-05 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 102 times |
Download and Execute |
Process /root/apache2 scanned port 22 on 31 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 22 on 15 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 22 on 14 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 22 on 24 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 31 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 31 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 2222 on 31 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 generated outgoing network traffic to: 102.85.61.29:80, 11.192.22.196:22, 111.4.171.183:22, 12.36.193.149:80, 12.36.193.149:8080, 123.135.203.181:2222, 123.99.23.183:80, 123.99.23.183:8080, 124.115.231.214:1234, 124.135.179.177:22, 128.16.81.36:22, 13.164.80.28:2222, 130.42.70.196:80, 134.45.142.26:8080, 135.112.173.172:22, 138.39.24.207:22, 140.121.67.193:2222, 143.25.252.149:2222, 151.138.230.240:80, 151.138.230.240:8080, 153.125.2.66:8080, 153.146.116.167:2222, 154.109.75.190:2222, 154.120.16.139:22, 154.42.201.222:2222, 161.35.79.199:1234, 163.158.98.150:22, 165.217.124.13:22, 168.138.66.115:22, 170.207.247.72:22, 173.18.35.41:1234, 174.35.251.99:80, 174.35.251.99:8080, 183.238.102.129:22, 183.239.99.113:22, 186.201.30.54:2222, 186.87.88.49:22, 187.171.236.178:22, 190.6.159.146:80, 192.197.17.160:2222, 193.19.101.85:22, 193.78.133.141:2222, 196.240.207.245:2222, 198.129.149.157:2222, 198.64.215.190:2222, 204.91.143.148:22, 215.133.122.196:22, 215.32.178.62:22, 219.221.67.57:2222, 221.218.114.13:22, 221.99.116.150:22, 222.121.63.87:1234, 223.171.91.191:1234, 223.77.186.117:22, 223.99.166.104:1234, 241.54.179.213:2222, 246.195.13.69:80, 247.11.188.212:2222, 25.93.19.229:80, 28.27.93.45:22, 30.223.247.188:22, 32.18.95.74:8080, 37.238.213.68:22, 40.58.20.103:22, 43.140.248.89:80, 51.75.146.174:443, 54.91.245.167:8080, 58.39.157.103:80, 58.39.157.103:8080, 58.82.26.62:2222, 6.230.100.1:80, 67.56.217.181:2222, 68.10.164.242:8080, 69.69.130.168:80, 69.69.130.168:8080, 71.152.44.73:2222, 71.70.164.189:22, 74.139.235.155:8080, 78.18.35.227:2222, 8.136.1.111:22, 80.241.8.205:2222, 83.58.191.91:22, 84.109.138.187:80, 84.109.138.187:8080, 85.232.70.148:2222, 86.133.233.66:1234, 87.61.212.134:2222, 91.75.155.197:80, 91.75.155.197:8080, 97.116.231.137:22 and 97.251.129.51:2222 |
Outgoing Connection |
Process /root/apache2 started listening on ports: 1234, 8088 and 8182 |
Listening |
Process /root/apache2 attempted to access suspicious domains: btcentralplus.com and mchsi.com |
Access Suspicious Domain Outgoing Connection |
Process /root/apache2 scanned port 80 on 15 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 14 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 24 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 15 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 2222 on 15 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 14 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 24 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 2222 on 14 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 2222 on 24 IP Addresses |
Port 22 Scan Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /usr/local/apache2/bin/httpd started listening on ports: 80 |
Listening |
Connection was closed due to timeout |
|