IP Address: 223.171.91.146Previously Malicious
IP Address: 223.171.91.146Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan Port 80 Scan Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Port 8080 Scan SSH |
Associated Attack Servers |
14.166.121.158 25.61.118.93 36.75.66.175 38.237.244.218 40.112.221.159 43.211.101.97 45.33.34.250 47.112.205.162 64.227.132.175 77.193.71.115 86.192.246.147 90.74.36.245 101.43.22.221 103.213.128.57 106.41.11.11 113.175.67.41 117.50.179.71 121.60.124.167 124.139.118.151 124.223.63.43 135.124.170.10 136.78.86.193 138.2.83.98 141.232.76.80 144.88.231.204 172.225.171.212 183.213.26.13 188.47.92.186 188.137.206.107 193.127.231.80 |
IP Address |
223.171.91.146 |
|
Domain |
- |
|
ISP |
LG Uplus |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-01-17 |
Last seen in Akamai Guardicore Segmentation |
2022-07-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 180 times |
Download and Execute |
Process /bin/nc.openbsd scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig scanned port 1234 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig generated outgoing network traffic to: 1.191.174.84:80, 1.191.174.84:8080, 1.220.98.197:1234, 101.42.90.177:1234, 103.96.238.42:80, 103.96.238.42:8080, 104.21.25.86:443, 106.23.18.32:80, 106.23.18.32:8080, 108.227.227.197:80, 108.227.227.197:8080, 111.2.35.50:80, 111.2.35.50:8080, 117.80.212.33:1234, 12.225.222.154:80, 12.225.222.154:8080, 120.224.34.31:1234, 120.31.133.162:1234, 124.115.231.214:1234, 124.223.14.100:1234, 126.113.188.146:80, 126.113.188.146:8080, 139.209.222.134:1234, 149.110.52.33:80, 149.110.52.33:8080, 150.107.95.20:1234, 157.85.179.233:80, 157.85.179.233:8080, 166.89.210.121:80, 172.67.133.228:443, 190.138.240.233:1234, 191.242.182.210:1234, 193.180.95.66:80, 193.180.95.66:8080, 20.141.185.205:1234, 202.61.203.229:1234, 207.29.18.196:80, 207.29.18.196:8080, 211.162.184.120:1234, 220.84.84.17:80, 220.84.84.17:8080, 222.100.124.62:1234, 222.103.98.58:1234, 222.134.240.91:1234, 223.99.166.104:1234, 243.81.47.127:80, 243.81.47.127:8080, 249.138.206.114:80, 249.138.206.114:8080, 26.161.85.48:80, 26.161.85.48:8080, 4.66.147.164:80, 4.66.147.164:8080, 43.107.60.128:80, 43.107.60.128:8080, 44.201.212.26:80, 44.201.212.26:8080, 5.25.115.113:80, 5.25.115.113:8080, 51.75.146.174:443, 56.118.233.212:80, 56.118.233.212:8080, 58.229.125.66:1234, 59.3.186.45:1234, 61.84.162.66:1234, 64.64.129.135:80, 68.93.125.144:80, 68.93.125.144:8080, 77.197.122.47:80, 77.197.122.47:8080, 79.242.64.154:80, 79.242.64.154:8080, 80.73.41.138:80, 80.73.41.138:8080, 82.149.112.170:1234, 89.212.123.191:1234, 91.90.108.43:80, 91.90.108.43:8080, 93.176.229.145:1234, 93.69.58.16:80, 93.69.58.16:8080, 94.78.136.156:80, 94.78.136.156:8080, 95.102.66.194:80, 95.125.111.106:80, 95.125.111.106:8080, 95.154.21.210:1234, 96.204.163.156:80 and 96.204.163.156:8080 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8080 and 8184 |
Listening |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|