IP Address: 23.252.83.122Previously Malicious
IP Address: 23.252.83.122Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation Listening SCP 2 Shell Commands Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File |
Associated Attack Servers |
95.154.21.210 110.42.173.235 124.222.50.138 167.99.63.88 220.243.148.80 |
IP Address |
23.252.83.122 |
|
Domain |
- |
|
ISP |
Zeta Broadband |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-02-25 |
Last seen in Akamai Guardicore Segmentation |
2022-03-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /tmp/apache2 scanned port 22 on 35 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 22 on 55 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 2222 on 35 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /tmp/apache2 was downloaded and executed 171 times |
Download and Execute |
Process /tmp/apache2 started listening on ports: 1234 and 8086 |
Listening |
Process /tmp/apache2 generated outgoing network traffic to: 103.203.169.140:22, 105.39.16.132:2222, 108.191.94.211:22, 108.191.94.211:2222, 108.42.107.37:2222, 109.27.111.243:2222, 110.104.76.143:22, 113.134.245.175:2222, 116.64.78.120:22, 117.8.190.136:22, 12.151.242.208:2222, 12.200.78.67:2222, 120.64.126.172:2222, 121.179.239.9:2222, 122.34.16.72:2222, 125.125.173.136:2222, 125.173.174.17:2222, 130.11.74.17:2222, 133.229.179.165:2222, 136.76.193.79:22, 139.82.34.8:22, 144.209.20.76:22, 147.196.180.219:2222, 150.127.221.226:2222, 150.223.231.14:22, 154.178.241.51:2222, 156.247.228.91:2222, 160.17.91.14:2222, 160.44.188.164:22, 161.210.126.229:2222, 163.203.73.174:2222, 164.78.179.200:22, 166.92.65.39:2222, 170.159.245.99:2222, 170.172.121.177:2222, 175.231.226.101:22, 182.56.166.100:2222, 185.176.12.106:2222, 189.87.130.41:22, 191.232.10.74:2222, 191.233.223.157:2222, 195.54.33.61:2222, 199.18.156.168:22, 2.205.249.94:22, 20.16.185.108:2222, 202.246.220.12:2222, 202.247.37.129:2222, 204.247.88.66:22, 206.166.69.248:22, 207.45.67.199:2222, 208.9.178.187:2222, 209.148.37.147:2222, 209.171.167.79:22, 209.247.209.87:22, 209.78.148.59:2222, 211.151.74.89:22, 22.50.57.38:2222, 223.81.48.152:2222, 23.170.22.106:2222, 245.3.20.213:2222, 247.138.235.150:22, 248.126.99.230:2222, 25.32.238.57:22, 251.3.44.144:22, 253.130.124.42:2222, 26.148.165.46:2222, 33.62.71.123:2222, 34.214.41.193:2222, 37.186.253.115:22, 39.155.224.152:22, 40.100.188.249:2222, 41.97.154.197:22, 46.180.122.249:22, 50.161.6.88:22, 52.116.156.83:2222, 56.120.214.211:2222, 62.65.238.42:2222, 63.18.156.223:22, 68.142.11.143:22, 69.129.226.126:22, 79.220.196.123:2222, 80.112.176.141:2222, 80.203.168.105:22, 80.204.168.198:22, 81.200.14.32:22, 81.84.100.118:2222, 82.145.197.144:2222, 83.207.212.177:2222 and 91.92.90.233:2222 |
|
Process /tmp/apache2 scanned port 2222 on 55 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /bin/bash was downloaded and executed |
Download and Execute |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|