IP Address: 31.165.5.151Previously Malicious
IP Address: 31.165.5.151Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SCP SSH |
|
Tags |
SSH SCP Superuser Operation Download File Download and Allow Execution Successful SSH Login Download and Execute |
|
Associated Attack Servers |
36.77.94.79 82.143.75.1 89.121.228.38 172.64.110.32 172.64.111.32 172.64.200.11 172.64.201.11 182.16.160.129 212.235.185.13 |
|
IP Address |
31.165.5.151 |
|
|
Domain |
- |
|
|
ISP |
Sunrise Communications AG |
|
|
Country |
Switzerland |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-09-24 |
|
Last seen in Akamai Guardicore Segmentation |
2022-10-31 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
/dev/shm/ifconfig was downloaded |
Download File |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 12 times |
Superuser Operation |
|
Process /dev/shm/ifconfig scanned port 1234 on 46 IP Addresses |
Port 1234 Scan |
|
Process /tmp/ifconfig scanned port 1234 on 46 IP Addresses |
Port 1234 Scan |
|
Process /root/apache2 scanned port 1234 on 46 IP Addresses |
Port 1234 Scan |
|
Process /var/tmp/apache2 scanned port 1234 on 46 IP Addresses |
Port 1234 Scan |
|
Process /root/ifconfig scanned port 1234 on 46 IP Addresses |
Port 1234 Scan |
|
Process /etc/ifconfig scanned port 1234 on 46 IP Addresses |
Port 1234 Scan |
|
Process /dev/shm/ifconfig started listening on ports: 1234, 8082 and 8188 |
Listening |
|
Process /dev/shm/ifconfig generated outgoing network traffic to: 102.141.225.244:1234, 172.64.200.11:443, 172.64.201.11:443, 173.18.35.41:1234, 59.1.226.211:1234 and 80.147.162.151:1234 |
Outgoing Connection |
|
/tmp/ifconfig was downloaded |
Download File |
|
The file /tmp/apache2 was downloaded and executed 43 times |
Download and Execute |
|
Process /tmp/ifconfig started listening on ports: 1234, 8084 and 8185 |
Listening |
|
Process /tmp/ifconfig generated outgoing network traffic to: 118.41.204.72:1234, 121.200.53.148:1234, 172.64.200.11:443, 172.64.201.11:443, 211.162.184.120:1234, 31.14.115.42:1234, 58.216.8.121:1234, 61.102.42.5:1234 and 85.105.58.118:1234 |
Outgoing Connection |
|
./ifconfig was downloaded |
Download File |
|
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 69 times |
Download and Execute |
|
Process /root/apache2 started listening on ports: 1234, 8081, 8084 and 8187 |
Listening |
|
Process /root/apache2 generated outgoing network traffic to: 118.218.209.149:1234, 120.236.69.162:1234, 144.22.191.115:1234, 146.56.115.253:1234, 195.87.73.208:1234, 202.61.203.229:1234, 40.87.11.253:1234, 51.75.146.174:443 and 69.236.215.6:1234 |
Outgoing Connection |
|
/var/tmp/ifconfig was downloaded |
Download File |
|
The file /var/tmp/apache2 was downloaded and executed 104 times |
Download and Execute |
|
Process /var/tmp/apache2 started listening on ports: 1234, 8088 and 8181 |
Listening |
|
Process /var/tmp/apache2 generated outgoing network traffic to: 103.141.246.254:1234, 118.218.209.149:1234, 118.41.204.72:1234, 120.236.74.234:1234, 139.59.135.142:1234, 146.56.115.253:1234, 172.64.200.11:443, 172.64.201.11:443, 173.18.35.41:1234, 202.61.203.229:1234, 222.165.136.99:1234 and 223.223.200.243:1234 |
Outgoing Connection |
|
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 287 times |
Download and Execute |
|
Process /root/ifconfig started listening on ports: 1234, 8084 and 8180 |
Listening |
|
Process /root/ifconfig generated outgoing network traffic to: 1.220.98.197:1234, 103.90.177.102:1234, 118.41.204.72:1234, 120.236.74.234:1234, 120.236.79.182:1234, 147.182.233.56:1234, 187.6.3.3:1234, 191.242.188.103:1234, 195.87.73.176:1234, 213.255.16.156:1234, 221.181.232.56:1234, 36.112.152.152:1234, 51.75.146.174:443, 78.187.13.206:1234, 80.147.162.151:1234 and 85.51.217.156:1234 |
Outgoing Connection |
|
System file /etc/ifconfig was modified 9 times |
System File Modification |
|
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
System file /etc/apache2 was modified 4 times |
System File Modification |
|
The file /etc/apache2 was downloaded and executed 207 times |
Download and Execute |
|
Process /etc/ifconfig started listening on ports: 1234, 8085 and 8189 |
Listening |
|
Process /etc/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 1.220.98.197:1234, 117.80.212.33:1234, 120.236.79.182:1234, 13.36.151.196:1234, 139.59.135.142:1234, 14.152.78.120:1234, 162.19.210.221:1234, 182.92.162.51:1234, 20.56.195.26:1234, 209.216.177.158:1234, 213.255.16.156:1234, 222.165.136.99:1234, 31.14.115.42:1234, 36.112.152.152:1234, 58.216.8.121:1234, 61.102.42.5:1234, 78.187.13.206:1234, 84.16.224.173:1234, 85.105.58.118:1234, 85.51.217.156:1234 and 85.51.24.68:1234 |
Outgoing Connection |
|
Connection was closed due to user inactivity |
|
© 2023 Akamai Technologies