IP Address: 49.232.149.210Previously Malicious
IP Address: 49.232.149.210Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan SSH Listening 7 Shell Commands SCP Port 80 Scan Port 8080 Scan Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Download File Outgoing Connection |
Associated Attack Servers |
IP Address |
49.232.149.210 |
|
Domain |
- |
|
ISP |
Tencent cloud computing |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-13 |
Last seen in Akamai Guardicore Segmentation |
2022-09-30 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 127 times |
Download and Execute |
Process /root/apache2 scanned port 1234 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 1234 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /root/apache2 generated outgoing network traffic to: 101.30.88.106:80, 101.30.88.106:8080, 101.42.90.177:1234, 102.18.133.229:80, 104.21.75.20:443, 114.166.17.19:80, 114.166.17.19:8080, 117.16.44.111:1234, 12.195.195.51:80, 12.195.195.51:8080, 120.31.133.162:1234, 121.177.156.182:80, 121.177.156.182:8080, 121.246.17.78:80, 121.246.17.78:8080, 123.132.238.210:1234, 124.115.231.214:1234, 125.190.248.37:80, 125.190.248.37:8080, 139.209.222.134:1234, 146.66.94.87:80, 146.66.94.87:8080, 151.25.160.245:80, 151.25.160.245:8080, 161.157.94.31:80, 161.157.94.31:8080, 161.35.79.199:1234, 168.103.227.162:80, 168.103.227.162:8080, 169.229.243.202:80, 170.227.189.102:80, 172.67.210.60:443, 173.18.35.41:1234, 182.91.21.227:80, 182.91.21.227:8080, 184.178.117.2:80, 184.178.117.2:8080, 185.210.144.122:1234, 191.242.182.210:1234, 20.141.185.205:1234, 202.61.203.229:1234, 210.99.20.194:1234, 212.57.36.20:1234, 218.146.15.97:1234, 220.243.148.80:1234, 222.100.124.62:1234, 223.171.91.191:1234, 244.52.169.221:80, 244.52.169.221:8080, 251.111.1.6:80, 251.111.1.6:8080, 3.90.52.210:80, 3.90.52.210:8080, 32.9.93.180:80, 32.9.93.180:8080, 35.243.223.96:80, 35.243.223.96:8080, 38.43.223.134:80, 38.43.223.134:8080, 41.175.145.166:80, 41.175.145.166:8080, 43.242.247.139:1234, 51.159.19.47:1234, 51.75.146.174:443, 52.217.197.113:80, 52.217.197.113:8080, 56.226.145.16:80, 56.226.145.16:8080, 58.229.125.66:1234, 61.144.179.129:80, 61.144.179.129:8080, 61.77.105.219:1234, 62.12.106.5:1234, 69.215.247.201:80, 69.215.247.201:8080, 72.71.80.137:80, 72.71.80.137:8080, 78.148.206.185:80, 78.148.206.185:8080, 79.119.49.250:80, 79.119.49.250:8080, 84.204.148.99:1234, 85.103.51.20:80, 85.103.51.20:8080, 86.91.85.95:80, 86.91.85.95:8080, 88.35.97.57:80, 88.35.97.57:8080 and 93.176.229.145:1234 |
Outgoing Connection |
Process /root/apache2 started listening on ports: 1234, 8080 and 8186 |
Listening |
Process /root/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to user inactivity |
|