IP Address: 5.182.17.252Previously Malicious
IP Address: 5.182.17.252Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation Download and Execute Successful SSH Login SSH Download and Allow Execution |
Associated Attack Servers |
3.35.185.49 15.185.34.173 50.217.22.109 80.200.70.166 183.252.37.196 217.160.172.168 |
IP Address |
5.182.17.252 |
|
Domain |
- |
|
ISP |
TT1 Datacenter UG (haftungsbeschraenkt) |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-17 |
Last seen in Akamai Guardicore Segmentation |
2022-01-17 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /tmp/apache2 scanned port 1234 on 14 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 22 on 14 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 2222 on 14 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 1234 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 1234 on 35 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /bin/bash scanned port 1234 on 14 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 14 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 14 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 14 IP Addresses |
Port 1234 Scan |
The file /tmp/apache2 was downloaded and executed 137 times |
Download and Execute |
Process /tmp/apache2 scanned port 22 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 2222 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 scanned port 22 on 35 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/apache2 started listening on ports: 1234 and 8088 |
Listening |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
Process /tmp/apache2 generated outgoing network traffic to: 101.35.141.10:1234, 101.35.141.10:22, 103.152.48.33:1234, 103.152.48.33:22, 103.187.143.140:2222, 11.106.130.149:22, 11.91.150.11:2222, 114.152.65.62:22, 114.85.113.96:2222, 116.184.49.220:22, 116.23.103.13:2222, 116.31.107.208:1234, 117.62.205.181:1234, 118.180.180.227:22, 120.54.83.150:2222, 125.10.168.227:2222, 129.47.5.251:22, 13.209.39.176:1234, 130.170.127.26:2222, 131.155.16.175:2222, 131.47.168.238:2222, 141.205.101.203:22, 142.85.174.151:22, 143.204.21.161:2222, 149.175.87.107:22, 153.178.67.196:2222, 154.183.32.168:22, 158.132.93.20:2222, 159.75.42.173:1234, 159.75.42.173:22, 16.251.179.26:2222, 169.202.17.36:2222, 179.50.160.70:1234, 179.50.160.70:22, 185.230.138.112:1234, 185.30.168.243:22, 187.173.198.178:22, 19.57.248.89:2222, 193.78.129.149:22, 198.124.2.156:2222, 200.120.200.73:2222, 204.129.163.165:2222, 207.145.73.6:2222, 208.33.206.29:22, 212.214.199.208:22, 214.217.220.176:22, 215.50.180.202:22, 216.55.78.156:2222, 217.123.32.33:22, 22.167.58.198:2222, 240.171.112.58:2222, 241.47.194.193:2222, 243.164.158.12:22, 249.191.228.236:22, 27.25.171.83:2222, 27.45.116.201:2222, 32.25.21.71:2222, 36.93.202.210:22, 39.86.114.252:1234, 40.154.214.51:2222, 42.197.157.2:22, 44.54.56.127:2222, 49.137.250.101:22, 5.90.113.151:22, 51.238.198.161:22, 51.43.197.202:22, 51.50.13.199:2222, 55.56.234.1:22, 61.63.193.11:22, 62.244.155.41:2222, 65.85.173.19:22, 66.12.128.111:22, 67.110.178.188:2222, 74.146.90.135:22, 76.66.193.82:2222, 78.211.73.219:2222, 80.136.210.133:22, 82.171.11.170:2222, 87.103.120.149:1234, 87.249.46.44:2222, 93.224.106.53:1234 and 94.133.158.230:1234 |
|
Process /tmp/apache2 scanned port 2222 on 35 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 30 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 13 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 10 times |
Download and Execute |
Connection was closed due to timeout |
|