IP Address: 58.229.6.213Previously Malicious
IP Address: 58.229.6.213Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Outgoing Connection Download Operation SSH 10 Shell Commands Superuser Operation Port 22 Scan Successful SSH Login Kill Process |
Associated Attack Servers |
IP Address |
58.229.6.213 |
|
Domain |
- |
|
ISP |
SK Broadband |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-10-18 |
Last seen in Akamai Guardicore Segmentation |
2023-02-09 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ******** - Authentication policy: White List |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 4 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Kill Process was detected 2 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Download Operation was detected 6 times |
Download Operation Kill Process Superuser Operation |
Process /usr/bin/wget generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /dev/shm/ksmdr generated outgoing network traffic to: 142.202.242.43:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:57388 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 1.172.241.240:22, 10.104.68.150:22, 10.120.139.228:22, 100.121.194.118:22, 103.80.35.132:22, 104.121.58.141:22, 104.60.92.67:22, 105.72.34.32:22, 108.100.214.184:22, 12.44.35.172:22, 120.75.149.47:22, 123.182.96.164:22, 125.90.30.44:22, 126.248.100.148:22, 128.239.101.41:22, 129.53.251.29:22, 132.150.58.78:22, 132.183.47.85:22, 132.61.178.33:22, 14.68.151.239:22, 142.250.190.142:80, 145.38.219.118:22, 147.160.43.85:22, 15.142.145.115:22, 15.167.106.65:22, 15.29.191.162:22, 151.37.67.127:22, 151.74.180.220:22, 154.248.197.95:22, 156.242.51.131:22, 157.38.40.20:22, 162.112.232.168:22, 166.102.104.172:22, 169.251.88.215:22, 170.207.148.0:22, 171.22.30.31:45833, 171.22.30.31:80, 175.138.55.249:22, 175.201.158.228:22, 18.214.36.128:22, 181.101.68.198:22, 182.68.63.100:22, 183.134.231.175:22, 183.69.32.225:22, 184.190.161.164:22, 188.100.214.100:22, 189.91.52.31:22, 190.48.91.70:22, 191.112.115.106:22, 195.37.103.253:22, 197.219.221.218:22, 197.91.159.230:22, 198.90.222.222:22, 201.6.49.178:22, 206.13.103.113:22, 212.30.226.77:22, 218.135.107.11:22, 219.149.146.141:22, 222.229.238.138:22, 24.249.112.91:22, 240.215.200.194:22, 241.177.135.233:22, 242.236.148.103:22, 244.105.133.88:22, 247.141.116.165:22, 249.22.84.20:22, 250.18.232.50:22, 253.55.83.46:22, 27.128.100.152:22, 29.116.110.58:22, 29.228.53.218:22, 33.22.177.200:22, 39.8.42.94:22, 41.148.253.188:22, 43.62.164.40:22, 45.156.123.212:22, 52.117.83.32:22, 59.189.58.217:22, 59.52.105.242:22, 61.23.103.6:22, 64.144.125.76:22, 73.92.178.197:22, 79.45.211.80:22, 81.229.11.66:22, 82.234.60.148:22, 82.31.62.190:22, 84.85.196.73:22, 88.109.74.144:22, 88.175.4.104:22, 89.16.11.180:22, 9.4.250.74:22, 90.115.225.75:22, 90.2.108.22:22, 93.17.58.84:22 and 96.86.190.19:22 |
Outgoing Connection |
Process /bin/bash scanned port 22 on 92 IP Addresses |
Port 22 Scan |
Connection was closed due to timeout |
|