IP Address: 58.48.209.19Previously Malicious
IP Address: 58.48.209.19Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan SSH Listening 5 Shell Commands SCP Port 80 Scan Port 8080 Scan Superuser Operation Outgoing Connection Successful SSH Login Download and Execute Download File |
Associated Attack Servers |
67.206.26.19 102.153.192.233 147.182.233.56 209.216.177.158 209.216.177.238 |
IP Address |
58.48.209.19 |
|
Domain |
- |
|
ISP |
China Telecom Hubei |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-08-02 |
Last seen in Akamai Guardicore Segmentation |
2022-08-15 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /tmp/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 3 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 162 times |
Download and Execute |
Process /tmp/ifconfig generated outgoing network traffic to: 103.105.12.48:1234, 104.21.25.86:443, 106.107.197.9:80, 106.107.197.9:8080, 111.50.199.67:80, 111.50.199.67:8080, 112.242.143.232:80, 112.242.143.232:8080, 114.19.12.193:80, 114.19.12.193:8080, 118.41.204.72:1234, 120.236.78.194:1234, 120.31.133.162:1234, 123.161.74.16:80, 123.161.74.16:8080, 124.115.231.214:1234, 125.91.206.10:80, 125.91.206.10:8080, 138.16.154.134:80, 138.16.154.134:8080, 146.122.27.12:80, 146.122.27.12:8080, 148.157.103.187:80, 150.135.137.174:80, 150.135.137.174:8080, 160.49.194.250:80, 160.49.194.250:8080, 161.107.113.27:1234, 164.246.59.86:80, 164.246.59.86:8080, 169.111.196.172:80, 169.111.196.172:8080, 171.221.245.99:80, 171.221.245.99:8080, 172.67.133.228:443, 173.18.35.41:1234, 173.204.207.20:80, 173.204.207.20:8080, 181.193.60.91:80, 181.193.60.91:8080, 182.224.177.56:1234, 190.12.120.30:1234, 191.242.182.210:1234, 191.242.188.103:1234, 192.102.140.124:80, 192.102.140.124:8080, 20.141.185.205:1234, 203.94.100.128:80, 203.94.100.128:8080, 209.216.177.158:1234, 209.216.177.238:1234, 210.99.20.194:1234, 211.162.184.120:1234, 213.131.219.12:80, 213.131.219.12:8080, 217.1.26.150:80, 217.1.26.150:8080, 222.100.124.62:1234, 223.171.91.191:1234, 246.160.67.224:80, 246.160.67.224:8080, 25.174.9.115:80, 25.174.9.115:8080, 250.132.115.240:80, 28.127.239.52:80, 28.127.239.52:8080, 31.19.237.170:1234, 32.135.246.65:80, 32.135.246.65:8080, 35.186.109.242:80, 40.133.111.84:80, 40.133.111.84:8080, 49.233.159.222:1234, 5.66.170.91:80, 5.66.170.91:8080, 51.75.146.174:443, 52.117.207.203:80, 52.117.207.203:8080, 52.131.32.110:1234, 54.178.217.244:80, 55.31.127.89:80, 55.31.127.89:8080, 58.229.125.66:1234, 62.12.106.5:1234, 63.3.9.143:80, 63.3.9.143:8080 and 82.149.112.170:1234 |
Outgoing Connection |
Process /tmp/ifconfig started listening on ports: 1234, 8084 and 8180 |
Listening |
Process /tmp/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 80 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|