IP Address: 64.31.33.218Previously Malicious
IP Address: 64.31.33.218Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
SSH Superuser Operation Successful SSH Login Download and Execute Download and Allow Execution |
Associated Attack Servers |
IP Address |
64.31.33.218 |
|
Domain |
- |
|
ISP |
Limestone Networks |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-20 |
Last seen in Akamai Guardicore Segmentation |
2022-04-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 196 times |
Download and Execute |
Process /tmp/apache2 started listening on ports: 1234, 8086 and 8186 |
Listening |
Process /tmp/apache2 generated outgoing network traffic to: 1.1.1.1:443, 102.241.156.64:2222, 108.138.106.50:80, 108.138.106.50:8080, 110.157.210.144:80, 110.157.210.144:8080, 114.93.130.198:80, 114.93.130.198:8080, 117.50.179.71:1234, 119.156.189.8:80, 119.156.189.8:8080, 125.17.115.94:1234, 131.59.131.221:80, 131.59.131.221:8080, 14.94.192.166:80, 14.94.192.166:8080, 14.94.192.166:8090, 142.251.32.4:443, 147.111.51.216:80, 147.111.51.216:8080, 147.246.39.125:80, 147.246.39.125:8080, 148.48.134.75:80, 148.48.134.75:8080, 148.62.79.214:80, 148.62.79.214:8080, 150.189.11.180:80, 150.189.11.180:8080, 152.211.38.39:80, 152.211.38.39:8080, 160.31.82.66:80, 160.31.82.66:8080, 160.8.95.146:80, 160.8.95.146:8080, 165.2.54.123:80, 165.2.54.123:8080, 168.58.224.215:80, 168.58.224.215:8080, 172.67.133.228:443, 174.57.29.113:80, 174.57.29.113:8080, 180.43.214.190:80, 180.43.214.190:8080, 194.250.215.100:80, 194.250.215.100:8080, 194.42.234.127:2222, 2.174.168.49:80, 2.174.168.49:8080, 200.145.1.68:2222, 222.165.136.99:1234, 223.171.91.127:1234, 24.170.209.26:80, 24.170.209.26:8080, 240.186.32.194:2222, 250.238.2.125:2222, 250.79.146.146:80, 250.79.146.146:8080, 36.7.12.1:80, 36.7.12.1:8080, 36.7.12.1:8090, 37.17.25.16:80, 37.17.25.16:8080, 41.152.26.199:22, 42.231.30.127:1234, 51.75.146.174:443, 57.27.150.163:80, 57.27.150.163:8080, 6.222.209.22:80, 6.222.209.22:8080, 60.53.193.216:1234, 64.62.241.237:80, 64.62.241.237:8080, 64.62.241.237:8090, 65.215.210.42:80, 65.215.210.42:8080, 66.40.225.224:80, 66.40.225.224:8080, 68.147.247.132:22, 79.126.129.13:80, 79.126.129.13:8080, 79.98.21.60:80, 79.98.21.60:8080, 8.8.4.4:443, 8.8.8.8:443, 82.134.224.11:80, 82.134.224.11:8080, 92.53.37.232:2222 and 97.122.125.122:2222 |
Outgoing Connection |
Process /tmp/apache2 scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 attempted to access suspicious domains: adsl, ae2am1.shop, cabletel.com.mk and qwest.net |
Access Suspicious Domain Outgoing Connection |
The file /tmp/php-fpm was downloaded and executed 35 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and granted execution privileges |
Download and Allow Execution |
The file /tmp/php-fpm was downloaded and executed 22 times |
Download and Execute |
Connection was closed due to timeout |
|