IP Address: 92.49.186.143Previously Malicious
IP Address: 92.49.186.143Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Download File SSH Superuser Operation Successful SSH Login Download and Execute SCP Download and Allow Execution |
Associated Attack Servers |
1.116.42.111 12.89.10.104 14.74.45.81 14.74.181.180 18.117.102.239 20.141.185.205 25.183.141.25 27.52.104.110 30.4.54.45 30.55.166.128 31.198.43.250 38.119.167.206 43.242.247.139 59.79.240.139 60.53.193.216 65.80.198.146 66.67.99.159 88.67.131.152 91.170.71.137 99.77.230.75 99.99.118.198 103.169.163.68 106.52.252.228 106.130.238.57 110.42.139.41 124.223.32.141 138.170.13.161 149.113.20.91 150.158.159.119 |
IP Address |
92.49.186.143 |
|
Domain |
- |
|
ISP |
Rostelecom |
|
Country |
Russian Federation |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-28 |
Last seen in Akamai Guardicore Segmentation |
2022-04-05 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 203 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 22 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig generated outgoing network traffic to: 1.103.194.71:80, 1.103.194.71:8080, 100.222.123.94:80, 100.222.123.94:8080, 104.21.25.86:443, 106.70.175.121:80, 106.70.175.121:8080, 107.15.49.38:80, 107.15.49.38:8080, 107.69.131.122:22, 115.254.63.51:1234, 116.31.107.208:1234, 120.251.130.93:80, 120.251.130.93:8080, 131.155.117.28:80, 131.155.117.28:8080, 132.92.220.101:2222, 138.200.110.106:80, 138.200.110.106:8080, 14.70.143.112:80, 14.70.143.112:8080, 143.134.63.114:22, 145.177.164.55:80, 145.177.164.55:8080, 156.71.169.234:80, 156.71.169.234:8080, 157.206.80.153:80, 157.206.80.153:8080, 158.199.225.119:2222, 165.4.24.200:80, 165.4.24.200:8080, 166.99.202.108:80, 166.99.202.108:8080, 170.53.245.66:80, 170.53.245.66:8080, 172.67.133.228:443, 179.211.132.86:80, 179.211.132.86:8080, 185.36.166.174:80, 185.36.166.174:8080, 20.140.65.103:80, 20.140.65.103:8080, 204.188.210.108:80, 204.188.210.108:8080, 205.19.236.56:80, 205.19.236.56:8080, 205.251.246.128:80, 205.251.246.128:8080, 213.238.206.178:80, 213.238.206.178:8080, 215.109.50.113:2222, 223.171.91.149:1234, 245.136.130.168:22, 25.56.141.140:80, 25.56.141.140:8080, 250.186.197.213:80, 250.186.197.213:8080, 32.102.167.79:80, 32.102.167.79:8080, 32.169.57.252:80, 32.169.57.252:8080, 33.164.168.228:80, 33.164.168.228:8080, 33.84.57.15:80, 33.84.57.15:8080, 36.90.83.31:2222, 37.23.235.221:80, 37.23.235.221:8080, 38.134.144.20:22, 38.42.59.37:22, 42.192.204.53:1234, 42.47.234.171:80, 42.47.234.171:8080, 44.113.66.92:80, 44.113.66.92:8080, 49.31.131.33:2222, 51.123.206.118:22, 51.75.146.174:443, 60.53.193.216:1234, 63.2.169.158:2222, 67.128.37.142:80, 67.128.37.142:8080, 81.70.21.147:1234, 82.157.50.152:1234, 87.253.150.174:22, 92.139.140.77:80, 92.139.140.77:8080, 97.171.162.123:22 and 99.87.102.236:22 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8084 and 8188 |
Listening |
Process /root/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
The file /root/php-fpm was downloaded and executed 32 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 22 times |
Download and Execute |
Connection was closed due to timeout |
|