IP Address: 1.13.252.29Previously Malicious
IP Address: 1.13.252.29Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Download and Execute SSH Superuser Operation Successful SSH Login |
Associated Attack Servers |
IP Address |
1.13.252.29 |
|
Domain |
- |
|
ISP |
- |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-07-12 |
Last seen in Akamai Guardicore Segmentation |
2022-07-18 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
The file /etc/ifconfig was downloaded and granted execution privileges |
|
System file /etc/ifconfig was modified 4 times |
System File Modification |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
System file /etc/apache2 was modified 4 times |
System File Modification |
The file /etc/apache2 was downloaded and executed 186 times |
Download and Execute |
Process /etc/apache2 scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /etc/apache2 generated outgoing network traffic to: 103.90.177.102:1234, 11.178.31.139:80, 11.178.31.139:8080, 111.162.32.109:80, 111.162.32.109:8080, 124.115.231.214:1234, 13.111.125.222:80, 142.250.190.4:443, 156.145.128.200:80, 156.145.128.200:8080, 156.190.145.30:80, 156.190.145.30:8080, 161.98.111.97:80, 161.98.111.97:8080, 171.161.14.157:80, 171.161.14.157:8080, 171.188.226.184:80, 171.188.226.184:8080, 185.210.144.122:1234, 188.116.90.13:80, 188.116.90.13:8080, 191.242.182.210:1234, 192.15.85.154:80, 192.15.85.154:8080, 20.130.137.16:80, 20.130.137.16:8080, 202.161.74.59:80, 202.161.74.59:8080, 202.61.203.229:1234, 206.189.25.255:1234, 208.35.136.250:80, 208.35.136.250:8080, 209.216.177.238:1234, 212.57.36.20:1234, 222.100.124.62:1234, 222.121.63.87:1234, 222.134.240.91:1234, 223.171.91.127:1234, 223.171.91.160:1234, 243.203.15.93:80, 243.203.15.93:8080, 248.211.192.186:80, 248.211.192.186:8080, 25.91.27.166:80, 25.91.27.166:8080, 250.26.155.241:80, 250.26.155.241:8080, 30.174.24.172:80, 30.174.24.172:8080, 31.19.237.170:1234, 31.44.178.135:80, 31.44.178.135:8080, 43.242.247.139:1234, 51.75.146.174:443, 52.107.204.234:80, 52.107.204.234:8080, 52.131.32.110:1234, 56.27.42.47:80, 56.27.42.47:8080, 58.215.53.111:80, 58.215.53.111:8080, 58.229.125.66:1234, 59.190.88.203:80, 59.190.88.203:8080, 61.84.162.66:1234, 62.12.106.5:1234, 63.34.175.26:80, 63.34.175.26:8080, 64.227.132.175:1234, 65.99.241.59:80, 65.99.241.59:8080, 69.168.36.81:80, 69.168.36.81:8080, 75.37.170.197:80, 75.37.170.197:8080, 78.204.208.88:80, 78.204.208.88:8080, 82.149.112.170:1234, 86.133.233.66:1234, 9.146.133.152:80, 9.146.133.152:8080, 93.176.229.145:1234, 94.209.76.88:80, 94.209.76.88:8080, 95.154.21.210:1234, 95.218.61.1:80, 95.218.61.1:8080, 98.203.109.138:80 and 98.203.109.138:8080 |
Outgoing Connection |
Process /etc/apache2 started listening on ports: 1234, 8086 and 8181 |
Listening |
Process /etc/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|