IP Address: 162.243.169.175Previously Malicious
IP Address: 162.243.169.175Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 22 Scan SFTP Service Creation Download File SSH Successful SSH Login Download and Execute 1 Shell Commands Listening Port 1919 Scan Download and Allow Execution |
|
Associated Attack Servers |
62.210.130.171 64.31.35.102 65.0.154.17 85.214.90.124 173.212.208.146 200.24.152.166 |
|
IP Address |
162.243.169.175 |
|
|
Domain |
- |
|
|
ISP |
Digital Ocean |
|
|
Country |
United States |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-03-30 |
|
Last seen in Akamai Guardicore Segmentation |
2022-04-04 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
./.4780222323980205668/sshd was downloaded |
Download File |
|
The file /root/.4780222323980205668/sshd was downloaded and executed 72 times |
Download and Execute |
|
Process /usr/bin/nohup generated outgoing network traffic to: 101.107.99.190:22, 102.47.138.65:22, 103.112.188.184:22, 104.180.212.253:22, 106.151.94.191:22, 108.42.22.142:22, 108.56.18.27:22, 109.121.152.177:22, 111.29.247.2:22, 112.164.119.57:22, 113.237.183.168:22, 114.9.77.97:22, 118.118.88.32:22, 118.65.199.250:22, 119.205.113.172:22, 121.20.62.8:22, 124.161.94.248:22, 125.169.225.21:22, 128.14.107.243:22, 130.113.111.108:22, 130.227.247.108:22, 135.230.33.58:22, 135.83.221.157:22, 137.95.37.137:22, 14.115.175.253:22, 14.186.59.111:22, 143.62.69.93:22, 146.23.145.76:22, 150.113.149.20:22, 151.224.28.167:22, 153.22.21.62:22, 155.14.37.182:22, 157.175.97.203:1919, 161.153.98.158:22, 161.97.168.139:1919, 162.243.169.175:1919, 163.247.235.185:22, 163.79.159.254:22, 168.42.49.88:22, 17.176.25.186:22, 17.4.248.115:22, 172.175.12.167:22, 174.135.247.166:22, 176.122.28.139:22, 179.42.206.16:22, 179.80.14.203:22, 184.95.220.154:22, 185.234.72.137:1919, 185.40.86.220:22, 187.243.95.38:22, 189.74.32.11:22, 19.194.52.203:22, 190.139.126.207:22, 192.191.17.143:22, 2.175.72.252:22, 20.53.60.113:22, 200.115.64.34:1919, 202.231.160.240:22, 205.21.136.46:22, 208.212.11.208:22, 208.220.7.40:22, 21.195.163.82:22, 210.206.59.188:22, 212.185.128.103:22, 213.112.106.164:22, 22.112.68.239:22, 24.216.130.242:22, 25.5.82.168:22, 35.59.175.85:22, 39.174.51.214:22, 40.48.205.146:22, 41.10.240.247:22, 44.175.105.221:22, 48.73.93.236:22, 51.176.247.57:22, 51.195.60.71:1919, 52.12.184.242:22, 54.43.91.18:22, 56.33.199.172:22, 6.197.80.111:22, 61.165.243.87:22, 61.239.82.40:22, 62.210.130.171:1919, 63.63.207.170:22, 64.31.35.102:1919, 65.0.154.17:1919, 68.238.190.151:22, 69.152.168.54:22, 69.164.212.94:1919, 74.147.160.93:22, 74.207.53.31:22, 75.90.24.168:22, 76.18.189.246:22, 77.171.175.30:22, 80.210.45.175:22, 85.49.186.152:22, 86.237.169.3:22, 87.60.166.177:22, 89.196.142.58:22 and 96.4.241.254:22 |
|
|
Process /usr/bin/nohup scanned port 1919 on 10 IP Addresses |
Port 22 Scan Port 1919 Scan |
|
Process /usr/bin/nohup scanned port 1919 on 90 IP Addresses |
Port 22 Scan Port 1919 Scan |
|
Process /usr/bin/nohup scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 1919 Scan |
|
Process /usr/bin/nohup scanned port 22 on 90 IP Addresses |
Port 22 Scan Port 1919 Scan |
|
Process /usr/bin/nohup started listening on ports: 1919 and 22 |
Listening |
|
Service systemd-worker was created |
Service Creation |
|
Connection was closed due to timeout |
|
|
/root/.2032687141960750504/xinetd |
SHA256: b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0 |
30171136 bytes |
© 2023 Akamai Technologies