IP Address: 162.252.57.102Previously Malicious
IP Address: 162.252.57.102Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
18 Shell Commands Port 1234 Scan Successful SSH Login SSH System File Modification Download and Execute Port 22 Scan Port 2222 Scan Listening Download and Allow Execution |
Associated Attack Servers |
avonet.cz internet.co.za orange-business.com shiftingeconomic.com 23.254.217.214 47.88.244.157 47.91.87.67 47.240.81.242 50.200.136.67 50.200.136.114 50.222.16.235 50.239.104.243 78.189.47.125 82.117.196.30 87.247.174.155 88.249.2.94 100.0.197.18 106.75.7.111 112.35.67.136 121.156.203.3 156.155.179.14 190.145.102.57 211.110.184.22 217.112.162.10 218.151.100.195 221.142.135.128 |
IP Address |
162.252.57.102 |
|
Domain |
- |
|
ISP |
Netrouting |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2019-08-18 |
Last seen in Akamai Guardicore Segmentation |
2020-05-06 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
System file /etc/ifconfig was modified 4 times |
System File Modification |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
System file /etc/nginx was modified 4 times |
System File Modification |
The file /etc/ifconfig was downloaded and executed |
Download and Execute |
The file /etc/nginx was downloaded and executed 143 times |
Download and Execute |
Process /etc/ifconfig scanned port 1234 on 13 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 1234 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 1234 on 42 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 22 on 13 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 2222 on 13 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /bin/nc.openbsd scanned port 1234 on 13 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 13 IP Addresses 3 times |
Port 1234 Scan |
Process /etc/ifconfig scanned port 22 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 22 on 42 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 2222 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig started listening on ports: 1234 |
Listening |
Process /etc/ifconfig generated outgoing network traffic to: 100.171.30.168:22, 104.15.25.81:1234, 107.172.90.18:1234, 112.214.87.98:22, 112.214.87.98:2222, 112.217.225.61:1234, 120.229.115.9:22, 121.207.150.193:22, 121.207.150.193:2222, 123.57.138.150:1234, 128.103.42.18:22, 128.103.42.18:2222, 128.126.165.21:22, 128.126.165.21:2222, 128.175.63.179:22, 128.175.63.179:2222, 144.213.87.9:22, 15.108.126.224:2222, 15.123.149.13:2222, 152.9.47.54:22, 152.9.47.54:2222, 17.149.98.21:22, 17.149.98.21:2222, 170.121.85.223:22, 170.121.85.223:2222, 175.96.112.50:22, 176.69.163.55:2222, 183.131.88.240:22, 183.131.88.240:2222, 188.36.202.107:22, 188.36.202.107:2222, 193.96.125.32:22, 20.240.53.4:2222, 201.234.60.154:22, 201.234.60.154:2222, 21.70.237.233:22, 21.70.237.233:2222, 215.112.116.53:22, 218.93.239.44:1234, 220.225.5.204:22, 220.225.5.204:2222, 222.154.86.51:1234, 23.131.205.202:2222, 23.254.217.214:1234, 24.158.63.182:1234, 245.75.67.38:2222, 247.193.218.56:22, 247.193.218.56:2222, 247.63.36.30:2222, 248.12.8.116:2222, 25.181.62.6:2222, 25.40.66.23:22, 25.40.66.23:2222, 252.38.111.216:22, 30.172.108.43:22, 30.172.108.43:2222, 47.91.87.67:1234, 48.243.216.192:22, 48.243.216.192:2222, 5.64.122.187:2222, 51.216.2.5:22, 51.216.2.5:2222, 53.127.19.179:22, 53.127.19.179:2222, 58.48.160.219:22, 59.10.57.164:22, 59.10.57.164:2222, 61.183.95.18:2222, 63.222.114.226:22, 63.222.114.226:2222, 64.97.82.127:22, 65.55.226.177:2222, 69.116.10.41:2222, 72.37.208.74:22, 76.18.155.246:2222, 77.196.49.75:22, 77.196.49.75:2222, 78.189.47.125:1234, 78.220.78.5:2222, 78.58.50.174:22, 78.58.50.174:2222, 81.170.214.154:1234, 81.253.63.240:22, 81.253.63.240:2222, 9.191.98.176:22, 94.100.118.251:22, 94.100.118.251:2222, 94.199.2.252:2222, 96.226.55.182:22 and 96.226.55.182:2222 |
|
Process /etc/ifconfig scanned port 2222 on 42 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 42 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 17 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 4 times |
Download and Execute |
Connection was closed due to timeout |
|