IP Address: 198.54.62.248Previously Malicious
IP Address: 198.54.62.248Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
18 Shell Commands Port 2222 Scan SSH Listening Port 22 Scan Successful SSH Login Download and Allow Execution Download and Execute |
Associated Attack Servers |
3.0.200.154 52.39.144.179 73.254.114.94 100.0.197.18 140.127.211.177 223.100.123.165 |
IP Address |
198.54.62.248 |
|
Domain |
- |
|
ISP |
Progressive Finance |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-06-11 |
Last seen in Akamai Guardicore Segmentation |
2020-08-13 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 4 times |
Successful SSH Login |
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 93 times |
Download and Execute |
Process /tmp/nginx scanned port 22 on 50 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 22 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 2222 on 50 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx started listening on ports: 1234 |
Listening |
Process /tmp/nginx generated outgoing network traffic to: 104.105.56.76:22, 104.105.56.76:2222, 105.177.112.27:2222, 112.137.81.123:22, 113.138.125.46:22, 116.184.170.165:22, 116.184.170.165:2222, 119.206.201.160:2222, 120.143.60.47:22, 120.143.60.47:2222, 122.230.29.86:22, 128.3.31.137:2222, 133.245.31.237:22, 133.245.31.237:2222, 142.198.37.111:22, 142.198.37.111:2222, 142.97.58.44:22, 142.97.58.44:2222, 144.74.235.169:22, 144.74.235.169:2222, 16.138.177.243:22, 16.138.177.243:2222, 161.15.196.165:22, 163.49.45.33:22, 163.49.45.33:2222, 172.129.110.128:22, 174.116.10.22:22, 175.177.23.106:22, 175.177.23.106:2222, 187.14.177.110:22, 187.14.177.110:2222, 187.225.57.244:22, 187.225.57.244:2222, 191.105.13.83:22, 191.105.13.83:2222, 195.190.236.158:22, 195.190.236.158:2222, 198.38.69.210:22, 198.38.69.210:2222, 211.235.93.156:22, 211.235.93.156:2222, 22.235.143.176:22, 22.235.143.176:2222, 24.12.126.105:22, 24.12.126.105:2222, 24.82.79.218:22, 243.201.86.219:22, 243.201.86.219:2222, 244.73.9.147:22, 244.73.9.147:2222, 248.139.107.36:22, 248.139.107.36:2222, 250.8.118.125:22, 250.8.118.125:2222, 252.44.10.153:22, 253.189.109.125:22, 253.189.109.125:2222, 28.226.85.47:22, 28.226.85.47:2222, 3.248.119.129:22, 31.173.24.153:22, 36.56.40.27:22, 36.56.40.27:2222, 44.44.173.38:22, 44.44.173.38:2222, 45.250.198.73:22, 45.250.198.73:2222, 5.20.79.24:22, 5.20.79.24:2222, 63.20.208.116:22, 63.20.208.116:2222, 65.143.56.79:22, 65.143.56.79:2222, 74.49.104.155:22, 74.49.104.155:2222, 77.95.139.130:22, 78.203.85.55:22, 82.15.39.196:2222, 88.87.236.95:22, 89.60.85.59:22, 89.60.85.59:2222, 90.93.58.130:22, 90.93.58.130:2222, 91.248.71.88:22, 96.61.52.135:22, 97.101.54.19:22 and 97.101.54.19:2222 |
|
Process /tmp/nginx scanned port 2222 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 6 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 3 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 5 times |
Download and Execute |
Connection was closed due to timeout |
|