IP Address: 222.117.95.174Malicious
IP Address: 222.117.95.174Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SSH SCP |
|
Tags |
SSH Superuser Operation SCP Download File Download and Allow Execution Successful SSH Login Download and Execute |
|
Associated Attack Servers |
amazonaws.com bsnl.in Cablevision.com.mx centurylink.com.ar cerfnet.com codetel.net.do escom.bg idknet.com iforte.net.id jaguarinet.com.br knology.net koalanet.ne.jp mchsi.com m-online.net mycingular.net n11.dev netlan.nl networklubbock.net ovh.net poneytelecom.eu quicksrv.de veloxzone.com.br verointernet.com.br vps.co.ve wellcom.at 54.38.188.38 46.229.134.81 34.116.189.40 161.70.98.32 70.125.109.133 128.8.238.106 104.18.77.82 223.99.166.104 59.1.226.211 45.120.216.114 190.216.117.44 8.242.232.86 200.239.4.141 34.85.186.96 217.85.239.81 223.171.91.148 18.205.117.37 66.6.216.63 47.113.190.219 45.168.133.250 209.216.177.238 49.55.58.41 4.4.66.84 103.90.177.102 67.22.223.124 187.16.182.17 82.149.112.170 35.170.191.119 185.248.192.148 62.216.223.81 |
|
IP Address |
222.117.95.174 |
|
|
Domain |
- |
|
|
ISP |
Korea Telecom |
|
|
Country |
Korea, Republic of |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-09-21 |
|
Last seen in Akamai Guardicore Segmentation |
2023-06-20 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 6 times |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 24 times |
Superuser Operation |
|
The file /var/tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /var/tmp/apache2 was downloaded and executed 108 times |
Download and Execute |
|
Process /var/tmp/apache2 scanned port 1234 on 43 IP Addresses |
Port 1234 Scan |
|
Process /root/ifconfig scanned port 1234 on 43 IP Addresses |
Port 1234 Scan |
|
Process /root/apache2 scanned port 1234 on 43 IP Addresses |
Port 1234 Scan |
|
Process /etc/apache2 scanned port 1234 on 43 IP Addresses |
Port 1234 Scan |
|
Process /etc/ifconfig scanned port 1234 on 43 IP Addresses |
Port 1234 Scan |
|
Process /dev/shm/apache2 scanned port 1234 on 43 IP Addresses |
Port 1234 Scan |
|
Process /tmp/ifconfig scanned port 1234 on 43 IP Addresses |
Port 1234 Scan |
|
Process /var/tmp/apache2 started listening on ports: 1234, 8087 and 8183 |
Listening |
|
The file /root/ifconfig was downloaded and executed 15 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 160 times |
Download and Execute |
|
Process /root/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 139.209.222.134:1234, 142.250.191.164:443, 172.64.200.11:443, 202.61.203.229:1234, 51.75.146.174:443, 59.3.186.45:1234, 61.77.105.219:1234 and 8.8.8.8:443 |
Outgoing Connection |
|
Process /root/ifconfig started listening on ports: 1234, 8089 and 8181 |
Listening |
|
The file /root/apache2 was downloaded and executed 52 times |
Download and Execute |
|
Process /root/apache2 generated outgoing network traffic to: 111.53.11.130:1234, 49.233.159.222:1234 and 59.3.186.45:1234 |
|
|
Process /root/apache2 started listening on ports: 1234, 8085 and 8182 |
Listening |
|
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /etc/apache2 was downloaded and executed 157 times |
Download and Execute |
|
Process /etc/apache2 started listening on ports: 1234, 8088 and 8184 |
Listening |
|
Process /etc/apache2 generated outgoing network traffic to: 123.132.238.210:1234, 161.35.79.199:1234, 172.64.200.11:443, 172.64.201.11:443 and 89.212.123.191:1234 |
Outgoing Connection |
|
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /etc/apache2 was downloaded and executed 41 times |
Download and Execute |
|
Process /etc/ifconfig generated outgoing network traffic to: 101.42.90.177:1234, 103.152.118.20:1234, 103.90.177.102:1234, 120.224.34.31:1234, 124.223.14.100:1234, 150.107.95.20:1234, 161.107.113.27:1234, 172.64.200.11:443, 172.64.201.11:443, 210.99.20.194:1234, 212.57.36.20:1234, 222.134.240.91:1234, 222.165.136.99:1234 and 82.149.112.170:1234 |
Outgoing Connection |
|
Process /etc/ifconfig started listening on ports: 1234, 8089 and 8183 |
Listening |
|
/dev/shm/ifconfig was downloaded |
Download File |
|
Process /dev/shm/apache2 generated outgoing network traffic to: 103.152.118.20:1234, 111.53.11.130:1234, 117.16.44.111:1234, 118.218.209.149:1234, 120.31.133.162:1234, 161.107.113.27:1234, 172.64.200.11:443, 172.64.201.11:443, 190.138.240.233:1234, 190.60.239.44:1234, 20.141.185.205:1234, 210.99.20.194:1234, 218.146.15.97:1234 and 58.229.125.66:1234 |
Outgoing Connection |
|
Process /dev/shm/apache2 started listening on ports: 1234, 8082 and 8184 |
Listening |
|
/tmp/ifconfig was downloaded |
Download File |
|
The file /tmp/apache2 was downloaded and executed 250 times |
Download and Execute |
|
Process /tmp/ifconfig generated outgoing network traffic to: 101.42.90.177:1234, 103.90.177.102:1234, 118.218.209.149:1234, 118.41.204.72:1234, 120.236.79.182:1234, 120.31.133.162:1234, 123.132.238.210:1234, 139.209.222.134:1234, 172.64.200.11:443, 172.64.201.11:443, 191.242.188.103:1234, 212.57.36.20:1234, 220.243.148.80:1234, 222.165.136.99:1234, 223.99.166.104:1234, 45.120.216.114:1234, 49.233.159.222:1234, 51.75.146.174:443, 52.131.32.110:1234, 61.84.162.66:1234, 64.227.132.175:1234, 84.204.148.99:1234, 86.133.233.66:1234, 94.153.165.43:1234 and 95.154.21.210:1234 |
Outgoing Connection |
|
Process /tmp/ifconfig started listening on ports: 1234, 8088 and 8183 |
Listening |
|
./ifconfig was downloaded |
Download File |
|
/var/tmp/ifconfig was downloaded |
Download File |
|
Connection was closed due to user inactivity |
|
|
/var/tmp/apache2 |
SHA256: 64cdfd97a3e22fde4245d682910b8c7b130ce93adda909f9cdd90f8c68d92fc1 |
2862704 bytes |
|
/tmp/ifconfig |
SHA256: dd8f5dd6987049ef330031740620e10ab46ba1004dc20d556f39c7a8a133040d |
3110236 bytes |
© 2023 Akamai Technologies
