IP Address: 52.170.42.103Malicious
IP Address: 52.170.42.103Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SCP |
|
Tags |
Port 8080 Scan Successful SSH Login Port 22 Scan SSH SCP Port 80 Scan Outgoing Connection Download File Superuser Operation Listening 3 Shell Commands |
|
Associated Attack Servers |
dns.google iia.cl t-2.net xmrpool.eu 1.1.1.1 8.8.4.4 8.8.8.8 20.141.185.205 42.193.193.33 51.75.146.174 81.70.92.205 89.212.123.191 96.203.150.151 101.43.173.48 103.111.211.61 103.152.37.54 104.248.34.146 104.248.36.230 110.42.209.158 155.152.44.97 155.199.224.164 159.75.135.54 172.64.162.15 172.64.163.15 190.14.48.123 |
|
IP Address |
52.170.42.103 |
|
|
Domain |
- |
|
|
ISP |
- |
|
|
Country |
United States |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2023-05-24 |
|
Last seen in Akamai Guardicore Segmentation |
2023-05-24 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
|
/dev/shm/ifconfig was downloaded |
Download File |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
Process /dev/shm/apache2 scanned port 22 on 12 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 22 on 32 IP Addresses 2 times |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 80 on 12 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 12 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 started listening on ports: 1234, 8085 and 8181 |
Listening |
|
Process /dev/shm/apache2 generated outgoing network traffic to: 102.37.146.213:22, 104.248.34.146:1234, 104.248.36.230:1234, 110.10.162.253:80, 110.10.162.253:8080, 110.42.209.158:1234, 111.152.61.126:80, 111.152.61.126:8080, 113.2.243.203:80, 113.2.243.203:8080, 118.251.11.126:80, 118.251.11.126:8080, 122.131.25.60:80, 122.131.25.60:8080, 134.173.26.30:80, 134.173.26.30:8080, 136.34.208.3:80, 136.34.208.3:8080, 151.35.22.137:80, 151.35.22.137:8080, 151.54.200.167:80, 151.54.200.167:8080, 155.152.44.97:2222, 155.199.224.164:2222, 156.44.16.110:22, 159.75.135.54:1234, 160.13.171.24:80, 160.13.171.24:8080, 172.64.162.15:443, 172.64.163.15:443, 175.105.179.198:80, 175.105.179.198:8080, 182.18.80.239:80, 182.18.80.239:8080, 186.250.84.86:80, 186.250.84.86:8080, 189.233.79.185:80, 189.233.79.185:8080, 193.17.127.180:22, 201.71.217.150:80, 201.71.217.150:8080, 203.109.129.162:80, 203.109.129.162:8080, 206.220.158.206:22, 211.113.71.57:80, 211.113.71.57:8080, 216.113.28.187:80, 216.113.28.187:8080, 222.157.15.123:22, 240.36.121.57:80, 240.36.121.57:8080, 241.231.30.37:80, 241.231.30.37:8080, 246.122.135.9:80, 246.122.135.9:8080, 247.236.132.93:80, 247.236.132.93:8080, 253.208.23.181:80, 253.208.23.181:8080, 27.163.215.110:22, 27.175.22.31:80, 27.175.22.31:8080, 27.241.196.22:80, 27.241.196.22:8080, 29.46.209.41:22, 38.98.46.163:80, 38.98.46.163:8080, 42.193.193.33:1234, 46.206.29.126:80, 46.206.29.126:8080, 51.75.146.174:443, 53.123.222.114:22, 78.233.18.228:22, 8.85.29.221:80, 8.85.29.221:8080, 81.70.92.205:1234, 85.11.111.41:80, 85.11.111.41:8080, 88.118.35.240:22, 9.206.60.18:22, 91.125.240.79:80, 91.125.240.79:8080, 91.50.49.98:80, 91.50.49.98:8080, 96.175.196.244:80, 96.175.196.244:8080 and 96.203.150.151:2222 |
Outgoing Connection |
|
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses 2 times |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses 2 times |
Port 8080 Scan Port 22 Scan Port 80 Scan |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies