IP Address: 52.175.252.75Previously Malicious
IP Address: 52.175.252.75Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SSH Download and Allow Execution Successful SSH Login Listening Port 2222 Scan Download and Execute Port 1234 Scan 7 Shell Commands |
Associated Attack Servers |
2.78.61.194 18.162.120.237 18.162.200.166 50.233.209.202 59.24.153.124 68.84.68.139 73.144.18.16 100.0.197.18 111.20.56.244 122.51.48.52 123.231.141.102 140.127.211.177 161.139.68.245 166.168.111.151 172.105.92.28 199.223.232.244 218.146.128.93 218.151.35.193 |
IP Address |
52.175.252.75 |
|
Domain |
- |
|
ISP |
Microsoft Corporation |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-06-06 |
Last seen in Akamai Guardicore Segmentation |
2020-06-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
Process /bin/nc.openbsd scanned port 1234 on 16 IP Addresses 2 times |
Port 1234 Scan |
Process /root/ifconfig scanned port 1234 on 16 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 16 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 16 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 1234 on 42 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 1234 on 33 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /bin/bash scanned port 1234 on 16 IP Addresses 3 times |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 131 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 42 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 42 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 33 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig started listening on ports: 1234 |
Listening |
Process /root/ifconfig generated outgoing network traffic to: 103.127.80.9:1234, 106.233.110.10:22, 106.233.110.10:2222, 11.13.43.90:22, 11.13.43.90:2222, 113.15.114.151:1234, 114.217.179.49:1234, 12.45.26.234:22, 12.45.26.234:2222, 122.16.203.233:2222, 122.76.63.36:22, 122.76.63.36:2222, 125.206.207.233:22, 126.54.57.177:22, 128.199.160.116:1234, 132.79.45.47:22, 136.77.91.91:22, 137.162.163.168:22, 137.162.163.168:2222, 140.127.211.177:1234, 145.14.157.171:1234, 145.193.29.131:22, 148.70.242.55:1234, 15.212.200.156:22, 15.212.200.156:2222, 15.65.222.8:22, 152.18.241.121:22, 152.18.241.121:2222, 159.18.205.188:22, 159.245.141.88:2222, 159.33.243.85:22, 159.33.243.85:2222, 160.163.56.216:22, 160.163.56.216:2222, 160.89.223.189:22, 160.89.223.189:2222, 162.213.224.45:22, 162.213.224.45:2222, 168.59.159.96:22, 168.59.159.96:2222, 172.105.92.28:1234, 18.167.223.126:22, 18.83.139.17:22, 194.125.181.50:22, 194.125.181.50:2222, 196.141.91.218:22, 196.38.100.69:22, 196.38.100.69:2222, 199.223.232.244:1234, 2.10.72.159:22, 20.133.103.216:2222, 203.134.244.94:22, 203.134.244.94:2222, 207.40.50.168:22, 207.40.50.168:2222, 208.246.18.217:22, 208.246.18.217:2222, 209.181.59.194:22, 209.181.59.194:2222, 212.9.57.8:22, 212.9.57.8:2222, 213.216.188.189:2222, 218.151.35.193:1234, 24.146.4.180:22, 24.146.4.180:2222, 244.13.113.236:2222, 244.58.146.195:2222, 249.157.107.193:22, 249.157.107.193:2222, 29.137.32.197:2222, 31.206.240.54:1234, 36.193.211.25:2222, 39.61.60.166:22, 39.61.60.166:2222, 52.231.188.167:1234, 52.245.163.206:2222, 53.13.53.14:22, 53.13.53.14:2222, 58.40.104.15:22, 58.40.104.15:2222, 59.26.132.133:1234, 66.72.247.240:22, 68.84.68.139:1234, 69.22.26.133:22, 73.53.70.19:22, 91.62.137.195:22, 91.78.183.48:22 and 98.26.80.33:22 |
|
Process /root/ifconfig scanned port 2222 on 33 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /root/php-fpm was downloaded and executed 46 times |
Download and Execute |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /root/php-fpm was downloaded and executed 42 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 15 times |
Download and Execute |
The file /root/php-fpm was downloaded and granted execution privileges |
Download and Allow Execution |
Connection was closed due to timeout |
|