IP Address: 52.187.42.57Previously Malicious
IP Address: 52.187.42.57Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 22 Scan SFTP Service Creation Download File SSH Successful SSH Login Download and Execute Access Suspicious Domain 1 Shell Commands Outgoing Connection Listening Download and Allow Execution |
|
Associated Attack Servers |
62.210.130.171 95.78.141.242 103.60.137.111 119.45.1.175 138.185.197.214 173.212.208.146 198.58.124.100 |
|
IP Address |
52.187.42.57 |
|
|
Domain |
- |
|
|
ISP |
Microsoft Corporation |
|
|
Country |
Singapore |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-04-12 |
|
Last seen in Akamai Guardicore Segmentation |
2022-04-12 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
./.3560983399428714499/xinetd was downloaded |
Download File |
|
The file /root/.3560983399428714499/xinetd was downloaded and executed 74 times |
Download and Execute |
|
Process /bin/bash generated outgoing network traffic to: 1.69.240.223:22, 103.8.212.252:22, 109.21.59.7:22, 109.46.103.51:22, 113.133.113.137:22, 114.216.199.134:22, 116.13.114.136:22, 118.247.101.66:22, 119.118.92.231:22, 119.200.91.109:22, 119.45.1.175:1919, 12.177.85.6:22, 120.191.99.218:22, 122.128.122.254:22, 125.64.197.140:22, 126.173.154.142:22, 132.197.80.176:22, 134.46.173.23:22, 138.185.197.214:1919, 14.30.46.58:22, 141.151.227.74:22, 143.31.253.209:22, 149.243.189.5:22, 15.250.59.13:22, 155.177.248.80:22, 156.205.251.58:22, 156.94.68.97:22, 158.223.35.222:22, 161.190.174.163:22, 161.4.221.191:22, 17.120.248.175:22, 173.212.208.146:1919, 18.36.49.187:22, 18.59.40.215:22, 183.149.142.96:22, 187.121.207.193:22, 187.192.91.108:22, 190.243.239.209:22, 191.155.86.226:22, 192.124.30.34:22, 193.117.180.213:22, 193.193.156.227:22, 194.153.28.249:22, 195.204.155.160:22, 195.214.21.123:22, 196.208.31.239:22, 197.156.212.22:22, 198.58.124.100:1919, 2.209.157.164:22, 202.40.232.96:22, 203.46.148.114:22, 205.145.26.249:22, 206.250.89.83:22, 208.22.73.213:22, 213.26.167.31:22, 218.140.53.56:22, 218.81.209.96:22, 219.109.115.180:22, 22.231.99.46:22, 222.254.170.35:22, 25.221.221.72:22, 25.80.50.183:22, 29.38.227.126:22, 30.36.86.61:22, 31.124.115.199:22, 32.128.254.7:22, 34.203.170.81:22, 36.208.7.149:22, 36.8.157.153:22, 39.236.158.157:22, 4.240.150.152:22, 52.187.42.57:1919, 53.121.208.156:22, 59.246.129.222:22, 59.25.66.206:22, 6.181.82.25:22, 62.210.130.171:1919, 64.197.29.32:22, 65.166.56.169:22, 65.71.96.110:22, 67.220.74.109:22, 68.46.80.17:22, 75.29.108.187:22, 76.1.111.80:22, 76.154.114.84:22, 76.209.112.233:22, 76.75.51.238:22, 77.23.11.20:22, 79.44.154.196:22, 84.163.155.92:22, 87.163.147.219:22, 91.139.37.184:22, 92.197.130.231:22, 93.147.114.25:22, 93.182.20.113:22, 93.192.58.181:22, 95.108.21.203:22, 95.56.151.46:22, 95.78.141.242:1919 and 98.132.45.251:22 |
Outgoing Connection |
|
Process /bin/bash attempted to access suspicious domains: bsconect.com.br, linodeusercontent.com and peperstock.com |
Access Suspicious Domain Outgoing Connection |
|
Process /bin/bash scanned port 22 on 93 IP Addresses |
Port 22 Scan |
|
Process /bin/bash started listening on ports: 1919 |
Listening |
|
Service systemd-worker was created |
Service Creation |
|
Connection was closed due to timeout |
|
|
/root/.2032687141960750504/xinetd |
SHA256: b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0 |
30171136 bytes |
© 2023 Akamai Technologies