IP Address: 62.171.158.215Previously Malicious
IP Address: 62.171.158.215Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SFTP 2 Shell Commands Download File SSH Successful SSH Login Download and Execute Access Suspicious Domain Outgoing Connection Listening Download and Allow Execution |
Associated Attack Servers |
3.232.242.170 20.210.94.102 23.97.72.76 23.128.64.141 34.117.59.81 49.12.234.183 51.195.60.71 52.21.227.162 54.163.241.223 65.0.154.17 157.7.208.157 162.159.135.232 185.209.228.119 |
IP Address |
62.171.158.215 |
|
Domain |
- |
|
ISP |
RM Education Ltd |
|
Country |
United Kingdom |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-10 |
Last seen in Akamai Guardicore Segmentation |
2022-04-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./.3307505495299165717/sshd was downloaded |
Download File |
The file /root/.3307505495299165717/sshd was downloaded and executed 27 times |
Download and Execute |
Process /usr/bin/nohup generated outgoing network traffic to: 100.168.63.124:22, 100.201.95.166:22, 102.127.106.67:22, 103.226.74.172:22, 105.172.35.106:22, 106.52.152.60:22, 106.97.43.102:22, 11.223.211.87:22, 110.107.56.163:22, 110.138.148.110:22, 110.89.33.89:22, 113.186.59.60:22, 113.8.50.167:22, 116.196.178.16:22, 117.224.25.80:22, 117.55.217.248:22, 130.56.181.187:22, 132.122.230.27:22, 136.204.152.227:22, 14.195.170.193:22, 140.87.66.25:22, 149.140.8.85:22, 151.64.105.219:22, 155.22.107.140:22, 157.207.71.165:22, 157.7.208.157:80, 162.159.135.232:443, 163.4.33.29:22, 167.49.200.97:22, 169.165.89.34:22, 169.30.15.177:22, 170.74.11.42:22, 174.229.150.19:22, 175.78.105.190:22, 178.200.87.86:22, 179.172.94.248:22, 180.129.217.72:22, 180.175.32.58:22, 181.112.117.218:22, 182.171.168.88:22, 185.209.228.119:1919, 19.0.116.44:22, 19.80.11.163:22, 190.116.105.131:22, 190.66.173.175:22, 191.143.165.85:22, 191.253.208.110:22, 194.17.46.4:22, 196.68.186.175:22, 197.32.159.210:22, 20.210.94.102:1919, 200.137.55.35:22, 202.173.108.186:22, 202.81.50.97:22, 203.212.25.108:22, 209.34.8.134:22, 21.165.228.89:22, 212.248.215.143:22, 217.68.85.222:22, 220.219.248.137:22, 23.128.64.141:443, 23.97.72.76:1919, 25.79.245.77:22, 26.182.188.100:22, 27.123.34.7:22, 27.203.25.22:22, 29.62.188.27:22, 3.232.242.170:443, 31.117.172.185:22, 34.117.59.81:80, 36.23.242.52:22, 36.26.171.11:22, 4.131.8.1:22, 41.189.59.104:22, 43.87.109.215:22, 49.12.234.183:443, 51.120.146.2:22, 51.195.60.71:1919, 52.21.227.162:80, 53.131.246.98:22, 54.163.241.223:443, 54.169.207.226:22, 60.2.22.244:22, 63.75.16.5:22, 64.84.78.184:22, 65.0.154.17:1919, 68.147.180.145:22, 69.64.9.6:22, 7.71.80.161:22, 73.204.191.222:22, 74.37.220.186:22, 78.124.163.199:22, 79.51.242.6:22, 80.200.148.248:22, 83.185.249.190:22, 87.7.180.186:22, 90.141.252.92:22, 92.196.96.169:22, 93.250.28.207:22 and 96.204.106.156:22 |
Outgoing Connection |
Process /usr/bin/nohup attempted to access suspicious domains: footballscoreonline.com, googleusercontent.com, ident.me, ip-51-195-60.eu and myvps.jp |
Access Suspicious Domain Outgoing Connection |
Process /usr/bin/nohup scanned port 22 on 87 IP Addresses |
Port 22 Scan |
Process /usr/bin/nohup started listening on ports: 1919 and 22 |
Listening |
Connection was closed due to timeout |
|