IP Address: 74.110.128.160Previously Malicious
IP Address: 74.110.128.160Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
SSH Superuser Operation SCP Download File Download and Allow Execution Successful SSH Login Download and Execute |
Associated Attack Servers |
IP Address |
74.110.128.160 |
|
Domain |
- |
|
ISP |
Verizon Fios |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-19 |
Last seen in Akamai Guardicore Segmentation |
2022-10-18 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 8 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 3 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 195 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 2839 times |
Download and Execute |
Process /root/ifconfig scanned port 1234 on 33 IP Addresses |
Port 1234 Scan Port 80 Scan |
Process /root/ifconfig scanned port 1234 on 52 IP Addresses |
Port 1234 Scan Port 80 Scan |
Process /root/ifconfig scanned port 80 on 33 IP Addresses |
Port 1234 Scan Port 80 Scan |
Process /etc/apache2 scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
Process /var/tmp/ifconfig scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
Process /root/apache2 scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig generated outgoing network traffic to: 107.247.220.165:80, 108.120.8.15:80, 108.144.71.94:80, 111.53.11.130:1234, 117.16.44.111:1234, 118.41.204.72:1234, 120.224.34.31:1234, 124.223.14.100:1234, 13.35.145.137:80, 132.225.124.202:80, 133.61.208.90:80, 133.86.23.77:80, 135.52.134.13:80, 139.209.222.134:1234, 143.240.107.12:80, 145.134.190.49:80, 146.221.8.165:80, 150.107.95.20:1234, 154.84.135.14:80, 158.153.46.116:80, 161.35.79.199:1234, 161.70.98.32:1234, 162.111.209.147:80, 164.88.181.231:80, 168.50.7.88:80, 169.30.88.238:80, 172.64.200.11:443, 172.64.201.11:443, 173.42.168.251:80, 184.83.112.246:1234, 185.210.144.122:1234, 187.176.19.97:80, 187.179.7.218:80, 191.242.188.103:1234, 191.92.156.199:80, 192.110.184.239:80, 199.163.81.137:80, 20.141.185.205:1234, 200.3.237.176:80, 203.94.48.112:80, 209.12.23.22:80, 209.202.106.195:80, 209.216.177.158:1234, 215.82.25.117:80, 218.55.38.15:80, 220.243.148.80:1234, 222.100.124.62:1234, 223.171.91.160:1234, 223.171.91.191:1234, 24.149.109.42:80, 24.61.238.216:80, 240.112.159.43:80, 245.95.201.150:80, 30.192.123.219:80, 32.71.104.2:80, 33.34.140.235:80, 34.27.249.166:80, 4.44.81.160:80, 46.13.164.29:1234, 46.201.160.226:80, 46.61.223.245:80, 48.109.37.203:80, 49.145.58.162:80, 51.159.19.47:1234, 51.75.146.174:443, 52.131.32.110:1234, 53.181.41.182:80, 56.188.164.25:80, 6.71.20.151:80, 61.77.105.219:1234, 61.84.162.66:1234, 62.12.106.5:1234, 64.227.132.175:1234, 70.71.188.155:80, 71.109.239.25:80, 71.11.221.177:80, 80.126.131.245:80, 80.30.109.81:80, 82.149.112.170:1234, 82.66.5.84:1234, 85.105.82.39:1234, 86.133.233.66:1234, 89.212.123.191:1234, 91.218.166.72:80, 94.153.165.43:1234 and 97.209.119.146:80 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8088 and 8184 |
Listening |
/var/tmp/ifconfig was downloaded |
Download File |
The file /var/tmp/apache2 was downloaded and executed 5 times |
Download and Execute |
Process /var/tmp/ifconfig generated outgoing network traffic to: 172.64.201.11:443 |
Outgoing Connection |
The file /root/ifconfig was downloaded and executed |
Download and Execute |
Process /root/apache2 generated outgoing network traffic to: 172.64.200.11:443 |
Outgoing Connection |
System file /etc/ifconfig was modified 9 times |
System File Modification |
/etc/ifconfig was downloaded |
Download File |
System file /etc/apache2 was modified 4 times |
System File Modification |
The file /etc/apache2 was downloaded and granted execution privileges |
Download and Allow Execution |
Process /root/ifconfig scanned port 80 on 52 IP Addresses |
Port 1234 Scan Port 80 Scan |
Connection was closed due to timeout |
|