IP Address: 103.120.223.29Malicious
IP Address: 103.120.223.29Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
103.120.223.29 |
|
Domain |
- |
|
ISP |
Microlink Technology |
|
Country |
Bangladesh |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-07 |
Last seen in Akamai Guardicore Segmentation |
2023-06-16 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
The file /tmp/ifconfig was downloaded and granted execution privileges |
Download and Allow Execution |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 4 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 15 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 80 on 15 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 8080 on 15 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 15 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 28 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 29 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 18 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
The file /root/apache2 was downloaded and executed 106 times |
Download and Execute |
Process /root/ifconfig generated outgoing network traffic to: 103.101.89.224:80, 103.101.89.224:8080, 103.120.223.29:1234, 104.21.25.86:443, 104.223.75.106:80, 104.223.75.106:8080, 105.87.32.69:2222, 110.161.114.107:80, 110.161.114.107:8080, 111.53.11.130:1234, 112.9.165.142:8080, 113.129.233.187:80, 113.129.233.187:8080, 113.190.163.7:2222, 115.12.179.201:80, 115.12.179.201:8080, 118.209.25.169:80, 121.5.146.101:1234, 126.101.213.89:80, 126.101.213.89:8080, 130.194.247.230:80, 130.194.247.230:8080, 136.111.103.103:22, 140.237.246.23:80, 140.237.246.23:8080, 143.47.22.192:80, 143.47.22.192:8080, 144.61.204.236:8080, 147.39.10.239:2222, 150.60.243.168:22, 153.170.181.111:22, 155.148.133.205:22, 157.219.51.75:80, 157.219.51.75:8080, 161.94.95.153:80, 161.94.95.153:8080, 166.6.15.171:22, 167.51.180.114:80, 167.51.180.114:8080, 174.57.24.140:22, 179.245.30.2:2222, 180.197.88.26:2222, 180.8.72.221:80, 180.8.72.221:8080, 193.221.132.240:80, 193.221.132.240:8080, 193.3.9.89:22, 20.88.19.175:2222, 204.84.75.74:80, 209.201.110.52:80, 209.201.110.52:8080, 213.239.237.251:22, 214.140.110.104:80, 214.140.110.104:8080, 215.250.11.3:80, 215.250.11.3:8080, 218.3.105.162:22, 220.181.40.89:22, 221.4.119.20:80, 221.4.119.20:8080, 24.38.138.132:2222, 242.251.39.54:22, 243.138.144.88:2222, 243.158.61.95:2222, 252.49.13.109:80, 252.49.13.109:8080, 29.246.122.225:80, 3.31.58.251:80, 3.31.58.251:8080, 31.185.181.167:80, 31.185.181.167:8080, 33.100.41.241:2222, 34.175.44.1:80, 34.175.44.1:8080, 37.191.209.60:2222, 38.61.130.41:80, 38.61.130.41:8080, 4.36.71.30:8080, 46.126.103.59:2222, 48.31.242.214:80, 48.31.242.214:8080, 51.75.146.174:443, 52.35.133.92:8080, 64.161.3.228:2222, 67.81.176.138:22, 7.181.34.114:22, 73.126.72.249:2222, 75.237.171.134:2222, 77.88.20.233:2222, 80.77.240.222:80, 80.77.240.222:8080, 81.122.53.252:2222, 82.156.217.40:1234, 84.22.229.149:2222 and 92.69.7.181:22 |
Outgoing Connection |
Process /root/ifconfig scanned port 80 on 28 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 8080 on 28 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 28 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 80 on 29 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 80 on 18 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 8080 on 29 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 29 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 8080 on 18 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 18 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan Port 2222 Scan |
The file /root/php-fpm was downloaded and executed 11 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 16 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|
/var/tmp/apache2 |
SHA256: 10aaadaf66ae0b4f687aa7239e1b0b6959973c5d0c973a7a34db0ac78f070078 |
2875664 bytes |