IP Address: 103.127.80.9Previously Malicious
IP Address: 103.127.80.9Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SSH Download and Allow Execution Successful SSH Login 17 Shell Commands Listening Port 2222 Scan Download and Execute |
Associated Attack Servers |
121.201.61.205 orange-business.com 14.54.245.220 45.143.136.213 71.62.129.30 73.144.18.16 73.254.114.94 100.0.197.18 111.93.117.178 121.156.203.3 121.201.61.205 161.139.68.245 166.168.111.151 190.145.74.129 218.146.128.93 218.151.100.195 220.77.145.80 |
IP Address |
103.127.80.9 |
|
Domain |
- |
|
ISP |
Lemon Telecommunications Limited |
|
Country |
Hong Kong |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-06-06 |
Last seen in Akamai Guardicore Segmentation |
2020-06-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
The file /ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /nginx was downloaded and executed 12 times |
Download and Execute |
Process /nginx scanned port 22 on 41 IP Addresses |
Port 22 Scan |
Process /root/ifconfig scanned port 22 on 41 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 41 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /nginx started listening on ports: 1234 |
Listening |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 130 times |
Download and Execute |
Process /root/ifconfig started listening on ports: 1234 |
Listening |
The file /var/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /var/nginx was downloaded and executed |
Download and Execute |
Process /root/ifconfig generated outgoing network traffic to: 101.182.251.208:22, 103.8.224.10:22, 103.8.224.10:2222, 110.74.78.71:22, 111.198.198.69:22, 111.198.198.69:2222, 119.229.195.175:22, 119.229.195.175:2222, 121.123.234.64:2222, 121.7.131.20:2222, 129.174.31.35:22, 129.174.31.35:2222, 13.62.111.139:2222, 132.31.128.153:22, 137.93.150.61:2222, 146.116.61.225:22, 148.13.69.64:22, 150.204.159.83:22, 150.204.159.83:2222, 151.208.19.212:22, 151.208.19.212:2222, 156.65.71.130:22, 156.65.71.130:2222, 166.155.59.222:22, 166.155.59.222:2222, 169.52.159.228:22, 169.52.159.228:2222, 170.97.127.163:22, 170.97.127.163:2222, 176.182.205.224:22, 176.182.205.224:2222, 18.6.7.55:22, 180.46.67.45:2222, 180.56.181.207:22, 180.56.181.207:2222, 181.36.147.12:22, 181.36.147.12:2222, 186.2.36.171:2222, 192.53.99.25:2222, 21.81.126.89:22, 214.189.134.139:22, 214.189.134.139:2222, 217.27.194.131:22, 217.27.194.131:2222, 222.87.75.169:22, 223.140.1.211:2222, 245.14.184.21:22, 247.29.231.24:2222, 247.63.75.139:2222, 25.180.137.60:22, 25.180.137.60:2222, 251.64.24.207:22, 251.64.24.207:2222, 31.235.129.12:22, 36.114.218.102:22, 37.34.217.71:22, 37.34.217.71:2222, 37.57.29.155:22, 37.57.29.155:2222, 42.168.251.214:22, 42.168.251.214:2222, 48.115.145.43:22, 48.115.145.43:2222, 53.164.201.125:22, 53.164.201.125:2222, 61.56.3.212:2222, 80.81.120.36:22, 80.81.120.36:2222, 85.46.71.29:22, 85.46.71.29:2222, 88.133.58.88:22, 88.133.58.88:2222, 9.105.137.35:22, 9.9.178.251:22, 9.9.178.251:2222, 91.38.33.192:22, 94.134.233.35:2222, 97.180.168.68:22 and 97.180.168.68:2222 |
|
Process /root/ifconfig scanned port 2222 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /root/php-fpm was downloaded and granted execution privileges 2 times |
|
The file /root/php-fpm was downloaded and executed 4 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 17 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|