IP Address: 103.39.209.157Previously Malicious
IP Address: 103.39.209.157Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SSH Download and Allow Execution 24 Shell Commands Successful SSH Login System File Modification Listening Port 2222 Scan Download and Execute Outgoing Connection |
Associated Attack Servers |
gvt.net.br orange-business.com 5.26.221.186 5.26.254.72 40.77.57.4 41.228.22.107 47.91.87.67 54.191.44.80 121.156.203.3 140.127.211.177 148.70.167.224 152.175.133.39 166.168.111.151 177.99.217.233 190.88.251.27 |
IP Address |
103.39.209.157 |
|
Domain |
- |
|
ISP |
Shenzhen Qianhai bird cloud computing Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-01-03 |
Last seen in Akamai Guardicore Segmentation |
2020-07-14 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 3 times |
Successful SSH Login |
System file /etc/ifconfig was modified 4 times |
System File Modification |
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /etc/nginx was downloaded and executed 124 times |
Download and Execute |
Process /etc/ifconfig scanned port 22 on 35 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 22 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 2222 on 35 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig started listening on ports: 1234 |
Listening |
Process /etc/ifconfig generated outgoing network traffic to: 103.39.209.157:1234, 107.186.95.154:2222, 116.243.120.22:2222, 135.136.149.230:22, 139.198.191.245:1234, 139.199.163.77:1234, 141.65.125.51:2222, 148.70.167.224:1234, 153.182.95.201:22, 153.182.95.201:2222, 154.148.58.193:22, 154.148.58.193:2222, 155.247.1.62:22, 155.247.1.62:2222, 160.190.34.231:2222, 165.251.211.251:2222, 166.168.111.151:1234, 167.48.179.37:22, 167.48.179.37:2222, 17.234.248.219:22, 17.234.248.219:2222, 173.18.124.59:2222, 175.198.75.62:2222, 176.209.64.116:22, 176.209.64.116:2222, 177.134.170.184:2222, 178.176.173.77:22, 19.146.159.80:22, 19.146.159.80:2222, 191.76.27.209:22, 191.76.27.209:2222, 192.134.55.90:22, 196.16.36.115:2222, 196.38.249.213:22, 196.38.249.213:2222, 196.71.139.197:22, 196.71.139.197:2222, 2.36.133.183:2222, 202.96.49.72:2222, 21.31.85.87:22, 21.31.85.87:2222, 214.104.125.110:22, 214.104.125.110:2222, 214.230.119.216:22, 218.182.13.169:2222, 220.6.65.8:22, 220.6.65.8:2222, 241.221.22.170:2222, 243.128.70.139:22, 243.128.70.139:2222, 243.150.91.136:2222, 243.219.64.218:22, 243.219.64.218:2222, 249.229.115.8:2222, 251.109.146.220:2222, 29.166.183.203:22, 29.166.183.203:2222, 30.118.86.137:22, 30.118.86.137:2222, 40.111.230.48:2222, 45.195.101.50:22, 45.195.101.50:2222, 48.113.209.127:2222, 57.179.148.110:22, 57.179.148.110:2222, 61.146.64.24:22, 61.146.64.24:2222, 67.208.82.52:22, 67.208.82.52:2222, 68.197.203.10:22, 68.49.179.243:22, 68.49.179.243:2222, 72.199.56.92:22, 72.199.56.92:2222, 72.36.182.9:2222, 75.213.59.92:22, 75.213.59.92:2222, 78.216.65.166:22, 78.216.65.166:2222, 82.71.136.51:22, 82.71.136.51:2222, 9.249.72.42:22, 9.249.72.42:2222, 97.113.208.155:22, 97.113.208.155:2222, 99.238.126.12:22 and 99.238.126.12:2222 |
Outgoing Connection |
Process /etc/ifconfig scanned port 2222 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 4 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 4 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|