IP Address: 109.244.35.20Previously Malicious
IP Address: 109.244.35.20Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan Access Suspicious Domain SSH Download and Allow Execution 24 Shell Commands Successful SSH Login Listening Port 2222 Scan Download and Execute Outgoing Connection |
Associated Attack Servers |
41.228.22.107 47.91.87.67 145.14.157.171 161.139.68.245 176.139.8.11 177.135.103.54 |
IP Address |
109.244.35.20 |
|
Domain |
- |
|
ISP |
Tencent cloud computing |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-06-03 |
Last seen in Akamai Guardicore Segmentation |
2020-06-03 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 9 times |
Download and Execute |
The file /root/nginx was downloaded and executed 52 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 45 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig started listening on ports: 1234 |
Listening |
Process /root/ifconfig generated outgoing network traffic to: 101.26.225.146:22, 101.26.225.146:2222, 107.246.35.12:22, 107.246.35.12:2222, 109.244.35.20:1234, 111.140.178.110:22, 111.140.178.110:2222, 111.222.228.146:22, 111.237.250.133:22, 111.237.250.133:2222, 117.150.206.225:22, 117.150.206.225:2222, 121.246.169.93:22, 124.23.142.62:2222, 138.113.55.14:22, 138.113.55.14:2222, 138.175.41.34:22, 138.175.41.34:2222, 139.198.191.245:1234, 142.151.42.26:22, 142.151.42.26:2222, 151.4.248.64:22, 151.4.248.64:2222, 153.127.185.43:2222, 155.48.66.233:2222, 163.238.34.175:2222, 17.246.35.15:22, 17.246.35.15:2222, 174.243.184.186:22, 176.127.3.3:2222, 177.135.103.54:1234, 178.184.196.91:22, 178.184.196.91:2222, 18.172.237.175:22, 18.172.237.175:2222, 181.237.129.121:2222, 184.37.99.27:22, 184.37.99.27:2222, 186.226.64.20:22, 188.138.219.200:2222, 192.216.57.27:22, 192.216.57.27:2222, 196.162.132.147:22, 196.162.132.147:2222, 197.111.132.24:22, 197.111.132.24:2222, 202.138.10.58:22, 202.138.10.58:2222, 209.102.168.132:2222, 209.125.62.11:2222, 210.238.11.83:22, 218.223.179.77:2222, 220.179.231.188:1234, 241.31.230.90:22, 241.31.230.90:2222, 242.152.38.36:22, 242.152.38.36:2222, 243.10.247.248:22, 245.61.203.68:22, 248.3.228.20:22, 248.3.228.20:2222, 248.97.155.65:22, 248.97.155.65:2222, 27.4.150.11:22, 27.4.150.11:2222, 29.73.231.25:22, 31.202.198.144:2222, 35.203.126.205:22, 35.203.126.205:2222, 43.248.72.226:22, 43.248.72.226:2222, 44.224.86.11:2222, 47.91.87.67:1234, 50.183.106.19:2222, 50.250.21.164:1234, 62.183.40.172:22, 62.183.40.172:2222, 64.140.105.93:22, 64.140.105.93:2222, 64.84.54.138:2222, 70.253.132.148:2222, 72.209.124.70:22, 72.209.124.70:2222, 72.243.61.58:22, 78.5.170.222:1234, 87.186.21.67:22, 87.186.21.67:2222, 89.155.67.39:22, 89.155.67.39:2222 and 89.65.10.139:2222 |
Outgoing Connection |
Process /root/ifconfig attempted to access suspicious domains: albacom.net, comcastbusiness.net and gvt.net.br |
Access Suspicious Domain Outgoing Connection |
Process /root/ifconfig scanned port 2222 on 45 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 98 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 29 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 16 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 4 times |
Download and Execute |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|