IP Address: 113.108.88.92Previously Malicious
IP Address: 113.108.88.92Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 2222 Scan 11 Shell Commands SSH Listening Port 22 Scan Successful SSH Login Download and Allow Execution Download and Execute |
Associated Attack Servers |
- |
IP Address |
113.108.88.92 |
|
Domain |
- |
|
ISP |
China Telecom Guangdong |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-08-13 |
Last seen in Akamai Guardicore Segmentation |
2020-09-15 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 5 times |
Successful SSH Login |
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 61 times |
Download and Execute |
Process /tmp/nginx scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 22 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx started listening on ports: 1234 |
Listening |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Process /tmp/nginx generated outgoing network traffic to: 106.29.2.217:22, 107.158.156.78:2222, 11.21.160.51:22, 11.21.160.51:2222, 115.94.232.42:22, 115.94.232.42:2222, 118.64.19.52:2222, 125.96.199.79:2222, 129.233.22.40:2222, 130.53.102.196:2222, 131.21.113.213:2222, 133.164.4.70:22, 133.213.221.189:22, 133.213.221.189:2222, 136.9.151.90:22, 136.9.151.90:2222, 137.235.2.143:2222, 138.80.227.205:2222, 145.173.74.142:22, 145.173.74.142:2222, 145.238.205.146:2222, 153.248.13.199:22, 153.248.13.199:2222, 159.227.142.177:22, 159.227.142.177:2222, 162.20.165.56:22, 162.20.165.56:2222, 166.207.144.226:22, 166.207.144.226:2222, 168.156.62.66:22, 168.156.62.66:2222, 168.238.186.162:22, 168.238.186.162:2222, 173.126.49.132:22, 181.33.77.43:22, 186.64.45.39:22, 190.79.169.147:22, 190.79.169.147:2222, 193.150.50.226:22, 193.150.50.226:2222, 193.74.13.93:2222, 209.139.213.104:22, 209.139.213.104:2222, 216.220.253.39:22, 216.220.253.39:2222, 216.89.82.214:2222, 247.129.140.186:22, 25.140.18.75:22, 25.140.18.75:2222, 251.203.218.205:22, 27.182.245.225:22, 38.15.4.133:22, 38.15.4.133:2222, 44.87.164.173:22, 44.87.164.173:2222, 44.99.11.244:22, 48.216.127.130:22, 48.216.127.130:2222, 57.161.228.21:22, 57.161.228.21:2222, 57.44.54.29:22, 57.44.54.29:2222, 7.143.77.143:22, 74.182.168.253:22, 74.182.168.253:2222, 8.51.89.201:2222, 80.122.163.216:22, 80.122.163.216:2222, 81.128.151.27:2222, 83.9.119.172:22, 83.9.119.172:2222, 84.54.242.65:22, 84.54.242.65:2222, 86.106.40.144:2222, 89.112.73.182:22, 91.193.74.82:22, 91.193.74.82:2222, 96.227.93.204:22, 96.227.93.204:2222, 98.12.59.39:22, 98.12.59.39:2222, 98.31.103.125:22, 98.31.103.125:2222, 99.40.189.199:22, 99.40.189.199:2222 and 99.9.52.123:22 |
|
Process /tmp/nginx scanned port 2222 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
Connection was closed due to timeout |
|