IP Address: 113.15.114.151Previously Malicious
IP Address: 113.15.114.151Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan Access Suspicious Domain SSH Download and Allow Execution Successful SSH Login Listening Port 2222 Scan 13 Shell Commands Download and Execute Outgoing Connection |
Associated Attack Servers |
18.162.200.166 18.228.44.254 31.15.241.181 34.84.213.136 34.218.227.40 41.228.22.107 47.91.87.67 52.231.188.167 59.26.132.133 68.84.68.139 73.144.18.16 73.254.114.94 114.217.179.49 161.139.68.245 166.168.111.151 177.135.103.54 218.146.128.93 220.77.145.80 |
IP Address |
113.15.114.151 |
|
Domain |
- |
|
ISP |
China Telecom Guangxi |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-06-06 |
Last seen in Akamai Guardicore Segmentation |
2020-06-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 142 times |
Download and Execute |
Process /tmp/nginx scanned port 22 on 45 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 2222 on 45 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 22 on 40 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx started listening on ports: 1234 |
Listening |
Process /tmp/nginx generated outgoing network traffic to: 105.21.128.171:22, 105.21.128.171:2222, 106.48.232.63:22, 106.48.232.63:2222, 11.174.154.133:22, 11.174.154.133:2222, 113.15.114.151:1234, 113.7.28.87:22, 13.84.37.79:22, 13.84.37.79:2222, 138.199.190.126:22, 138.199.190.126:2222, 151.253.156.252:22, 151.253.156.252:2222, 163data.com.cn:22, 163data.com.cn:2222, 167.117.16.162:22, 167.117.16.162:2222, 168.205.83.61:2222, 193.120.57.133:22, 194.91.26.59:22, 197.234.194.43:22, 2.211.62.145:2222, 2.92.192.108:22, 2.92.192.108:2222, 20.96.204.127:22, 20.96.204.127:2222, 211.154.147.207:22, 211.154.147.207:2222, 212.27.227.88:22, 212.27.227.88:2222, 214.225.104.237:22, 243.158.166.225:22, 243.158.166.225:2222, 247.244.189.229:22, 247.244.189.229:2222, 27.115.115.156:2222, 41.117.194.22:22, 41.117.194.22:2222, 48.4.94.146:22, 48.4.94.146:2222, 5.131.24.115:22, 51.173.251.248:22, 51.173.251.248:2222, 62.157.89.23:22, 62.157.89.23:2222, 62.223.20.242:22, 62.223.20.242:2222, 69.55.39.225:22, 71.25.26.226:22, 71.25.26.226:2222, academica.fi:22, academica.fi:2222, amazonaws.com:1234, bbox.fr:2222, bbtec.net:22, bbtec.net:2222, comcast.net:1234, fibrestream.ca:22, gvt.net.br:1234, hol.gr:22, lightpath.net:22, mailgun.net:22, mailgun.net:2222, mesh.ad.jp:22, myvzw.com:1234, newcomp.inf.br:22, newcomp.inf.br:2222, pacificix.com:22, pacificix.com:2222, prod-empresarial.com.mx:2222, spcsdns.net:22, spcsdns.net:2222, t-ipconnect.de:22, t-ipconnect.de:2222, telus.net:22, telus.net:2222, timbrasil.com.br:22, timbrasil.com.br:2222, utm.my:1234, verizon.net:22, verizon.net:2222, virginm.net:22, virginm.net:2222, yournet.ne.jp:22, yournet.ne.jp:2222 and zaq.ne.jp:2222 |
Outgoing Connection |
Process /tmp/nginx scanned port 2222 on 40 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx attempted to access suspicious domains: gvt.net.br |
Access Suspicious Domain Outgoing Connection |
The file /root/ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /root/nginx was downloaded and executed 7 times |
Download and Execute |
The file /usr/bin/free was downloaded and executed 3 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 27 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 14 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 20 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 6 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 7 times |
Download and Execute |
Connection was closed due to timeout |
|