IP Address: 124.119.89.249Previously Malicious
IP Address: 124.119.89.249Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
System File Modification 49 Shell Commands Port 2222 Scan SSH Listening Port 22 Scan Outgoing Connection Successful SSH Login Download and Allow Execution Download and Execute |
Associated Attack Servers |
121.201.61.205 albacom.net bilgehosting.com gvt.net.br jalawave.net.id ja.net lightpath.net ono.com orange-business.com ss-cloudfront.co thenetworkfactory.nl 43.94.8.157 141.15.140.206 192.104.84.40 185.124.87.149 50.222.16.235 210.56.218.21 173.251.42.2 190.94.136.44 148.70.242.55 50.206.25.111 172.105.92.28 35.182.250.228 60.175.90.96 69.74.14.170 218.151.100.195 185.209.185.2 104.152.192.199 61.43.208.154 50.200.136.114 45.32.128.117 18.221.121.86 118.172.177.170 121.201.61.205 41.229.138.45 93.117.225.197 151.145.240.12 173.249.27.8 141.241.27.254 43.228.244.10 59.174.30.158 |
IP Address |
124.119.89.249 |
|
Domain |
- |
|
ISP |
China Telecom xinjiang |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2019-04-21 |
Last seen in Akamai Guardicore Segmentation |
2020-09-15 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 9 times |
Successful SSH Login |
The file /ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /nginx was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 11 times |
Download and Execute |
Process /root/nginx scanned port 22 on 35 IP Addresses |
Port 22 Scan |
Process /tmp/ifconfig scanned port 22 on 35 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 2222 on 35 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 22 on 33 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/nginx started listening on ports: 1234 |
Listening |
The file /var/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /var/nginx was downloaded and executed 12 times |
Download and Execute |
Process /var/nginx started listening on ports: 1234 |
Listening |
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 112 times |
Download and Execute |
Process /tmp/ifconfig started listening on ports: 1234 |
Listening |
Process /tmp/ifconfig generated outgoing network traffic to: 101.33.54.151:22, 106.249.158.233:2222, 109.177.143.30:22, 109.177.143.30:2222, 110.53.166.171:22, 110.53.166.171:2222, 111.58.114.195:2222, 115.181.105.217:2222, 12.76.199.92:22, 124.119.89.249:1234, 124.77.69.122:22, 125.91.108.211:1234, 126.149.71.5:22, 126.149.71.5:2222, 132.152.114.146:22, 134.91.175.34:2222, 136.164.108.159:22, 145.8.106.207:22, 15.252.53.185:22, 15.252.53.185:2222, 151.165.188.25:2222, 16.105.212.71:2222, 164.205.18.222:22, 168.181.132.7:22, 168.181.132.7:2222, 170.136.102.36:22, 173.198.27.101:2222, 179.12.134.162:2222, 186.156.21.94:22, 187.97.189.138:22, 187.97.189.138:2222, 193.181.68.234:2222, 194.159.103.202:22, 194.159.103.202:2222, 196.105.95.241:2222, 218.59.132.237:22, 222.178.130.5:2222, 248.170.189.130:22, 248.170.189.130:2222, 251.178.182.52:22, 251.178.182.52:2222, 252.130.213.243:2222, 29.80.192.88:22, 3.86.197.39:22, 3.86.197.39:2222, 30.99.137.220:22, 30.99.137.220:2222, 31.143.246.158:2222, 35.82.38.135:22, 35.82.38.135:2222, 36.145.181.35:2222, 37.205.47.242:22, 37.205.47.242:2222, 38.87.129.17:22, 38.87.129.17:2222, 48.124.36.72:22, 50.169.140.168:22, 50.169.140.168:2222, 56.115.135.149:22, 56.115.135.149:2222, 58.74.161.72:2222, 66.125.186.131:22, 67.237.247.22:22, 67.237.247.22:2222, 7.155.189.176:2222, 70.249.5.203:22, 73.66.42.85:22, 94.120.108.211:22 and 97.214.169.134:22 |
Outgoing Connection |
Process /tmp/ifconfig scanned port 2222 on 33 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
System file /etc/ifconfig was modified 4 times |
System File Modification |
The file /etc/ifconfig was downloaded and executed 2 times |
Download and Execute |
The file /etc/nginx was downloaded and executed 5 times |
Download and Execute |
The file /root/ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /root/nginx was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|