IP Address: 139.198.191.245Previously Malicious
IP Address: 139.198.191.245Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 22 Scan 10 Shell Commands SSH Successful SSH Login Listening Port 2222 Scan Download and Execute |
|
Associated Attack Servers |
- |
|
IP Address |
139.198.191.245 |
|
|
Domain |
- |
|
|
ISP |
China Great Wall Internet Server Provider |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2020-04-19 |
|
Last seen in Akamai Guardicore Segmentation |
2020-08-09 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
|
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /root/nginx was downloaded and executed 103 times |
Download and Execute |
|
Process /root/ifconfig scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 22 on 51 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig started listening on ports: 1234 |
Listening |
|
Process /root/ifconfig generated outgoing network traffic to: 103.231.91.179:22, 103.231.91.179:2222, 107.104.222.207:22, 107.104.222.207:2222, 107.50.12.152:22, 107.50.12.152:2222, 109.198.233.160:2222, 111.159.213.114:22, 111.159.213.114:2222, 112.30.12.92:22, 112.30.12.92:2222, 113.10.57.191:22, 113.10.57.191:2222, 119.69.179.252:2222, 133.164.147.247:2222, 133.235.99.153:22, 133.235.99.153:2222, 135.177.29.206:2222, 142.144.132.206:22, 142.144.132.206:2222, 143.11.18.200:22, 145.245.123.8:22, 145.245.123.8:2222, 146.72.102.133:2222, 155.216.130.121:22, 155.216.130.121:2222, 155.218.36.144:22, 155.218.36.144:2222, 166.212.197.89:22, 166.212.197.89:2222, 170.116.24.80:22, 170.173.120.35:22, 170.173.120.35:2222, 170.4.129.161:22, 173.193.113.193:22, 173.193.113.193:2222, 174.47.99.84:2222, 177.21.176.26:22, 177.21.176.26:2222, 181.129.53.114:2222, 190.108.16.146:22, 197.223.182.152:22, 197.223.182.152:2222, 198.232.104.142:22, 198.232.104.142:2222, 202.245.53.37:22, 202.245.53.37:2222, 207.181.122.132:2222, 215.102.214.66:2222, 220.171.225.127:22, 220.171.225.127:2222, 243.45.115.157:22, 243.45.115.157:2222, 245.70.105.4:2222, 248.118.122.2:22, 248.118.122.2:2222, 248.176.116.105:22, 248.176.116.105:2222, 29.30.98.175:22, 32.103.110.3:22, 32.103.110.3:2222, 33.132.101.250:22, 33.132.101.250:2222, 36.161.139.19:22, 36.161.139.19:2222, 5.162.166.102:2222, 50.57.96.224:22, 50.57.96.224:2222, 53.10.193.19:2222, 59.61.242.75:22, 59.94.216.56:22, 59.94.216.56:2222, 6.10.159.94:22, 6.10.159.94:2222, 63.141.192.201:22, 63.141.192.201:2222, 63.184.21.122:22, 63.184.21.122:2222, 63.216.65.11:22, 63.216.65.11:2222, 67.160.115.33:22, 67.160.115.33:2222, 76.242.172.183:2222, 79.121.248.49:2222, 83.189.146.22:2222, 83.7.54.150:22, 83.7.54.150:2222, 84.206.5.153:2222, 89.152.209.129:22, 9.224.202.188:22, 95.172.85.143:2222, 97.171.206.124:22 and 97.171.206.124:2222 |
|
|
Process /root/ifconfig scanned port 2222 on 51 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies