IP Address: 14.54.245.109Previously Malicious
IP Address: 14.54.245.109Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 22 Scan Access Suspicious Domain SSH Download and Allow Execution 6 Shell Commands Successful SSH Login Listening Port 2222 Scan Download and Execute Outgoing Connection |
|
Associated Attack Servers |
|
IP Address |
14.54.245.109 |
|
|
Domain |
- |
|
|
ISP |
Korea Telecom |
|
|
Country |
Korea, Republic of |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2020-05-31 |
|
Last seen in Akamai Guardicore Segmentation |
2020-06-07 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
|
The file /root/ifconfig was downloaded and executed 7 times |
Download and Execute |
|
Process /root/ifconfig scanned port 22 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 2222 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 22 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig started listening on ports: 1234 |
Listening |
|
The file /root/nginx was downloaded and executed 117 times |
Download and Execute |
|
Process /root/ifconfig generated outgoing network traffic to: 100.0.197.18:1234, 103.121.194.183:22, 103.121.194.183:2222, 103.31.39.64:22, 103.31.39.64:2222, 106.76.174.155:22, 114.10.150.238:2222, 119.102.52.246:2222, 119.182.186.26:22, 119.182.186.26:2222, 120.24.243.109:1234, 121.156.203.3:1234, 124.196.104.191:22, 124.196.104.191:2222, 125.238.97.35:22, 125.238.97.35:2222, 130.122.248.192:2222, 139.199.163.77:1234, 14.54.245.109:1234, 141.91.160.179:22, 141.91.160.179:2222, 147.21.1.52:22, 147.21.1.52:2222, 148.253.14.113:22, 148.77.43.106:1234, 149.119.63.216:22, 149.119.63.216:2222, 154.37.128.56:22, 154.37.128.56:2222, 155.107.237.228:22, 155.8.72.107:2222, 157.74.64.240:2222, 172.221.169.239:2222, 174.76.151.155:22, 174.76.151.155:2222, 174.97.183.110:22, 174.97.183.110:2222, 187.87.115.168:22, 187.87.115.168:2222, 191.51.173.216:22, 191.51.173.216:2222, 192.161.134.219:2222, 197.47.108.15:2222, 198.100.146.76:1234, 2.166.215.196:22, 2.166.215.196:2222, 201.195.35.59:22, 201.195.35.59:2222, 201.214.210.5:22, 201.214.210.5:2222, 201.228.27.93:2222, 209.17.153.242:2222, 213.185.117.7:22, 213.185.117.7:2222, 219.121.161.133:2222, 220.4.169.74:22, 220.4.169.74:2222, 221.136.90.86:2222, 221.32.197.197:22, 221.32.197.197:2222, 24.46.77.227:22, 24.46.77.227:2222, 244.163.176.105:22, 244.163.176.105:2222, 246.59.150.208:22, 246.59.150.208:2222, 25.157.250.226:22, 27.178.123.77:22, 27.199.74.86:22, 3.3.136.242:22, 3.3.136.242:2222, 33.7.89.250:22, 34.245.232.71:22, 34.245.232.71:2222, 39.51.77.207:22, 39.51.77.207:2222, 47.183.1.19:2222, 50.181.135.125:2222, 58.154.166.46:22, 58.154.166.46:2222, 59.172.143.171:2222, 6.229.113.96:2222, 8.75.49.197:2222, 87.208.144.145:22, 9.103.158.126:22, 93.158.250.55:2222, 93.63.66.226:22, 93.63.66.226:2222, 98.245.177.113:22 and 98.245.177.113:2222 |
Outgoing Connection |
|
Process /root/ifconfig scanned port 2222 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig attempted to access suspicious domains: ip-198-100-146.net and lightpath.net |
Access Suspicious Domain Outgoing Connection |
|
The file /root/php-fpm was downloaded and granted execution privileges 2 times |
|
|
The file /root/php-fpm was downloaded and executed 35 times |
Download and Execute |
|
The file /root/php-fpm was downloaded and executed 23 times |
Download and Execute |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies