IP Address: 14.54.245.220Previously Malicious
IP Address: 14.54.245.220Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan Access Suspicious Domain SSH 20 Shell Commands Download and Allow Execution Successful SSH Login Listening Port 2222 Scan Download and Execute Outgoing Connection |
Associated Attack Servers |
IP Address |
14.54.245.220 |
|
Domain |
- |
|
ISP |
Korea Telecom |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-06-07 |
Last seen in Akamai Guardicore Segmentation |
2020-06-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 4 times |
Successful SSH Login |
The file /ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /nginx was downloaded and executed 4 times |
Download and Execute |
Process /ifconfig scanned port 22 on 39 IP Addresses |
Port 22 Scan |
Process /root/nginx scanned port 22 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/nginx scanned port 22 on 40 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/nginx scanned port 2222 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /ifconfig started listening on ports: 1234 |
Listening |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 141 times |
Download and Execute |
Process /root/nginx started listening on ports: 1234 |
Listening |
Process /root/nginx generated outgoing network traffic to: 11.211.89.251:22, 118.76.3.105:22, 118.76.3.105:2222, 120.249.169.230:22, 120.249.169.230:2222, 132.10.173.124:22, 132.10.173.124:2222, 137.219.50.174:2222, 139.199.163.77:1234, 14.54.245.220:1234, 141.113.209.249:22, 141.113.209.249:2222, 141.12.44.35:22, 141.12.44.35:2222, 151.131.33.7:22, 151.131.33.7:2222, 153.45.220.161:22, 157.148.32.81:22, 158.217.159.227:2222, 170.88.33.96:22, 170.88.33.96:2222, 172.105.92.28:1234, 179.78.124.242:2222, 181.246.233.173:22, 181.246.233.173:2222, 181.52.28.201:2222, 194.111.185.252:22, 194.111.185.252:2222, 20.107.72.134:22, 20.107.72.134:2222, 200.209.75.163:22, 200.209.75.163:2222, 200.39.130.102:22, 200.39.130.102:2222, 202.71.18.174:2222, 204.3.218.146:22, 204.3.218.146:2222, 207.240.173.217:2222, 208.117.193.25:22, 208.117.193.25:2222, 209.153.168.220:2222, 213.226.7.224:22, 213.226.7.224:2222, 214.149.143.65:22, 214.149.143.65:2222, 218.127.23.188:22, 218.127.23.188:2222, 223.108.217.203:2222, 243.126.6.228:22, 243.126.6.228:2222, 244.27.95.112:22, 244.27.95.112:2222, 25.42.185.124:22, 3.17.11.48:1234, 35.20.49.241:2222, 43.165.167.239:22, 43.165.167.239:2222, 45.34.13.53:22, 5.77.236.19:22, 51.75.31.39:1234, 52.226.27.103:22, 57.46.113.107:2222, 63.192.13.154:2222, 65.117.123.88:22, 65.117.123.88:2222, 67.108.116.101:22, 67.108.116.101:2222, 69.64.157.174:22, 70.20.69.41:22, 70.20.69.41:2222, 78.168.217.249:22, 78.168.217.249:2222, 78.50.204.76:22, 78.50.204.76:2222, 80.48.190.31:22, 80.48.190.31:2222, 81.110.223.173:22, 81.110.223.173:2222, 84.16.124.158:22, 84.16.124.158:2222, 86.130.52.226:22, 9.224.155.17:22 and 9.224.155.17:2222 |
Outgoing Connection |
Process /root/nginx attempted to access suspicious domains: ip-51-75-31.eu |
Access Suspicious Domain Outgoing Connection |
Process /root/nginx scanned port 2222 on 40 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /root/php-fpm was downloaded and executed 36 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 9 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|