IP Address: 142.44.196.234Previously Malicious
IP Address: 142.44.196.234Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan Access Suspicious Domain SSH Download and Allow Execution 25 Shell Commands Successful SSH Login Listening Port 2222 Scan Download and Execute Outgoing Connection |
Associated Attack Servers |
5.26.254.49 47.91.87.67 74.3.137.17 93.117.225.197 104.244.76.33 121.156.203.3 172.105.92.28 181.49.144.161 |
IP Address |
142.44.196.234 |
|
Domain |
- |
|
ISP |
OVH Hosting |
|
Country |
Canada |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-24 |
Last seen in Akamai Guardicore Segmentation |
2020-05-25 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 3 times |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
The file /var/opt/ifconfig was downloaded and executed 3 times |
Download and Execute |
The file /var/opt/nginx was downloaded and executed 156 times |
Download and Execute |
Process /var/opt/ifconfig scanned port 22 on 51 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /var/opt/ifconfig scanned port 22 on 36 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /var/opt/ifconfig scanned port 2222 on 51 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /var/opt/ifconfig started listening on ports: 1234 |
Listening |
Process /var/opt/ifconfig generated outgoing network traffic to: 101.111.109.30:22, 101.245.110.21:22, 101.245.110.21:2222, 101.30.29.37:22, 101.30.29.37:2222, 109.231.31.197:22, 117.169.120.241:22, 121.156.203.3:1234, 126.188.94.198:22, 126.188.94.198:2222, 136.19.125.7:22, 138.147.206.234:22, 138.147.206.234:2222, 14.172.50.182:22, 14.246.41.57:22, 14.246.41.57:2222, 140.107.29.136:2222, 141.50.35.252:22, 141.50.35.252:2222, 141.86.38.83:22, 153.187.60.129:22, 157.67.247.144:22, 157.67.247.144:2222, 159.233.52.162:2222, 163.127.29.219:22, 174.243.138.206:22, 174.243.138.206:2222, 174.74.164.50:22, 174.74.164.50:2222, 174.91.133.102:22, 174.91.133.102:2222, 18.127.175.67:22, 18.127.175.67:2222, 184.83.38.5:2222, 187.123.176.4:22, 20.125.156.127:22, 201.39.185.139:22, 203.152.95.214:22, 210.57.63.245:2222, 214.91.120.118:22, 244.172.58.153:22, 244.172.58.153:2222, 245.156.98.38:22, 246.175.121.60:22, 251.45.244.239:22, 252.189.190.101:22, 252.189.190.101:2222, 29.110.62.177:2222, 34.237.37.57:22, 35.95.198.230:22, 37.26.83.216:22, 37.26.83.216:2222, 38.56.5.51:22, 38.56.5.51:2222, 39.86.106.30:22, 39.86.106.30:2222, 4.79.250.120:22, 4.79.250.120:2222, 42.38.205.193:22, 42.38.205.193:2222, 45.137.101.195:22, 45.137.101.195:2222, 49.142.60.183:22, 49.142.60.183:2222, 5.201.62.16:22, 5.201.62.16:2222, 54.45.232.5:22, 54.45.232.5:2222, 54.91.25.59:22, 54.91.25.59:2222, 6.64.253.184:22, 6.64.253.184:2222, 62.6.167.15:22, 62.6.167.15:2222, 67.118.64.15:22, 67.118.64.15:2222, 78.74.133.2:22, 90.47.4.17:2222, 91.162.14.56:22, 91.162.14.56:2222, 93.117.225.197:1234, 93.177.205.117:22, 97.14.40.224:22, 97.14.40.224:2222, 97.163.175.14:22, 97.163.175.14:2222, 98.183.24.87:22 and 98.183.24.87:2222 |
Outgoing Connection |
Process /var/opt/ifconfig attempted to access suspicious domains: thenetworkfactory.nl |
Access Suspicious Domain Outgoing Connection |
Process /var/opt/ifconfig scanned port 2222 on 36 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 6 times |
Download and Execute |
The file /var/opt/php-fpm was downloaded and executed 46 times |
Download and Execute |
The file /var/opt/php-fpm was downloaded and executed 21 times |
Download and Execute |
The file /var/opt/php-fpm was downloaded and executed 71 times |
Download and Execute |
The file /var/opt/php-fpm was downloaded and executed 18 times |
Download and Execute |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /var/opt/php-fpm was downloaded and executed 5 times |
Download and Execute |
The file /var/opt/php-fpm was downloaded and executed 8 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|