IP Address: 145.14.157.171Previously Malicious
IP Address: 145.14.157.171Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 22 Scan SSH Download and Allow Execution Successful SSH Login Listening Port 2222 Scan 13 Shell Commands Download and Execute Port 1234 Scan |
|
Associated Attack Servers |
albacom.net gvt.net.br kcell.kz lightpath.net orange-business.com 2.78.61.194 3.17.152.26 18.204.247.146 35.182.238.155 41.228.22.107 45.84.196.108 45.249.92.58 47.91.87.67 54.153.113.34 73.254.114.94 109.244.35.20 121.156.203.3 122.51.48.52 124.119.89.249 140.127.211.177 161.139.68.245 166.168.111.151 172.105.92.28 173.251.42.2 176.139.8.11 177.135.103.54 190.144.52.117 195.47.197.14 |
|
IP Address |
145.14.157.171 |
|
|
Domain |
- |
|
|
ISP |
Hostinger International Limited |
|
|
Country |
United States |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2020-06-02 |
|
Last seen in Akamai Guardicore Segmentation |
2022-03-06 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
Process /bin/bash scanned port 1234 on 14 IP Addresses |
Port 1234 Scan |
|
Process /root/nginx scanned port 1234 on 14 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
|
Process /root/nginx scanned port 1234 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
|
Process /root/nginx scanned port 1234 on 39 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
|
Process /root/nginx scanned port 22 on 14 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
|
Process /root/nginx scanned port 2222 on 14 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
|
Process /usr/sbin/sshd scanned port 1234 on 14 IP Addresses 2 times |
Port 1234 Scan |
|
Process /bin/bash scanned port 1234 on 14 IP Addresses 2 times |
Port 1234 Scan |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
|
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /root/nginx was downloaded and executed 135 times |
Download and Execute |
|
Process /root/nginx scanned port 22 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
|
Process /root/nginx scanned port 22 on 39 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
|
Process /root/nginx scanned port 2222 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
|
Process /root/nginx started listening on ports: 1234 |
Listening |
|
Process /root/nginx generated outgoing network traffic to: 1.171.230.146:22, 104.206.202.61:22, 111.13.89.58:22, 114.217.179.49:1234, 121.155.49.93:1234, 122.51.48.52:1234, 13.163.38.27:2222, 13.90.45.216:1234, 131.20.61.59:22, 131.20.61.59:2222, 135.67.45.22:22, 135.67.45.22:2222, 137.99.143.15:22, 137.99.143.15:2222, 138.235.87.155:22, 142.147.138.232:22, 142.147.138.232:2222, 147.47.207.166:22, 149.101.229.249:2222, 149.122.181.116:22, 149.122.181.116:2222, 155.129.90.164:2222, 162.28.188.154:22, 162.28.188.154:2222, 162.62.157.113:2222, 164.214.25.70:2222, 166.168.111.151:1234, 172.105.92.28:1234, 174.194.167.7:22, 174.194.167.7:2222, 175.248.57.61:22, 179.183.206.250:22, 2.78.61.194:1234, 20.125.141.111:22, 20.125.141.111:2222, 200.3.36.40:2222, 204.27.73.47:22, 205.50.60.94:2222, 205.60.94.202:2222, 212.109.236.42:22, 212.109.236.42:2222, 212.217.32.92:22, 217.104.76.223:2222, 218.93.239.44:1234, 221.228.6.91:22, 221.228.6.91:2222, 24.36.231.182:22, 24.36.231.182:2222, 243.105.164.32:22, 243.105.164.32:2222, 246.172.113.205:2222, 248.101.119.136:22, 248.138.132.76:22, 248.138.132.76:2222, 3.166.158.68:22, 3.166.158.68:2222, 33.116.25.77:22, 33.116.25.77:2222, 37.196.68.205:22, 38.56.61.221:2222, 40.175.13.192:22, 40.175.13.192:2222, 40.92.49.77:22, 40.92.49.77:2222, 41.19.62.10:2222, 44.244.116.227:22, 44.244.116.227:2222, 45.245.187.91:22, 45.245.187.91:2222, 51.75.31.39:1234, 53.3.150.117:22, 63.148.85.228:22, 63.148.85.228:2222, 68.84.68.139:1234, 68.97.74.52:1234, 77.122.194.92:1234, 81.193.115.145:2222, 86.73.233.85:22, 86.73.233.85:2222, 90.24.199.7:22, 90.24.199.7:2222, 91.216.77.179:22, 91.216.77.179:2222, 94.137.233.210:2222, 95.192.241.107:2222, 99.102.232.101:22, 99.19.103.154:22 and 99.19.103.154:2222 |
|
|
Process /root/nginx scanned port 2222 on 39 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
|
The file /usr/bin/free was downloaded and executed |
Download and Execute |
|
The file /root/php-fpm was downloaded and executed 8 times |
Download and Execute |
|
The file /root/php-fpm was downloaded and executed 12 times |
Download and Execute |
|
The file /root/php-fpm was downloaded and executed 33 times |
Download and Execute |
|
The file /root/php-fpm was downloaded and executed 17 times |
Download and Execute |
|
The file /root/php-fpm was downloaded and executed 9 times |
Download and Execute |
|
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies