IP Address: 148.70.167.224Previously Malicious
IP Address: 148.70.167.224Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SSH Download and Allow Execution Successful SSH Login 22 Shell Commands Listening Port 2222 Scan Download and Execute Port 1234 Scan |
Associated Attack Servers |
40.77.57.4 41.228.22.107 47.91.87.67 58.222.195.186 103.39.209.157 121.156.203.3 123.140.250.253 140.127.211.177 166.168.111.151 166.255.227.179 177.99.217.233 |
IP Address |
148.70.167.224 |
|
Domain |
- |
|
ISP |
Tencent cloud computing |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-07-03 |
Last seen in Akamai Guardicore Segmentation |
2020-07-06 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
Process /usr/sbin/sshd scanned port 1234 on 12 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig scanned port 1234 on 12 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 12 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 12 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 1234 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 1234 on 37 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /usr/sbin/sshd scanned port 1234 on 12 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 12 IP Addresses 2 times |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 12 IP Addresses |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 8 times |
Download and Execute |
The file /root/nginx was downloaded and executed 118 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 37 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig started listening on ports: 1234 |
Listening |
Process /root/ifconfig generated outgoing network traffic to: 101.81.107.197:2222, 103.180.205.27:22, 103.180.205.27:2222, 104.72.208.83:22, 106.107.162.61:2222, 107.148.39.149:2222, 107.253.131.48:22, 107.253.131.48:2222, 110.210.119.244:22, 113.223.115.124:2222, 12.2.226.217:22, 12.2.226.217:2222, 121.156.203.3:1234, 121.156.203.3:22, 125.227.250.232:2222, 125.96.196.172:22, 125.96.196.172:2222, 126.106.248.74:2222, 13.92.247.241:1234, 13.92.247.241:22, 130.181.130.70:22, 130.181.130.70:2222, 134.81.243.65:2222, 138.130.117.41:2222, 139.198.191.245:1234, 140.127.211.177:1234, 144.252.211.126:22, 144.252.211.126:2222, 144.54.179.93:22, 146.70.101.16:2222, 147.193.132.13:22, 147.193.132.13:2222, 148.70.167.224:1234, 156.172.77.200:22, 156.172.77.200:2222, 158.118.154.142:22, 158.118.154.142:2222, 16.250.222.71:22, 160.170.110.100:22, 163.43.208.175:22, 163.43.208.175:2222, 166.255.227.179:1234, 167.89.11.26:22, 167.89.11.26:2222, 171.115.239.78:22, 171.115.239.78:2222, 177.63.176.55:2222, 178.217.6.227:2222, 18.90.191.119:2222, 181.147.154.185:22, 185.54.53.82:2222, 191.45.229.20:22, 191.45.229.20:2222, 2.246.238.180:2222, 204.130.157.145:22, 204.130.157.145:2222, 210.20.211.124:22, 215.151.217.225:22, 215.151.217.225:2222, 218.93.239.44:1234, 220.179.231.188:1234, 245.225.198.228:22, 252.105.9.112:22, 27.158.109.85:22, 3.27.7.220:22, 37.101.126.201:22, 37.106.74.93:2222, 4.15.51.1:22, 4.15.51.1:2222, 50.250.21.164:1234, 51.75.31.39:1234, 69.103.12.113:22, 69.103.12.113:2222, 72.203.249.63:22, 72.203.249.63:2222, 73.69.113.30:22, 73.69.113.30:2222, 74.114.117.136:22, 80.223.36.25:2222, 82.253.218.28:22, 82.253.218.28:2222 and 86.80.232.170:2222 |
|
Process /root/ifconfig scanned port 2222 on 37 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|