IP Address: 154.221.255.140Previously Malicious
IP Address: 154.221.255.140Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
51 Shell Commands Port 2222 Scan SSH Listening Port 22 Scan Successful SSH Login Download and Allow Execution Port 1234 Scan Download and Execute |
Associated Attack Servers |
lightpath.net orange-business.com 12.176.121.170 13.92.247.241 18.219.86.225 18.221.121.86 34.219.72.171 54.215.199.134 59.174.30.158 60.175.90.96 61.97.25.123 71.62.129.30 78.93.78.163 103.93.181.10 106.38.83.161 122.51.34.215 124.119.89.249 125.91.108.211 148.76.70.10 166.168.111.151 173.249.27.8 184.183.164.233 204.14.32.240 210.56.218.21 211.23.159.195 223.100.63.187 |
IP Address |
154.221.255.140 |
|
Domain |
- |
|
ISP |
Multacom Corporation |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-08-18 |
Last seen in Akamai Guardicore Segmentation |
2020-08-25 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 7 times |
Successful SSH Login |
Process /usr/sbin/sshd scanned port 1234 on 11 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 11 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig scanned port 1234 on 11 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 11 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 11 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /usr/sbin/sshd scanned port 1234 on 11 IP Addresses 3 times |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 11 IP Addresses |
Port 1234 Scan |
Process /tmp/ifconfig scanned port 1234 on 11 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 11 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 11 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 11 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 11 IP Addresses |
Port 1234 Scan |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 101 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 32 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 28 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 32 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig started listening on ports: 1234 |
Listening |
Process /root/ifconfig generated outgoing network traffic to: 101.210.74.116:22, 113.108.88.92:1234, 115.146.243.25:2222, 118.237.53.28:22, 122.61.215.165:2222, 124.119.89.249:1234, 125.91.108.211:1234, 13.92.247.241:1234, 130.17.103.142:22, 130.17.103.142:2222, 139.199.163.77:1234, 152.105.23.148:2222, 154.221.255.140:1234, 155.99.171.123:2222, 159.89.158.109:22, 159.89.158.109:2222, 161.28.148.205:22, 162.197.44.39:2222, 165.212.175.148:22, 167.62.192.81:22, 168.168.60.183:22, 169.151.128.245:2222, 170.8.89.36:2222, 171.32.76.20:2222, 172.11.59.39:22, 172.11.59.39:2222, 173.249.27.8:1234, 174.61.210.19:22, 175.216.24.94:22, 175.216.24.94:2222, 177.75.209.85:22, 177.75.209.85:2222, 18.139.137.34:2222, 190.5.237.214:22, 204.112.190.147:22, 204.112.190.147:2222, 206.167.70.132:2222, 206.237.139.185:22, 206.237.139.185:2222, 207.136.36.100:2222, 207.218.155.213:22, 207.218.155.213:2222, 221.157.124.117:2222, 222.197.3.176:2222, 23.172.191.167:22, 28.105.131.116:22, 3.71.191.130:22, 3.76.221.215:22, 42.114.172.60:22, 45.150.80.190:2222, 49.253.87.97:22, 49.253.87.97:2222, 49.79.45.14:2222, 50.89.125.187:22, 50.89.125.187:2222, 51.75.31.39:1234, 54.172.36.42:22, 63.140.3.184:22, 67.128.116.55:2222, 75.24.230.147:22, 75.24.230.147:2222, 78.93.78.163:1234, 79.98.26.223:22, 81.219.87.214:22, 81.219.87.214:2222, 82.20.219.50:22, 83.144.236.235:22 and 96.153.193.239:22 |
|
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 3 times |
Download and Execute |
Process /root/ifconfig scanned port 2222 on 28 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 34 times |
Download and Execute |
The file /root/ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 3 times |
Download and Execute |
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 5 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|