IP Address: 178.22.123.208Previously Malicious
IP Address: 178.22.123.208Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
System File Modification Port 2222 Scan SSH Listening 31 Shell Commands Port 22 Scan Successful SSH Login Download and Allow Execution Download and Execute |
Associated Attack Servers |
5.26.221.186 47.91.87.67 100.0.197.18 121.156.203.3 140.127.211.177 166.168.111.151 |
IP Address |
178.22.123.208 |
|
Domain |
- |
|
ISP |
Asiatech Data Transfer Inc PLC |
|
Country |
Iran, Islamic Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-07-12 |
Last seen in Akamai Guardicore Segmentation |
2020-07-13 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 4 times |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /root/nginx was downloaded and executed 12 times |
Download and Execute |
Process /root/nginx scanned port 22 on 41 IP Addresses |
Port 22 Scan |
Process /etc/nginx scanned port 22 on 41 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/nginx scanned port 22 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/nginx scanned port 2222 on 41 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/nginx started listening on ports: 1234 |
Listening |
System file /etc/nginx was modified 4 times |
System File Modification |
The file /etc/ifconfig was downloaded and executed 8 times |
Download and Execute |
The file /etc/nginx was downloaded and executed 121 times |
Download and Execute |
Process /etc/nginx started listening on ports: 1234 |
Listening |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 12 times |
Download and Execute |
Process /etc/nginx generated outgoing network traffic to: 1.192.204.110:22, 1.192.204.110:2222, 102.90.70.87:22, 11.182.226.189:22, 11.182.226.189:2222, 113.39.139.74:22, 113.93.46.70:2222, 131.250.230.162:22, 132.185.237.12:22, 132.185.237.12:2222, 136.155.49.210:22, 136.155.49.210:2222, 137.63.187.82:2222, 140.221.70.107:2222, 140.235.253.17:22, 140.235.253.17:2222, 140.61.153.170:22, 140.61.153.170:2222, 146.176.89.219:22, 146.176.89.219:2222, 147.107.34.144:2222, 151.79.171.61:2222, 163.208.179.223:22, 163.208.179.223:2222, 172.29.102.189:22, 172.29.102.189:2222, 175.62.79.199:22, 175.98.136.167:22, 175.98.136.167:2222, 176.39.89.4:22, 176.39.89.4:2222, 179.83.103.136:22, 179.83.103.136:2222, 194.181.28.144:22, 201.239.217.76:22, 201.239.217.76:2222, 205.1.45.167:22, 205.1.45.167:2222, 206.7.49.174:22, 206.7.49.174:2222, 208.227.85.177:22, 208.227.85.177:2222, 211.168.110.123:22, 215.213.42.21:2222, 216.135.37.206:2222, 221.195.225.160:2222, 223.107.7.195:2222, 240.182.214.82:2222, 242.78.111.242:22, 242.78.111.242:2222, 246.24.200.98:22, 249.178.196.33:22, 249.178.196.33:2222, 250.153.68.225:22, 250.153.68.225:2222, 252.200.97.133:22, 252.200.97.133:2222, 253.95.246.37:22, 253.95.246.37:2222, 28.79.130.39:22, 31.176.246.113:22, 31.176.246.113:2222, 33.128.96.143:2222, 40.236.251.149:22, 40.236.251.149:2222, 40.25.74.96:22, 40.25.74.96:2222, 54.235.11.210:22, 58.56.187.212:2222, 60.8.120.4:22, 65.137.164.193:22, 69.9.167.201:22, 75.120.199.209:22, 8.253.22.159:22, 8.253.22.159:2222, 84.45.154.41:22, 84.45.154.41:2222 and 97.183.13.97:22 |
|
Process /etc/nginx scanned port 2222 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /root/ifconfig was downloaded and executed 8 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
System file /etc/php-fpm was modified 4 times |
System File Modification |
The file /etc/php-fpm was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|