IP Address: 198.100.146.76Previously Malicious
IP Address: 198.100.146.76Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Listening Port 2222 Scan Port 22 Scan 19 Shell Commands SSH Download and Execute Successful SSH Login Download and Allow Execution |
|
Associated Attack Servers |
- |
|
IP Address |
198.100.146.76 |
|
|
Domain |
- |
|
|
ISP |
OVH Hosting |
|
|
Country |
Canada |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2020-05-10 |
|
Last seen in Akamai Guardicore Segmentation |
2020-06-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
|
The file /root/ifconfig was downloaded and executed 7 times |
Download and Execute |
|
The file /root/nginx was downloaded and executed 142 times |
Download and Execute |
|
Process /root/ifconfig scanned port 22 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 22 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 2222 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig started listening on ports: 1234 |
Listening |
|
Process /root/ifconfig generated outgoing network traffic to: 106.27.16.55:22, 106.27.16.55:2222, 108.176.190.247:22, 108.176.190.247:2222, 11.248.64.86:22, 11.248.64.86:2222, 111.210.4.86:22, 116.83.112.77:22, 116.83.112.77:2222, 118.179.195.30:22, 118.179.195.30:2222, 118.193.140.96:2222, 124.147.103.179:22, 124.147.103.179:2222, 126.17.210.73:2222, 13.222.7.253:22, 132.209.1.218:22, 132.209.1.218:2222, 134.156.202.200:22, 143.179.155.73:22, 143.179.155.73:2222, 146.127.91.154:22, 151.61.192.125:22, 154.52.182.205:22, 154.52.182.205:2222, 16.184.203.242:22, 16.228.173.29:22, 16.228.173.29:2222, 162.214.50.7:22, 163.33.59.2:22, 163.33.59.2:2222, 165.51.155.243:22, 169.167.134.228:22, 169.167.134.228:2222, 170.141.105.162:22, 171.127.119.106:2222, 173.51.164.69:22, 173.51.164.69:2222, 181.26.171.163:2222, 186.213.95.227:22, 188.179.149.26:2222, 19.139.175.51:22, 201.171.122.82:22, 201.171.122.82:2222, 201.79.179.222:22, 201.79.179.222:2222, 207.149.40.122:2222, 21.6.63.93:22, 21.6.63.93:2222, 213.177.50.216:22, 213.177.50.216:2222, 216.138.72.178:22, 216.138.72.178:2222, 216.72.170.217:22, 216.72.170.217:2222, 248.131.253.6:22, 248.131.253.6:2222, 26.28.196.22:22, 26.28.196.22:2222, 3.124.22.233:2222, 30.82.222.238:22, 30.82.222.238:2222, 39.78.62.55:22, 39.78.62.55:2222, 49.98.213.128:22, 49.98.213.128:2222, 51.87.193.76:22, 51.87.193.76:2222, 54.197.10.28:22, 54.197.10.28:2222, 54.99.208.14:22, 54.99.208.14:2222, 55.94.25.126:2222, 59.138.170.112:22, 59.138.170.112:2222, 65.92.232.224:22, 65.92.232.224:2222, 69.166.220.13:22, 69.166.220.13:2222, 75.243.242.168:2222, 76.152.65.93:22, 76.152.65.93:2222, 77.250.117.61:2222, 79.8.194.46:2222, 79.89.19.101:22, 79.89.19.101:2222, 80.247.235.100:22, 81.193.178.75:2222, 81.87.18.150:22, 81.87.18.150:2222, 87.218.14.232:2222 and 97.76.75.77:2222 |
|
|
Process /root/ifconfig scanned port 2222 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
The file /usr/bin/free was downloaded and executed 3 times |
Download and Execute |
|
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
|
The file /root/php-fpm was downloaded and granted execution privileges |
|
|
The file /root/php-fpm was downloaded and executed 37 times |
Download and Execute |
|
The file /root/php-fpm was downloaded and executed 21 times |
Download and Execute |
|
The file /root/php-fpm was downloaded and executed 4 times |
Download and Execute |
|
The file /root/php-fpm was downloaded and executed 19 times |
Download and Execute |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies