IP Address: 218.93.239.44Previously Malicious
IP Address: 218.93.239.44Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 2222 Scan SSH Listening Port 22 Scan Successful SSH Login Download and Allow Execution Download and Execute 19 Shell Commands |
|
Associated Attack Servers |
- |
|
IP Address |
218.93.239.44 |
|
|
Domain |
- |
|
|
ISP |
China Telecom |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2019-09-16 |
|
Last seen in Akamai Guardicore Segmentation |
2020-08-18 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 5 times |
Successful SSH Login |
|
The file /etc/ifconfig was downloaded and executed 14 times |
Download and Execute |
|
The file /etc/nginx was downloaded and executed 7 times |
Download and Execute |
|
Process /etc/nginx scanned port 22 on 47 IP Addresses |
Port 22 Scan |
|
Process /root/nginx scanned port 22 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/nginx scanned port 2222 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/nginx scanned port 22 on 34 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /etc/nginx started listening on ports: 1234 |
Listening |
|
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /root/nginx was downloaded and executed 133 times |
Download and Execute |
|
Process /root/nginx started listening on ports: 1234 2 times |
Listening |
|
The file /etc/nginx was downloaded and executed 2 times |
Download and Execute |
|
Process /root/nginx generated outgoing network traffic to: 1.125.171.193:22, 104.180.159.88:22, 104.180.159.88:2222, 111.123.38.145:2222, 112.205.132.25:22, 112.205.132.25:2222, 116.80.225.33:22, 119.47.195.198:22, 126.12.77.247:22, 126.12.77.247:2222, 130.115.170.30:22, 130.115.170.30:2222, 130.201.192.231:22, 130.201.192.231:2222, 131.136.76.197:22, 131.136.76.197:2222, 14.103.86.117:22, 147.250.38.130:22, 15.78.222.11:2222, 152.157.101.98:22, 152.157.101.98:2222, 157.244.207.61:22, 166.132.131.12:22, 166.132.131.12:2222, 174.132.225.220:22, 174.132.225.220:2222, 184.25.199.182:22, 190.152.24.72:22, 190.152.24.72:2222, 196.54.161.179:22, 196.54.161.179:2222, 198.178.35.229:22, 198.178.35.229:2222, 203.20.219.201:22, 207.176.214.230:22, 207.176.214.230:2222, 208.161.8.179:22, 208.161.8.179:2222, 209.121.126.118:22, 209.200.250.109:2222, 21.128.56.97:22, 21.128.56.97:2222, 213.136.235.137:2222, 220.65.194.68:22, 245.36.148.120:22, 245.36.148.120:2222, 25.249.43.103:22, 25.249.43.103:2222, 28.253.231.237:22, 28.253.231.237:2222, 35.66.10.114:22, 36.203.80.216:22, 39.115.159.172:22, 39.201.51.119:22, 42.54.115.191:22, 53.137.39.215:22, 53.137.39.215:2222, 59.173.84.32:22, 59.173.84.32:2222, 59.49.219.206:22, 59.49.219.206:2222, 61.113.155.119:22, 61.113.155.119:2222, 65.212.147.205:22, 65.212.147.205:2222, 67.68.209.165:22, 67.68.209.165:2222, 71.111.248.174:22, 71.111.248.174:2222, 77.38.64.181:2222, 8.57.119.97:22, 8.57.119.97:2222, 84.247.59.250:22, 84.247.59.250:2222, 86.152.58.55:22, 86.152.58.55:2222, 87.1.216.51:22, 91.67.136.242:22, 91.67.136.242:2222 and 95.4.52.173:22 |
|
|
Process /root/nginx scanned port 2222 on 34 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
|
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies