IP Address: 220.179.231.188Previously Malicious
IP Address: 220.179.231.188Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
9 Shell Commands Port 2222 Scan SSH Listening Port 22 Scan Successful SSH Login Download and Allow Execution Download and Execute |
|
Associated Attack Servers |
- |
|
IP Address |
220.179.231.188 |
|
|
Domain |
- |
|
|
ISP |
China Telecom |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2019-05-26 |
|
Last seen in Akamai Guardicore Segmentation |
2022-11-15 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 7 times |
Successful SSH Login |
|
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
Process /root/ifconfig scanned port 22 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 2222 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 22 on 36 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
The file /root/nginx was downloaded and executed 23 times |
Download and Execute |
|
Process /root/ifconfig started listening on ports: 1234 |
Listening |
|
Process /root/ifconfig generated outgoing network traffic to: 103.86.36.102:22, 106.135.18.40:22, 106.135.18.40:2222, 11.79.145.58:22, 11.79.145.58:2222, 112.127.235.122:22, 118.27.34.211:22, 118.27.34.211:2222, 130.146.40.201:22, 130.146.40.201:2222, 135.19.218.61:2222, 137.220.74.205:2222, 138.94.205.208:2222, 152.151.227.120:22, 152.151.227.120:2222, 155.205.11.238:22, 157.89.250.105:22, 157.99.142.197:22, 157.99.142.197:2222, 158.220.111.89:22, 158.220.111.89:2222, 162.45.92.129:22, 162.5.88.126:22, 162.5.88.126:2222, 168.179.76.192:22, 168.212.41.155:22, 168.212.41.155:2222, 17.195.97.28:22, 17.195.97.28:2222, 172.13.102.163:2222, 172.241.200.28:22, 172.241.200.28:2222, 174.79.91.141:22, 181.252.21.87:22, 186.247.151.110:22, 186.247.151.110:2222, 188.216.172.193:22, 19.132.10.104:22, 19.132.10.104:2222, 197.38.186.251:22, 197.38.186.251:2222, 198.108.9.215:22, 198.108.9.215:2222, 198.221.251.206:22, 198.221.251.206:2222, 198.68.70.39:22, 201.79.207.218:22, 201.79.207.218:2222, 210.3.253.248:22, 210.3.253.248:2222, 223.174.91.131:2222, 223.209.125.147:22, 223.209.125.147:2222, 246.212.85.14:22, 246.212.85.14:2222, 251.16.225.39:22, 252.177.8.195:22, 252.177.8.195:2222, 28.139.191.240:2222, 32.198.138.65:2222, 39.73.234.244:22, 39.73.234.244:2222, 4.105.28.43:22, 4.105.28.43:2222, 45.211.187.25:22, 45.211.187.25:2222, 56.38.76.162:22, 56.38.76.162:2222, 61.132.104.158:22, 69.226.78.130:22, 69.226.78.130:2222, 73.211.90.98:22, 73.211.90.98:2222, 74.7.26.190:22, 74.7.26.190:2222, 78.120.222.44:22, 78.204.114.251:22, 8.196.41.81:22, 80.83.35.93:22, 80.83.35.93:2222 and 87.35.8.150:22 |
|
|
Process /root/ifconfig scanned port 2222 on 36 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies