IP Address: 222.154.86.51Previously Malicious
IP Address: 222.154.86.51Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
19 Shell Commands Successful SSH Login SSH Port 22 Scan Download and Execute Port 2222 Scan Listening Download and Allow Execution |
Associated Attack Servers |
avonet.cz bahnhof.se intelekt.cv.ua internet.co.za orange-business.com sparkbb.co.nz thenetworkfactory.nl 23.254.217.214 24.158.63.182 35.192.122.245 47.240.81.242 54.64.209.29 59.31.240.42 71.62.129.30 74.82.47.37 78.189.47.125 81.170.214.154 85.97.131.99 87.247.174.155 93.117.225.197 100.0.197.18 104.244.76.33 106.75.7.111 121.156.203.3 132.248.167.254 156.155.179.14 175.24.57.194 188.191.235.237 192.115.164.205 211.110.184.22 217.112.162.10 218.151.100.195 |
IP Address |
222.154.86.51 |
|
Domain |
- |
|
ISP |
Spark New Zealand |
|
Country |
New Zealand |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-04-26 |
Last seen in Akamai Guardicore Segmentation |
2020-05-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
The file /tmp/ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 155 times |
Download and Execute |
Process /tmp/ifconfig scanned port 22 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 2222 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 22 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig started listening on ports: 1234 |
Listening |
Process /tmp/ifconfig generated outgoing network traffic to: 103.69.83.200:2222, 106.158.132.185:22, 107.94.133.221:22, 107.94.133.221:2222, 11.161.128.214:22, 11.161.128.214:2222, 110.6.36.73:22, 110.6.36.73:2222, 115.143.33.40:22, 115.143.33.40:2222, 121.69.162.52:22, 121.69.162.52:2222, 124.171.104.252:22, 124.171.104.252:2222, 130.228.204.76:2222, 132.209.169.248:22, 132.209.169.248:2222, 135.145.161.43:22, 135.145.161.43:2222, 14.95.237.35:22, 14.95.237.35:2222, 146.54.163.148:22, 146.54.163.148:2222, 148.165.206.174:22, 148.165.206.174:2222, 151.203.10.179:22, 151.203.10.179:2222, 153.113.113.186:22, 153.113.113.186:2222, 157.77.17.93:22, 157.77.17.93:2222, 16.136.54.187:22, 160.247.125.117:22, 160.247.125.117:2222, 162.119.1.161:22, 162.119.1.161:2222, 168.74.17.144:22, 168.74.17.144:2222, 171.237.181.198:22, 187.217.226.157:22, 19.128.154.185:2222, 203.94.253.253:2222, 204.170.42.67:22, 204.170.42.67:2222, 211.147.139.67:22, 211.147.139.67:2222, 211.198.80.156:22, 211.198.80.156:2222, 212.206.219.206:22, 212.206.219.206:2222, 216.227.123.51:2222, 218.19.41.66:22, 218.19.41.66:2222, 221.217.109.249:2222, 222.90.111.231:22, 222.90.111.231:2222, 240.40.51.167:22, 240.40.51.167:2222, 25.142.84.66:22, 25.142.84.66:2222, 251.162.115.15:22, 251.212.13.65:22, 26.127.171.120:22, 26.127.171.120:2222, 27.45.204.165:22, 27.45.204.165:2222, 29.186.61.20:22, 29.186.61.20:2222, 39.89.14.113:22, 39.89.14.113:2222, 54.242.140.93:22, 54.242.140.93:2222, 56.146.23.76:22, 56.146.23.76:2222, 56.167.235.195:2222, 57.198.243.232:22, 57.198.243.232:2222, 61.56.76.145:22, 61.56.76.145:2222, 63.219.156.130:22, 69.141.53.72:22, 69.141.53.72:2222, 7.113.95.12:2222, 78.86.109.10:2222, 88.146.235.151:22, 9.22.81.91:22, 9.22.81.91:2222, 90.153.187.1:22, 90.153.187.1:2222, 91.28.65.140:22, 91.28.65.140:2222, 92.131.196.171:22 and 94.205.237.21:22 |
|
Process /tmp/ifconfig scanned port 2222 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/nginx was downloaded and executed 6 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 2 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 12 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 11 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 11 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 78 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 14 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 15 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and granted execution privileges |
Download and Allow Execution |
Connection was closed due to timeout |
|