IP Address: 31.206.240.54Previously Malicious
IP Address: 31.206.240.54Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 22 Scan SSH Download and Allow Execution Successful SSH Login Listening Port 2222 Scan Download and Execute 7 Shell Commands |
|
Associated Attack Servers |
- |
|
IP Address |
31.206.240.54 |
|
|
Domain |
- |
|
|
ISP |
Vodafone NET Iletisim Hizmetleri A.S. |
|
|
Country |
Turkey |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2018-10-28 |
|
Last seen in Akamai Guardicore Segmentation |
2020-06-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 4 times |
Successful SSH Login |
|
The file /root/ifconfig was downloaded and granted execution privileges |
Download and Allow Execution |
|
The file /tmp/ifconfig was downloaded and executed 7 times |
Download and Execute |
|
The file /tmp/nginx was downloaded and executed 118 times |
Download and Execute |
|
Process /tmp/nginx scanned port 22 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /tmp/nginx scanned port 2222 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /tmp/nginx scanned port 22 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /tmp/nginx started listening on ports: 1234 |
Listening |
|
Process /tmp/nginx generated outgoing network traffic to: 100.29.225.155:22, 100.29.225.155:2222, 102.164.83.139:22, 102.164.83.139:2222, 103.46.99.24:22, 103.46.99.24:2222, 106.119.5.130:22, 109.130.139.210:22, 109.130.139.210:2222, 11.118.212.27:22, 11.118.212.27:2222, 112.224.45.57:2222, 115.235.196.196:22, 115.235.196.196:2222, 115.71.253.121:22, 116.14.50.90:22, 116.14.50.90:2222, 119.192.252.238:22, 119.192.252.238:2222, 131.149.54.107:22, 131.149.54.107:2222, 133.203.121.113:22, 15.32.193.109:2222, 152.121.61.11:22, 152.121.61.11:2222, 153.116.240.222:22, 153.116.240.222:2222, 165.239.70.214:22, 165.239.70.214:2222, 168.232.15.12:22, 168.232.15.12:2222, 168.68.153.117:22, 170.197.73.56:22, 170.197.73.56:2222, 172.167.36.172:22, 176.24.224.250:22, 176.24.224.250:2222, 177.38.30.98:2222, 177.73.101.185:22, 177.73.101.185:2222, 182.250.142.46:2222, 182.99.148.206:22, 182.99.148.206:2222, 186.64.165.25:22, 186.64.165.25:2222, 188.21.171.114:22, 188.92.129.16:22, 189.125.132.249:22, 189.125.132.249:2222, 191.226.144.8:22, 191.226.144.8:2222, 193.147.42.159:22, 193.147.42.159:2222, 193.252.245.178:22, 193.252.245.178:2222, 195.5.117.80:22, 195.5.117.80:2222, 197.18.173.233:22, 197.18.173.233:2222, 199.154.39.219:22, 203.33.82.16:22, 21.170.67.187:22, 21.170.67.187:2222, 212.161.22.227:2222, 217.19.205.3:22, 217.19.205.3:2222, 220.27.121.108:22, 220.27.121.108:2222, 24.92.178.84:22, 24.92.178.84:2222, 25.15.75.115:2222, 251.158.21.153:22, 251.158.21.153:2222, 253.46.216.77:22, 253.46.216.77:2222, 29.6.222.25:2222, 36.236.203.14:22, 36.236.203.14:2222, 50.164.182.146:22, 50.164.182.146:2222, 52.243.32.94:2222, 58.195.88.5:22, 58.195.88.5:2222, 77.93.87.31:22, 77.93.87.31:2222, 8.137.55.55:22, 8.137.55.55:2222, 8.251.134.169:22, 81.239.32.228:22, 87.21.215.187:22 and 87.21.215.187:2222 |
|
|
Process /tmp/nginx scanned port 2222 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies