IP Address: 58.222.195.186Previously Malicious
IP Address: 58.222.195.186Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SSH 19 Shell Commands Successful SSH Login Listening Port 2222 Scan Download and Execute Outgoing Connection |
Associated Attack Servers |
IP Address |
58.222.195.186 |
|
Domain |
- |
|
ISP |
China Telecom jiangsu |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2019-01-11 |
Last seen in Akamai Guardicore Segmentation |
2020-07-04 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 5 times |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 79 times |
Download and Execute |
Process /root/nginx scanned port 22 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/nginx scanned port 22 on 36 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/nginx scanned port 2222 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/nginx started listening on ports: 1234 |
Listening |
Process /root/nginx generated outgoing network traffic to: 100.144.90.34:22, 100.144.90.34:2222, 102.239.143.221:22, 102.239.143.221:2222, 102.84.176.67:22, 102.84.176.67:2222, 103.58.211.119:22, 103.58.211.119:2222, 108.70.108.130:2222, 119.46.192.117:22, 119.46.192.117:2222, 119.57.229.205:22, 119.57.229.205:2222, 119.75.131.73:22, 128.171.194.96:22, 129.59.3.136:22, 136.133.32.60:22, 136.133.32.60:2222, 14.118.251.215:2222, 14.214.106.156:22, 140.127.211.177:1234, 141.208.148.21:22, 143.184.191.228:2222, 148.213.226.47:22, 148.213.226.47:2222, 148.87.21.68:22, 148.87.21.68:2222, 149.104.179.119:22, 151.15.59.182:22, 151.15.59.182:2222, 155.118.177.48:22, 155.118.177.48:2222, 155.159.79.178:22, 155.159.79.178:2222, 157.67.187.247:2222, 169.233.76.124:22, 169.233.76.124:2222, 172.113.164.43:2222, 172.154.213.249:22, 172.154.213.249:2222, 177.188.72.219:22, 177.188.72.219:2222, 183.18.74.179:22, 183.18.74.179:2222, 183.92.177.133:22, 19.233.42.138:22, 19.233.42.138:2222, 193.61.21.42:22, 195.133.68.28:22, 195.133.68.28:2222, 202.80.223.72:22, 202.80.223.72:2222, 206.64.176.104:22, 211.218.157.219:22, 220.179.231.188:1234, 241.207.175.170:2222, 249.70.158.98:22, 249.70.158.98:2222, 28.202.94.30:22, 28.202.94.30:2222, 34.187.240.176:22, 34.187.240.176:2222, 4.184.139.194:22, 4.184.139.194:2222, 41.189.228.4:2222, 53.230.12.132:22, 55.218.248.150:22, 58.222.195.186:1234, 65.128.160.96:2222, 65.70.231.5:2222, 66.198.104.57:2222, 68.137.2.195:22, 68.185.184.201:22, 77.80.163.62:22, 77.80.163.62:2222, 80.241.114.46:22, 88.245.142.50:22, 89.97.212.173:22, 89.97.212.173:2222, 96.121.50.120:22, 96.25.133.74:22 and 96.25.133.74:2222 |
Outgoing Connection |
Process /root/nginx scanned port 2222 on 36 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|