IP Address: 104.47.156.119Previously Malicious
IP Address: 104.47.156.119Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan Access Suspicious Domain SSH Download and Allow Execution Successful SSH Login 18 Shell Commands Listening Port 2222 Scan Download and Execute Outgoing Connection |
Associated Attack Servers |
IP Address |
104.47.156.119 |
|
Domain |
- |
|
ISP |
Microsoft Corporation |
|
Country |
Netherlands |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-21 |
Last seen in Akamai Guardicore Segmentation |
2020-05-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 2 times |
Download and Execute |
The file /root/nginx was downloaded and executed 138 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig started listening on ports: 1234 |
Listening |
Process /root/ifconfig generated outgoing network traffic to: 103.7.56.89:22, 103.7.56.89:2222, 104.47.156.119:1234, 108.5.124.210:22, 108.5.124.210:2222, 109.214.233.107:22, 11.62.91.12:22, 115.186.152.33:22, 115.186.152.33:2222, 121.201.61.205:1234, 123.243.236.91:2222, 13.99.141.185:22, 13.99.141.185:2222, 130.148.125.112:22, 134.212.194.1:2222, 139.100.186.243:22, 139.100.186.243:2222, 146.92.213.11:22, 146.92.213.11:2222, 153.18.19.128:22, 155.177.198.72:22, 155.177.198.72:2222, 162.10.130.218:22, 168.157.202.184:22, 168.157.202.184:2222, 17.158.241.147:2222, 170.101.186.121:22, 170.101.186.121:2222, 173.124.20.140:22, 173.124.20.140:2222, 173.140.204.200:22, 173.140.204.200:2222, 174.238.93.178:22, 174.238.93.178:2222, 176.139.8.11:1234, 176.144.242.103:2222, 177.59.37.252:2222, 179.150.127.5:22, 179.150.127.5:2222, 180.15.51.136:22, 180.15.51.136:2222, 180.55.52.124:22, 180.55.52.124:2222, 183.201.161.185:22, 183.201.161.185:2222, 184.125.206.189:22, 184.125.206.189:2222, 189.152.113.222:22, 189.152.113.222:2222, 198.200.144.164:22, 198.200.144.164:2222, 198.66.56.170:22, 198.66.56.170:2222, 204.146.196.98:2222, 205.220.91.123:2222, 206.147.136.13:2222, 207.163.45.239:22, 207.163.45.239:2222, 208.17.89.135:22, 220.29.79.70:22, 23.82.69.85:22, 23.82.69.85:2222, 252.100.83.42:22, 27.206.2.51:2222, 35.218.37.146:2222, 45.67.63.229:22, 45.67.63.229:2222, 47.91.87.67:1234, 49.218.237.43:22, 49.249.42.235:22, 6.235.128.170:22, 6.235.128.170:2222, 64.85.18.239:22, 64.85.18.239:2222, 66.74.106.226:22, 66.74.106.226:2222, 71.166.242.198:22, 71.166.242.198:2222, 71.235.205.136:22, 71.235.205.136:2222, 72.26.115.60:22, 72.26.115.60:2222, 78.5.170.222:1234, 81.42.242.21:2222, 86.183.213.130:22, 86.183.213.130:2222, 88.51.3.219:22, 88.51.3.219:2222, 97.97.74.36:22 and 98.233.116.1:2222 |
Outgoing Connection |
Process /root/ifconfig attempted to access suspicious domains: 121.201.61.205, albacom.net and bbox.fr |
Access Suspicious Domain Outgoing Connection |
Process /root/ifconfig scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed 3 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /root/php-fpm was downloaded and executed 22 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 36 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|