IP Address: 114.116.29.175Previously Malicious
IP Address: 114.116.29.175Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
54 Shell Commands Successful SSH Login Listening Port 22 Scan Access Suspicious Domain Outgoing Connection Port 2222 Scan Download and Execute SSH |
|
Associated Attack Servers |
78.93.78.163 124.119.89.249 125.91.108.211 168.196.202.8 173.249.27.8 |
|
IP Address |
114.116.29.175 |
|
|
Domain |
- |
|
|
ISP |
Huawei Public Cloud Service (Huawei Software Techn |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2020-09-15 |
|
Last seen in Akamai Guardicore Segmentation |
2020-09-15 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 3 times |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
|
Process /dev/shm/nginx scanned port 22 on 40 IP Addresses |
Port 22 Scan |
|
Process /tmp/ifconfig scanned port 22 on 40 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /tmp/ifconfig scanned port 2222 on 40 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /tmp/ifconfig scanned port 22 on 30 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /dev/shm/nginx started listening on ports: 1234 |
Listening |
|
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /tmp/nginx was downloaded and executed 118 times |
Download and Execute |
|
Process /tmp/ifconfig started listening on ports: 1234 |
Listening |
|
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /root/nginx was downloaded and executed |
Download and Execute |
|
Process /tmp/ifconfig generated outgoing network traffic to: 102.129.3.123:22, 110.20.44.93:22, 110.61.118.98:22, 114.116.29.175:1234, 115.141.59.41:22, 115.141.59.41:2222, 118.20.52.239:22, 123.77.215.16:22, 123.77.215.16:2222, 124.119.89.249:1234, 125.54.32.67:22, 125.54.32.67:2222, 125.91.108.211:1234, 129.162.228.29:2222, 135.8.52.5:22, 139.199.163.77:1234, 14.245.210.213:22, 141.237.165.77:22, 141.237.165.77:2222, 154.237.28.40:22, 154.237.28.40:2222, 157.99.247.213:22, 163.155.166.235:2222, 163.205.71.203:22, 172.222.151.66:2222, 173.249.27.8:1234, 18.86.56.250:22, 18.86.56.250:2222, 181.241.169.77:22, 181.241.169.77:2222, 182.203.212.228:22, 182.203.212.228:2222, 192.190.164.200:2222, 193.35.161.191:22, 195.141.40.230:22, 199.245.144.242:2222, 2.55.177.248:22, 203.204.140.208:22, 205.147.222.191:22, 205.147.222.191:2222, 207.28.105.127:22, 207.28.105.127:2222, 209.67.87.147:22, 216.178.152.1:22, 240.230.55.175:2222, 241.53.211.170:2222, 241.71.239.251:22, 241.71.239.251:2222, 25.233.225.111:2222, 251.88.34.96:22, 251.88.34.96:2222, 32.150.204.129:22, 32.150.204.129:2222, 38.93.58.137:22, 42.77.133.248:22, 49.126.248.17:22, 49.126.248.17:2222, 5.33.181.9:22, 57.95.185.37:22, 57.95.185.37:2222, 58.197.115.75:22, 58.197.115.75:2222, 61.92.132.16:22, 66.198.227.74:2222, 68.137.230.203:22, 68.137.230.203:2222, 78.80.130.23:22, 78.80.130.23:2222, 78.93.78.163:1234, 79.238.10.116:2222, 8.172.36.250:22, 80.110.75.240:2222, 92.204.218.33:22, 94.8.193.177:22 and 94.8.193.177:2222 |
Outgoing Connection |
|
Process /tmp/ifconfig attempted to access suspicious domains: hwclouds-dns.com |
Access Suspicious Domain Outgoing Connection |
|
Process /tmp/ifconfig scanned port 2222 on 30 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
The file /tmp/php-fpm was downloaded and granted execution privileges |
|
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies