IP Address: 119.29.141.189Previously Malicious
IP Address: 119.29.141.189Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation Listening SCP 2 Shell Commands Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File |
Associated Attack Servers |
50.216.208.27 50.237.89.162 103.141.246.254 103.152.48.32 202.186.42.73 |
IP Address |
119.29.141.189 |
|
Domain |
- |
|
ISP |
Tencent cloud computing |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-11-30 |
Last seen in Akamai Guardicore Segmentation |
2022-01-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /root/apache2 was downloaded and executed 113 times |
Download and Execute |
Process /root/ifconfig started listening on ports: 1234 and 8089 |
Listening |
Process /root/ifconfig generated outgoing network traffic to: 100.14.54.240:2222, 100.214.197.223:2222, 101.124.165.68:2222, 103.26.140.2:22, 107.128.134.239:22, 110.129.143.234:22, 119.229.199.9:2222, 124.13.209.201:2222, 126.17.79.71:2222, 130.1.78.94:2222, 131.51.146.25:22, 131.75.46.183:2222, 131.99.42.186:22, 132.200.96.134:2222, 132.206.38.140:2222, 134.61.14.54:22, 14.120.57.16:22, 14.244.39.207:2222, 143.161.8.53:2222, 146.90.134.232:2222, 152.153.156.14:22, 155.180.248.209:22, 158.74.181.132:2222, 160.177.228.35:22, 163.59.251.109:2222, 165.94.168.9:22, 169.99.243.70:2222, 170.64.55.234:2222, 173.126.103.103:22, 174.41.97.81:22, 178.54.228.243:22, 179.178.85.74:2222, 18.249.110.73:22, 181.13.131.38:2222, 185.51.141.171:2222, 186.247.136.219:22, 186.82.155.13:22, 191.247.162.170:22, 194.198.176.195:2222, 197.37.55.112:22, 197.74.18.191:2222, 198.155.156.160:2222, 201.37.87.19:2222, 203.250.241.183:22, 211.234.33.71:22, 212.148.116.127:22, 213.121.6.153:2222, 216.130.141.99:2222, 219.155.147.167:22, 22.181.92.120:22, 241.61.61.155:22, 243.11.52.231:22, 243.131.228.118:2222, 244.204.43.164:2222, 247.40.204.118:22, 252.235.38.230:2222, 252.76.27.237:22, 31.207.176.90:2222, 32.220.193.198:22, 35.238.101.229:2222, 36.5.131.65:2222, 37.70.102.141:22, 38.93.85.121:22, 39.144.224.11:2222, 41.142.171.83:2222, 41.242.86.97:2222, 43.192.73.126:2222, 48.125.23.49:2222, 5.119.13.34:2222, 52.192.103.199:22, 53.210.50.175:2222, 54.137.82.12:2222, 62.19.156.212:22, 62.82.110.33:22, 62.82.110.33:2222, 65.161.1.27:22, 66.215.238.45:22, 69.18.1.158:2222, 70.172.153.107:22, 75.194.54.12:22, 75.93.42.4:22, 82.167.122.62:2222, 83.202.229.74:2222, 83.226.239.186:22, 83.226.239.186:2222, 89.180.108.81:2222, 91.185.216.208:22, 92.202.148.189:22 and 99.36.169.2:2222 |
|
Process /root/ifconfig scanned port 2222 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /usr/bin/free was downloaded and executed 3 times |
Download and Execute |
Connection was closed due to timeout |
|