IP Address: 119.91.218.244Previously Malicious
IP Address: 119.91.218.244Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation Listening SCP 2 Shell Commands Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File |
Associated Attack Servers |
heartcareassoc.com myrepublic.co.id 50.216.208.27 94.133.158.230 101.34.16.17 102.223.37.58 104.226.0.82 158.140.160.214 |
IP Address |
119.91.218.244 |
|
Domain |
- |
|
ISP |
HuaBei Oil Communication CO. Information Center |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-18 |
Last seen in Akamai Guardicore Segmentation |
2021-12-27 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /var/tmp/apache2 was downloaded and executed 122 times |
Download and Execute |
Process /var/tmp/ifconfig scanned port 22 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /var/tmp/ifconfig scanned port 22 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /var/tmp/ifconfig scanned port 2222 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /var/tmp/ifconfig started listening on ports: 1234 and 8088 |
Listening |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /usr/bin/free was downloaded and executed 4 times |
Download and Execute |
Process /var/tmp/ifconfig generated outgoing network traffic to: 100.82.42.174:2222, 101.63.203.83:22, 104.95.13.55:22, 106.189.155.201:2222, 107.15.143.247:22, 112.245.112.76:22, 114.133.66.167:2222, 12.51.114.200:22, 123.201.208.44:2222, 126.174.230.197:2222, 126.40.252.129:22, 126.80.149.21:22, 128.227.17.193:22, 129.11.74.94:2222, 133.183.153.198:2222, 133.77.98.195:2222, 134.243.115.240:2222, 138.30.171.1:2222, 14.223.253.102:22, 141.212.196.122:22, 142.66.136.176:22, 143.130.5.248:22, 144.17.92.208:22, 145.207.10.20:22, 147.245.221.150:2222, 147.3.159.213:2222, 147.54.26.251:2222, 15.250.36.5:2222, 153.198.82.101:22, 153.222.13.132:2222, 154.228.170.124:22, 154.78.104.247:2222, 157.61.26.21:22, 158.47.240.122:2222, 161.117.123.159:2222, 163.158.117.9:2222, 163.84.147.234:22, 165.72.87.59:2222, 166.81.63.108:2222, 167.141.2.14:2222, 167.211.83.178:22, 172.44.197.227:22, 172.55.130.7:2222, 176.203.190.94:22, 179.85.247.67:2222, 184.122.21.111:2222, 185.36.70.139:2222, 186.217.234.244:2222, 187.231.185.188:2222, 188.104.31.227:22, 206.47.42.85:2222, 207.248.135.68:22, 208.100.67.96:2222, 210.76.127.214:2222, 217.36.41.249:22, 219.126.235.245:2222, 219.155.108.37:2222, 219.62.65.91:22, 22.60.202.16:22, 23.192.213.32:22, 24.72.90.94:22, 241.116.170.53:2222, 243.113.104.244:22, 244.141.43.87:22, 244.156.9.237:22, 245.118.35.21:2222, 246.110.2.157:22, 246.173.130.32:22, 247.244.34.169:22, 248.81.219.33:2222, 30.217.136.39:22, 35.79.62.189:22, 44.83.82.218:22, 49.211.105.237:2222, 5.51.143.247:2222, 55.104.166.89:2222, 61.78.32.77:22, 67.131.9.140:22, 70.218.67.182:2222, 8.188.235.115:22, 83.212.41.25:22, 86.250.47.64:2222, 88.37.59.14:2222, 88.81.237.70:22, 89.159.132.31:2222, 89.236.141.26:2222, 9.237.49.251:22, 93.182.181.214:22 and 94.213.96.170:22 |
|
Process /var/tmp/ifconfig scanned port 2222 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
Connection was closed due to timeout |
|