IP Address: 124.124.44.156Previously Malicious
IP Address: 124.124.44.156Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Successful SSH Login SSH System File Modification 8 Shell Commands Port 22 Scan Download and Execute Port 2222 Scan Listening Download and Allow Execution |
Associated Attack Servers |
47.91.87.67 49.235.203.242 50.239.104.242 100.2.131.143 106.75.7.111 156.155.179.14 181.57.193.189 221.142.135.128 |
IP Address |
124.124.44.156 |
|
Domain |
- |
|
ISP |
Reliance Communication Limited |
|
Country |
India |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-06 |
Last seen in Akamai Guardicore Segmentation |
2020-07-18 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 3 times |
Successful SSH Login |
System file /etc/ifconfig was modified 4 times |
System File Modification |
System file /etc/nginx was modified 4 times |
System File Modification |
The file /etc/ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /etc/nginx was downloaded and executed 141 times |
Download and Execute |
Process /etc/ifconfig scanned port 22 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 22 on 45 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 2222 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig started listening on ports: 1234 |
Listening |
Process /etc/ifconfig generated outgoing network traffic to: 102.166.128.163:22, 102.166.128.163:2222, 104.148.177.13:22, 104.148.177.13:2222, 111.61.103.203:22, 114.152.202.15:22, 114.152.202.15:2222, 118.191.141.140:22, 123.169.44.218:22, 123.169.44.218:2222, 123.209.11.181:22, 13.156.91.183:2222, 130.161.45.226:22, 132.55.121.230:22, 132.55.121.230:2222, 135.67.20.103:2222, 14.25.112.173:2222, 140.223.14.245:2222, 145.150.108.84:22, 145.150.108.84:2222, 160.96.49.134:22, 160.96.49.134:2222, 163.210.83.242:22, 163.210.83.242:2222, 163.29.123.240:22, 163.29.123.240:2222, 17.209.6.185:2222, 183.116.12.109:22, 184.139.95.111:22, 184.139.95.111:2222, 186.36.70.215:22, 186.36.70.215:2222, 187.200.11.247:22, 187.200.11.247:2222, 190.161.100.155:2222, 2.164.104.127:22, 2.164.104.127:2222, 201.159.206.65:2222, 206.236.33.192:22, 206.236.33.192:2222, 21.245.201.3:22, 21.245.201.3:2222, 216.72.134.233:22, 216.72.134.233:2222, 219.173.133.46:22, 219.173.133.46:2222, 223.157.55.223:22, 242.196.229.253:22, 242.196.229.253:2222, 245.67.109.99:22, 245.67.109.99:2222, 248.79.240.13:22, 248.79.240.13:2222, 249.93.172.167:22, 25.237.64.207:22, 25.237.64.207:2222, 28.107.74.156:2222, 36.62.61.58:22, 36.62.61.58:2222, 39.196.102.125:22, 39.196.102.125:2222, 40.101.113.206:22, 40.101.113.206:2222, 44.53.248.204:22, 48.212.88.224:22, 48.212.88.224:2222, 48.27.241.65:22, 48.27.241.65:2222, 49.185.140.84:22, 49.197.155.58:22, 49.197.155.58:2222, 50.88.137.242:2222, 55.157.125.97:22, 58.66.186.33:22, 62.135.125.126:2222, 62.162.210.105:22, 62.162.210.105:2222, 74.91.225.24:2222, 8.22.32.162:22, 8.22.32.162:2222, 82.125.95.189:22, 82.125.95.189:2222, 84.112.38.85:2222, 94.123.100.169:22, 94.123.100.169:2222, 97.203.50.72:22, 97.203.50.72:2222 and 98.253.252.123:2222 |
|
Process /etc/ifconfig scanned port 2222 on 45 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 69 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 44 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 8 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 10 times |
Download and Execute |
Connection was closed due to timeout |
|