IP Address: 218.146.128.93Previously Malicious
IP Address: 218.146.128.93Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SSH Download and Allow Execution Successful SSH Login Listening Port 2222 Scan 13 Shell Commands Download and Execute Port 1234 Scan |
Associated Attack Servers |
18.162.200.166 18.228.44.254 45.143.136.213 47.91.87.67 52.175.252.75 59.24.153.124 68.84.68.139 71.62.129.30 73.144.18.16 73.254.114.94 93.61.59.232 100.0.197.18 103.127.80.9 111.20.56.244 113.15.114.151 114.217.179.49 121.156.203.3 121.201.61.205 122.51.48.52 161.139.68.245 168.196.201.4 172.105.92.28 217.10.240.62 |
IP Address |
218.146.128.93 |
|
Domain |
- |
|
ISP |
Korea Telecom |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-29 |
Last seen in Akamai Guardicore Segmentation |
2020-06-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
The file /tmp/ifconfig was downloaded and executed 8 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 124 times |
Download and Execute |
Process /tmp/nginx scanned port 1234 on 16 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 1234 on 31 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 1234 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 22 on 16 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 22 on 31 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 22 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 2222 on 16 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 2222 on 31 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /bin/nc.openbsd scanned port 1234 on 16 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 16 IP Addresses 2 times |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 16 IP Addresses |
Port 1234 Scan |
Process /tmp/nginx started listening on ports: 1234 |
Listening |
Process /tmp/nginx generated outgoing network traffic to: 100.0.197.18:1234, 103.127.80.9:1234, 104.55.105.119:22, 104.55.105.119:2222, 109.172.147.32:22, 109.172.147.32:2222, 114.217.179.49:1234, 118.176.101.45:22, 118.176.101.45:2222, 128.169.108.131:22, 128.169.108.131:2222, 13.166.65.20:22, 13.166.65.20:2222, 137.162.8.23:22, 137.162.8.23:2222, 140.226.2.82:2222, 144.3.41.50:2222, 144.98.171.223:2222, 145.110.45.126:22, 148.236.200.156:22, 15.233.184.197:22, 15.233.184.197:2222, 154.79.81.235:2222, 158.112.122.151:22, 158.89.158.159:22, 162.190.37.55:22, 162.190.37.55:2222, 163.36.223.31:22, 163.36.223.31:2222, 166.168.111.151:1234, 168.31.150.135:2222, 170.187.31.76:22, 170.187.31.76:2222, 172.105.92.28:1234, 172.105.92.28:22, 175.58.233.55:22, 182.134.190.31:22, 185.155.31.150:22, 185.155.31.150:2222, 190.227.71.22:22, 190.227.71.22:2222, 196.191.64.118:22, 196.191.64.118:2222, 2.78.61.194:1234, 2.78.61.194:22, 218.129.55.17:2222, 219.234.87.1:2222, 222.121.66.66:22, 222.121.66.66:2222, 243.233.213.184:22, 244.230.172.10:22, 244.230.172.10:2222, 249.131.147.101:2222, 250.6.125.247:2222, 27.114.162.220:22, 27.114.162.220:2222, 3.132.230.94:2222, 31.90.230.200:22, 38.23.228.18:2222, 40.16.143.99:2222, 41.62.132.210:2222, 43.102.70.41:2222, 44.226.239.216:2222, 46.225.32.51:2222, 51.75.31.39:1234, 52.175.252.75:1234, 55.216.177.75:2222, 57.128.163.228:2222, 59.26.132.133:1234, 62.29.132.171:22, 68.84.68.139:1234, 68.97.74.52:1234, 77.122.194.92:1234, 77.165.149.42:22, 77.165.149.42:2222, 78.5.170.222:1234, 8.144.56.86:22, 90.249.182.105:1234, 98.23.28.8:22 and 98.23.28.8:2222 |
|
Process /tmp/nginx scanned port 2222 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and granted execution privileges 2 times |
Download and Allow Execution |
The file /tmp/php-fpm was downloaded and executed 24 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 5 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|