IP Address: 220.77.145.80Previously Malicious
IP Address: 220.77.145.80Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan 10 Shell Commands SSH Download and Allow Execution Successful SSH Login Listening Port 2222 Scan Download and Execute |
Associated Attack Servers |
31.15.241.181 34.84.213.136 73.254.114.94 103.127.80.9 111.93.117.178 113.15.114.151 |
IP Address |
220.77.145.80 |
|
Domain |
- |
|
ISP |
Korea Telecom |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2018-05-06 |
Last seen in Akamai Guardicore Segmentation |
2020-06-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 124 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 40 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 40 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 50 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig started listening on ports: 1234 |
Listening |
Process /root/ifconfig generated outgoing network traffic to: 1.188.107.68:22, 1.188.107.68:2222, 113.107.14.9:2222, 115.115.241.180:2222, 116.161.165.138:2222, 121.93.239.82:22, 121.93.239.82:2222, 128.187.16.11:22, 128.187.16.11:2222, 13.59.134.229:22, 13.59.134.229:2222, 137.225.44.136:2222, 14.147.209.240:22, 14.147.209.240:2222, 141.62.148.8:22, 141.62.148.8:2222, 144.198.130.139:22, 144.198.130.139:2222, 146.43.20.78:2222, 147.232.201.126:22, 148.31.27.252:2222, 155.242.212.202:22, 155.242.212.202:2222, 158.202.232.2:2222, 163.27.31.211:22, 17.99.116.98:2222, 171.238.63.115:22, 171.238.63.115:2222, 172.133.103.53:22, 172.133.103.53:2222, 172.157.227.4:2222, 172.234.64.11:22, 172.234.64.11:2222, 177.223.237.99:2222, 178.45.173.217:2222, 183.138.89.227:22, 188.40.173.86:22, 190.176.208.110:2222, 190.181.174.44:22, 190.181.174.44:2222, 191.121.230.229:22, 191.121.230.229:2222, 197.90.26.237:22, 198.252.22.15:22, 198.252.22.15:2222, 20.189.157.48:22, 20.189.157.48:2222, 202.177.80.235:22, 202.177.80.235:2222, 21.181.97.183:22, 212.110.209.198:22, 212.110.209.198:2222, 240.168.72.3:22, 240.168.72.3:2222, 245.5.26.64:22, 245.5.26.64:2222, 245.69.103.219:22, 245.69.103.219:2222, 249.104.248.60:22, 249.104.248.60:2222, 25.120.181.179:22, 29.77.32.201:2222, 3.142.169.31:22, 3.142.169.31:2222, 34.118.82.99:2222, 43.133.142.87:22, 43.133.142.87:2222, 46.152.58.52:2222, 46.187.84.108:22, 46.187.84.108:2222, 48.125.236.115:2222, 53.210.202.225:22, 53.210.202.225:2222, 53.242.246.42:22, 53.242.246.42:2222, 56.154.215.222:2222, 58.129.86.147:2222, 61.245.103.150:22, 61.77.178.207:22, 61.77.178.207:2222, 62.252.200.33:2222, 74.172.139.90:22, 74.172.139.90:2222, 77.188.203.132:22, 77.188.203.132:2222, 93.22.235.215:22, 93.22.235.215:2222, 95.100.251.184:22 and 95.100.251.184:2222 |
|
Process /root/ifconfig scanned port 2222 on 50 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /root/php-fpm was downloaded and executed 20 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 21 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 12 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 28 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /root/php-fpm was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|