IP Address: 161.139.68.245Previously Malicious
IP Address: 161.139.68.245Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SSH Download and Allow Execution Successful SSH Login System File Modification Listening Port 2222 Scan 13 Shell Commands Download and Execute Port 1234 Scan |
Associated Attack Servers |
121.201.61.205 albacom.net avonet.cz gvt.net.br internet.co.za ja.net kcell.kz orange-business.com shadwell.com.pa ss-cloudfront.co ufcg.edu.br 190.144.241.156 150.165.60.105 124.119.89.249 125.71.208.39 5.26.254.49 3.88.203.1 172.104.226.235 196.189.91.162 45.249.92.58 54.91.250.89 190.85.1.105 13.124.214.6 34.218.227.40 94.191.15.40 50.222.16.235 50.239.104.242 103.127.80.9 93.61.61.105 103.81.134.2 94.20.64.202 50.200.136.84 3.219.216.198 190.14.221.33 24.158.63.182 148.70.242.55 50.206.25.111 172.105.92.28 218.151.100.195 190.144.42.33 60.253.116.46 |
IP Address |
161.139.68.245 |
|
Domain |
- |
|
ISP |
Universiti Teknologi Malaysia |
|
Country |
Malaysia |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-07 |
Last seen in Akamai Guardicore Segmentation |
2020-06-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
Process /usr/sbin/sshd scanned port 1234 on 10 IP Addresses |
Port 1234 Scan |
Process /etc/ifconfig scanned port 1234 on 10 IP Addresses |
Port 1234 Scan Port 22 Scan |
Process /etc/ifconfig scanned port 22 on 10 IP Addresses |
Port 1234 Scan Port 22 Scan |
Process /etc/ifconfig scanned port 1234 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan |
Process /usr/sbin/sshd scanned port 1234 on 10 IP Addresses |
Port 1234 Scan |
Process /nginx scanned port 1234 on 10 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /nginx scanned port 22 on 10 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /nginx scanned port 2222 on 10 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /nginx scanned port 1234 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /nginx scanned port 1234 on 37 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /usr/sbin/sshd scanned port 1234 on 10 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 10 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 10 IP Addresses |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 3 times |
Successful SSH Login |
The file /etc/ifconfig was downloaded and executed 7 times |
Download and Execute |
System file /etc/nginx was modified 4 times |
System File Modification |
Process /etc/ifconfig scanned port 22 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan |
Process /nginx scanned port 22 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /nginx scanned port 2222 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /nginx scanned port 22 on 37 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /etc/nginx was downloaded and executed 8 times |
Download and Execute |
Process /etc/ifconfig started listening on ports: 1234 |
Listening |
The file /ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /nginx was downloaded and executed 126 times |
Download and Execute |
Process /nginx started listening on ports: 1234 |
Listening |
Process /nginx generated outgoing network traffic to: 1.235.188.175:22, 1.235.188.175:2222, 104.196.243.26:22, 104.196.243.26:2222, 107.172.90.18:1234, 109.26.186.2:22, 113.158.119.250:2222, 113.72.130.126:2222, 117.202.187.152:22, 117.202.187.152:2222, 119.57.67.113:22, 119.57.67.113:2222, 12.31.214.30:22, 12.31.214.30:2222, 124.219.157.33:22, 128.130.112.64:2222, 129.192.159.187:22, 129.192.159.187:2222, 134.108.23.167:22, 139.199.163.77:1234, 142.33.2.62:22, 15.86.94.221:22, 15.86.94.221:2222, 16.58.173.39:2222, 166.168.111.151:1234, 166.35.145.64:2222, 176.139.8.11:1234, 18.66.196.174:2222, 181.112.71.25:22, 181.112.71.25:2222, 184.245.212.138:22, 184.97.188.140:22, 188.111.27.92:2222, 199.154.206.177:22, 203.75.194.239:22, 203.75.194.239:2222, 206.227.244.36:22, 206.227.244.36:2222, 207.195.173.177:2222, 219.214.197.64:22, 219.214.197.64:2222, 22.16.93.162:22, 22.16.93.162:2222, 221.16.186.30:22, 223.25.67.117:1234, 23.88.4.32:22, 23.88.4.32:2222, 245.46.163.183:22, 245.46.163.183:2222, 246.191.181.98:22, 246.191.181.98:2222, 248.175.117.29:2222, 248.86.248.167:22, 248.86.248.167:2222, 251.182.151.8:2222, 29.131.17.252:22, 34.155.62.63:2222, 35.202.224.120:2222, 40.70.70.54:22, 44.133.175.19:22, 47.100.108.185:1234, 49.93.184.82:2222, 52.78.91.60:1234, 57.100.69.129:1234, 57.229.202.148:22, 57.229.202.148:2222, 6.161.4.137:2222, 67.177.159.243:22, 67.177.159.243:2222, 7.79.103.172:22, 74.39.170.223:22, 76.145.217.253:22, 76.145.217.253:2222, 81.186.4.160:22, 81.186.4.160:2222, 81.65.99.232:22, 81.65.99.232:2222, 84.44.72.192:22, 84.44.72.192:2222, 90.191.20.229:22, 90.191.20.229:2222 and 91.123.212.59:22 |
|
Process /nginx scanned port 2222 on 37 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /php-fpm was downloaded and executed 35 times |
Download and Execute |
The file /php-fpm was downloaded and executed 3 times |
Download and Execute |
The file /php-fpm was downloaded and executed 18 times |
Download and Execute |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|