IP Address: 3.122.60.196Previously Malicious
IP Address: 3.122.60.196Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 2222 Scan 36 Shell Commands SSH Listening Port 22 Scan Outgoing Connection Access Suspicious Domain Successful SSH Login Download and Allow Execution Download and Execute |
Associated Attack Servers |
13.211.180.165 50.118.182.234 54.93.55.80 107.187.122.10 166.168.111.151 166.255.227.179 170.210.215.142 176.99.12.209 178.212.222.102 |
IP Address |
3.122.60.196 |
|
Domain |
- |
|
ISP |
Amazon.com |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-08-02 |
Last seen in Akamai Guardicore Segmentation |
2020-08-03 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 14 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 34 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 39 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig started listening on ports: 1234 |
Listening |
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 2 times |
Download and Execute |
Process /root/ifconfig generated outgoing network traffic to: 100.0.197.18:22, 100.248.79.234:22, 100.8.148.225:22, 100.8.148.225:2222, 102.202.11.32:2222, 110.137.123.136:22, 110.137.123.136:2222, 111.167.170.217:22, 111.167.170.217:2222, 112.182.202.88:2222, 123.65.239.128:2222, 125.34.160.19:2222, 131.166.171.109:2222, 136.207.177.149:22, 136.207.177.149:2222, 139.199.163.77:1234, 142.137.61.206:22, 153.26.78.54:22, 153.26.78.54:2222, 17.167.129.49:22, 17.206.159.7:2222, 170.24.171.38:22, 170.24.171.38:2222, 175.203.97.162:2222, 181.46.67.121:2222, 187.184.6.135:22, 187.184.6.135:2222, 20.166.75.253:22, 204.207.191.98:22, 204.207.191.98:2222, 207.159.22.129:22, 217.122.81.67:22, 217.122.81.67:2222, 218.93.239.44:1234, 22.142.233.244:22, 22.142.233.244:2222, 22.90.74.207:22, 22.90.74.207:2222, 24.170.228.11:22, 24.170.228.11:2222, 242.69.67.99:22, 246.125.208.171:22, 249.157.197.143:2222, 251.153.197.169:22, 251.153.197.169:2222, 3.122.60.196:1234, 33.59.233.4:22, 37.199.152.123:22, 37.199.152.123:2222, 40.52.79.160:22, 40.52.79.160:2222, 42.137.107.132:22, 42.137.107.132:2222, 44.42.203.210:22, 44.42.203.210:2222, 5.240.167.116:22, 51.75.31.39:1234, 54.93.55.80:1234, 55.223.93.45:22, 55.223.93.45:2222, 55.41.10.75:22, 63.233.73.28:22, 63.233.73.28:2222, 66.165.191.69:2222, 66.203.249.237:22, 66.203.249.237:2222, 72.141.51.175:22, 74.17.122.196:22, 74.17.122.196:2222, 84.6.171.26:22, 85.83.57.7:2222, 88.142.232.95:22, 89.4.246.95:22, 91.229.88.40:22, 91.229.88.40:2222, 96.150.172.185:22 and 96.150.172.185:2222 |
Outgoing Connection |
The file /root/ifconfig was downloaded and executed 12 times |
Download and Execute |
The file /root/nginx was downloaded and executed 47 times |
Download and Execute |
Process /root/ifconfig attempted to access suspicious domains: ip-51-75-31.eu |
Access Suspicious Domain Outgoing Connection |
Process /root/ifconfig scanned port 2222 on 34 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /root/ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /root/nginx was downloaded and executed 73 times |
Download and Execute |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 6 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|