IP Address: 45.84.196.108Previously Malicious
IP Address: 45.84.196.108Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan Access Suspicious Domain SSH Download and Allow Execution Successful SSH Login System File Modification 18 Shell Commands Listening Port 2222 Scan Download and Execute Outgoing Connection |
Associated Attack Servers |
2.78.61.194 45.249.92.58 47.91.87.67 121.156.203.3 145.14.157.171 |
IP Address |
45.84.196.108 |
|
Domain |
- |
|
ISP |
- |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-06-04 |
Last seen in Akamai Guardicore Segmentation |
2020-06-05 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
System file /etc/ifconfig was modified 4 times |
System File Modification |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
System file /etc/nginx was modified 4 times |
System File Modification |
Process /etc/ifconfig scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 22 on 41 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /etc/nginx was downloaded and executed 125 times |
Download and Execute |
Process /etc/ifconfig started listening on ports: 1234 |
Listening |
Process /etc/ifconfig generated outgoing network traffic to: 100.189.241.195:22, 100.189.241.195:2222, 101.33.113.15:22, 102.144.182.15:2222, 104.132.81.187:22, 105.147.165.50:2222, 115.242.4.252:22, 115.242.4.252:2222, 121.156.203.3:1234, 122.145.233.225:22, 131.33.189.166:2222, 137.66.63.180:22, 137.66.63.180:2222, 145.14.157.171:1234, 146.170.159.44:22, 148.45.179.164:22, 148.45.179.164:2222, 151.39.204.71:2222, 154.123.23.150:22, 154.123.23.150:2222, 155.211.249.118:22, 155.211.249.118:2222, 158.104.191.28:22, 158.104.191.28:2222, 162.13.4.166:22, 163.155.157.170:22, 163.155.157.170:2222, 170.12.36.192:22, 170.12.36.192:2222, 170.55.107.42:2222, 182.182.101.40:22, 182.182.101.40:2222, 182.237.29.248:22, 182.237.29.248:2222, 182.49.163.180:22, 186.114.104.124:22, 186.114.104.124:2222, 186.160.122.238:2222, 194.135.197.45:22, 194.144.244.139:22, 194.144.244.139:2222, 195.125.139.146:22, 195.125.139.146:2222, 2.78.61.194:1234, 202.185.77.2:22, 203.97.104.252:22, 206.46.178.22:22, 206.46.178.22:2222, 207.125.149.217:2222, 213.247.58.150:22, 213.247.58.150:2222, 213.61.195.247:22, 216.44.23.19:22, 216.44.23.19:2222, 22.16.233.83:22, 22.16.233.83:2222, 240.114.114.208:22, 240.216.238.53:22, 240.216.238.53:2222, 240.246.108.114:22, 246.69.59.1:22, 35.151.233.249:2222, 37.98.67.63:2222, 40.80.112.195:22, 40.80.112.195:2222, 44.202.219.14:22, 44.202.219.14:2222, 45.84.196.108:1234, 47.91.87.67:1234, 51.75.31.39:1234, 55.166.86.20:22, 55.166.86.20:2222, 57.100.69.129:1234, 60.63.113.9:2222, 61.242.154.153:22, 68.191.216.104:22, 68.191.216.104:2222, 7.28.87.193:2222, 7.85.193.165:22, 7.85.193.165:2222, 72.9.248.245:2222, 76.109.52.172:22, 76.109.52.172:2222, 8.185.219.78:2222, 83.60.135.197:22, 92.59.5.209:22, 92.59.5.209:2222, 98.140.138.24:2222, 99.216.103.184:22 and 99.216.103.184:2222 |
Outgoing Connection |
Process /etc/ifconfig attempted to access suspicious domains: ip-51-75-31.eu |
Access Suspicious Domain Outgoing Connection |
Process /etc/ifconfig scanned port 2222 on 41 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
The file /root/ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /root/nginx was downloaded and executed 7 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 8 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 17 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 7 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|