IP Address: 46.101.2.179Previously Malicious
IP Address: 46.101.2.179Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Listening SSH Download and Execute 16 Shell Commands Successful SSH Login Port 1234 Scan Outgoing Connection Download and Allow Execution |
Associated Attack Servers |
avonet.cz internet.co.za ja.net orange-business.com ufcg.edu.br 5.26.221.186 13.92.247.241 24.158.63.182 41.74.222.2 45.32.128.117 50.239.104.243 52.3.229.58 60.253.116.46 62.150.121.251 81.170.214.154 100.0.197.18 107.172.90.18 114.7.145.103 118.34.230.4 122.51.48.52 141.241.27.254 146.97.137.134 150.165.60.105 156.155.179.14 161.139.68.245 175.24.57.194 190.252.54.66 211.21.175.42 211.110.184.22 217.112.162.10 |
IP Address |
46.101.2.179 |
|
Domain |
- |
|
ISP |
DigitalOcean |
|
Country |
United Kingdom |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2019-05-05 |
Last seen in Akamai Guardicore Segmentation |
2020-05-21 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
Process /usr/sbin/sshd scanned port 1234 on 18 IP Addresses |
Port 1234 Scan |
Process /root/nginx scanned port 1234 on 18 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 18 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 18 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 18 IP Addresses |
Port 1234 Scan |
Process /root/php-fpm scanned port 1234 on 18 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 18 IP Addresses |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 127 times |
Download and Execute |
Process /root/nginx started listening on ports: 1234 |
Listening |
Process /root/nginx generated outgoing network traffic to: 100.0.197.18:1234, 107.172.90.18:1234, 112.217.225.61:1234, 120.24.243.109:1234, 121.156.203.3:1234, 122.51.48.52:1234, 123.57.138.150:1234, 13.92.247.241:1234, 13.92.247.241:22, 161.139.68.245:1234, 198.100.146.76:1234, 218.93.239.44:1234, 45.32.128.117:1234, 46.101.2.179:1234, 46.101.2.179:22, 47.100.108.185:1234, 54.91.250.89:1234 and 57.100.69.129:1234 |
Outgoing Connection |
The file /root/php-fpm was downloaded and executed 56 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 10 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|