IP Address: 46.105.83.253Previously Malicious
IP Address: 46.105.83.253Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan Port 80 Scan Successful SSH Login 9 Shell Commands SCP Download File SSH Listening Outgoing Connection Port 8080 Scan Superuser Operation |
Associated Attack Servers |
5.188.159.210 23.224.88.50 104.140.201.42 104.140.244.186 106.126.14.181 107.178.104.10 139.99.131.116 192.110.160.114 |
IP Address |
46.105.83.253 |
|
Domain |
- |
|
ISP |
OVH SAS |
|
Country |
France |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-05-11 |
Last seen in Akamai Guardicore Segmentation |
2022-05-15 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 scanned port 1234 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /dev/shm/apache2 started listening on ports: 1234, 8080 and 8189 |
Listening |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.131.137.104:80, 1.131.137.104:8080, 101.42.90.177:1234, 103.90.177.102:1234, 104.21.25.86:443, 109.27.232.193:80, 109.27.232.193:8080, 112.235.28.56:80, 112.235.28.56:8080, 114.24.165.82:80, 114.24.165.82:8080, 120.236.79.182:1234, 130.34.96.157:80, 130.34.96.157:8080, 139.141.43.148:80, 139.141.43.148:8080, 139.209.222.134:1234, 140.197.81.47:80, 140.197.81.47:8080, 140.64.123.75:80, 140.64.123.75:8080, 147.146.85.167:80, 147.146.85.167:8080, 17.12.9.176:80, 17.12.9.176:8080, 172.67.133.228:443, 182.224.177.56:1234, 183.213.26.13:1234, 185.210.144.122:1234, 189.105.128.14:80, 189.105.128.14:8080, 190.170.154.178:80, 190.170.154.178:8080, 191.242.182.210:1234, 191.242.188.103:1234, 197.207.114.91:80, 197.207.114.91:8080, 202.209.227.147:80, 202.209.227.147:8080, 202.61.203.229:1234, 210.143.106.91:80, 210.143.106.91:8080, 210.99.20.194:1234, 212.57.36.20:1234, 218.146.15.97:1234, 222.103.98.58:1234, 222.121.63.87:1234, 222.134.240.92:1234, 223.171.91.149:1234, 223.171.91.160:1234, 24.80.9.54:80, 24.80.9.54:8080, 246.35.47.18:80, 25.225.159.216:80, 25.225.159.216:8080, 31.130.145.166:80, 31.130.145.166:8080, 31.19.237.170:1234, 32.5.215.10:80, 32.5.215.10:8080, 44.19.139.209:80, 44.19.139.209:8080, 51.75.146.174:443, 52.131.32.110:1234, 55.46.127.139:80, 55.46.127.139:8080, 59.30.142.147:80, 59.30.142.147:8080, 62.12.106.5:1234, 62.88.24.162:80, 62.88.24.162:8080, 68.104.171.207:80, 68.104.171.207:8080, 69.90.113.234:80, 69.90.113.234:8080, 75.167.126.87:80, 75.167.126.87:8080, 75.57.17.125:80, 75.57.17.125:8080, 78.50.104.85:80, 78.50.104.85:8080, 80.147.162.151:1234, 82.142.88.5:80, 82.142.88.5:8080, 82.66.5.84:1234, 84.213.161.36:80, 84.213.161.36:8080, 85.105.82.39:1234, 89.212.123.191:1234 and 9.221.222.100:80 |
Outgoing Connection |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
/tmp/ifconfig was downloaded |
Download File |
./ifconfig was downloaded |
Download File |
The file /var/tmp/ifconfig was downloaded and granted execution privileges |
|
/etc/ifconfig was downloaded |
Download File |
Connection was closed due to timeout |
|
/root/ifconfig |
SHA256: 2946b1a4c6e8201bd15f5dc11e5016b1b379ba701f481053eeb9d3f7b75c1c15 |
1343488 bytes |
/var/tmp/..../.nva/cnrig |
SHA256: f72babf978d8b86a75e3b34f59d4fc6464dc988720d1574a781347896c2989c7 |
8010704 bytes |