IP Address: 60.253.116.46Previously Malicious
IP Address: 60.253.116.46Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
28 Shell Commands Listening Port 2222 Scan Download and Allow Execution Port 22 Scan SSH Download and Execute Successful SSH Login Log Tampering |
Associated Attack Servers |
121.201.61.205 albacom.net avonet.cz jalawave.net.id ono.com orange-business.com shadwell.com.pa ss-cloudfront.co thenetworkfactory.nl ufcg.edu.br 3.17.188.16 5.26.221.186 11.139.19.27 13.92.247.241 14.37.111.114 36.107.206.10 43.172.191.9 45.32.128.117 45.143.136.213 45.249.92.58 46.101.2.179 47.91.87.67 47.240.81.242 50.200.136.84 50.200.136.114 50.206.25.111 50.239.104.242 50.239.104.243 54.91.250.89 61.43.208.154 62.150.121.251 73.254.114.94 87.173.239.128 89.140.7.1 93.117.225.197 100.0.197.18 103.81.134.2 103.233.122.94 104.244.76.33 |
IP Address |
60.253.116.46 |
|
Domain |
- |
|
ISP |
PT. Jalawave Cakrawala |
|
Country |
Indonesia |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-09 |
Last seen in Akamai Guardicore Segmentation |
2020-05-26 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
Log File Tampering detected from /bin/bash |
Log Tampering |
The file /var/log/ifconfig was downloaded and granted execution privileges |
Download and Allow Execution |
Log File Tampering detected from /bin/cat on the following logs: /var/log/ifconfig |
Log Tampering |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 7 times |
Successful SSH Login |
The file /root/ifconfig was downloaded and granted execution privileges |
|
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /var/tmp/nginx was downloaded and executed 16 times |
Download and Execute |
Process /var/tmp/ifconfig scanned port 22 on 47 IP Addresses |
Port 22 Scan |
Process /tmp/nginx scanned port 22 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 22 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/nginx scanned port 2222 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /var/tmp/ifconfig started listening on ports: 1234 |
Listening |
The file /tmp/ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 133 times |
Download and Execute |
Process /tmp/nginx started listening on ports: 1234 |
Listening |
Process /tmp/nginx generated outgoing network traffic to: 100.106.187.35:22, 100.106.187.35:2222, 100.165.181.201:2222, 100.38.105.226:22, 100.38.105.226:2222, 105.193.215.199:22, 105.193.215.199:2222, 108.215.43.94:2222, 109.162.220.206:22, 11.72.32.209:22, 11.72.32.209:2222, 112.208.185.76:2222, 121.221.173.81:2222, 123.51.42.102:2222, 123.69.123.10:22, 123.69.123.10:2222, 134.204.184.235:22, 134.204.184.235:2222, 137.71.70.60:22, 138.186.64.113:2222, 141.48.217.82:22, 141.48.217.82:2222, 15.71.87.246:2222, 155.100.162.167:22, 155.100.162.167:2222, 158.61.236.43:22, 158.61.236.43:2222, 160.66.93.49:22, 160.66.93.49:2222, 168.14.213.141:22, 173.27.76.168:22, 178.244.235.195:22, 178.244.235.195:2222, 191.166.222.175:22, 191.166.222.175:2222, 197.155.140.191:22, 198.80.204.59:22, 198.80.204.59:2222, 199.194.214.215:22, 199.194.214.215:2222, 206.178.80.241:22, 206.178.80.241:2222, 209.177.25.97:22, 214.156.106.79:22, 242.78.171.158:22, 242.78.171.158:2222, 243.89.168.60:22, 243.89.168.60:2222, 253.132.108.111:22, 253.132.108.111:2222, 253.84.249.203:22, 253.84.249.203:2222, 26.7.41.252:22, 26.7.41.252:2222, 27.102.50.236:22, 27.102.50.236:2222, 29.70.128.93:22, 3.116.181.62:22, 31.112.15.212:22, 33.194.3.89:22, 33.194.3.89:2222, 42.212.56.1:22, 42.91.87.193:22, 53.146.222.2:22, 53.146.222.2:2222, 55.16.123.160:2222, 6.28.31.28:22, 65.141.98.209:2222, 65.34.161.36:22, 67.163.203.11:22, 67.236.10.80:22, 67.236.10.80:2222, 7.39.89.212:22, 74.34.92.95:22, 74.34.92.95:2222, 75.240.72.205:22, 75.240.72.205:2222, 89.130.117.109:22, 89.130.117.109:2222, 9.39.21.164:22, 91.105.95.204:22, 93.14.211.136:2222, 95.109.218.86:22 and 95.109.218.86:2222 |
|
Process /tmp/nginx scanned port 2222 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 15 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 24 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 19 times |
Download and Execute |
Connection was closed due to timeout |
|