IP Address: 68.84.68.139Previously Malicious
IP Address: 68.84.68.139Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SSH Download and Allow Execution Successful SSH Login System File Modification Listening 18 Shell Commands Port 2222 Scan Download and Execute Port 1234 Scan |
Associated Attack Servers |
gvt.net.br kcell.kz orange-business.com 2.78.61.194 3.219.216.198 5.26.221.186 18.162.120.237 18.162.200.166 34.218.227.40 41.228.22.107 47.91.87.67 50.233.209.202 52.175.252.75 52.231.188.167 59.26.132.133 73.144.18.16 90.249.182.105 93.61.59.232 100.0.197.18 111.20.56.244 113.15.114.151 121.156.203.3 121.186.122.216 122.51.48.52 139.229.40.232 161.139.68.245 166.168.111.151 177.135.103.54 218.146.128.93 |
IP Address |
68.84.68.139 |
|
Domain |
- |
|
ISP |
Comcast Cable |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-06-07 |
Last seen in Akamai Guardicore Segmentation |
2020-06-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 5 times |
Successful SSH Login |
The file /root/ifconfig was downloaded and granted execution privileges |
|
The file /etc/ifconfig was downloaded and executed 7 times |
Download and Execute |
System file /etc/nginx was modified 4 times |
System File Modification |
Process /usr/sbin/sshd scanned port 1234 on 10 IP Addresses |
Port 1234 Scan |
Process /etc/ifconfig scanned port 1234 on 10 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 1234 on 44 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 1234 on 39 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 22 on 10 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 2222 on 10 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /bin/bash scanned port 1234 on 10 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 10 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 10 IP Addresses |
Port 1234 Scan |
Process /etc/ifconfig scanned port 22 on 44 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 22 on 39 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig scanned port 2222 on 44 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /etc/ifconfig started listening on ports: 1234 |
Listening |
The file /etc/nginx was downloaded and executed 109 times |
Download and Execute |
Process /etc/ifconfig generated outgoing network traffic to: 101.195.46.192:22, 109.183.115.192:22, 109.183.115.192:2222, 116.84.247.124:22, 116.84.247.124:2222, 118.131.196.45:22, 118.131.196.45:2222, 12.92.246.213:22, 121.155.49.93:1234, 121.156.203.3:1234, 129.203.39.196:22, 129.203.39.196:2222, 13.90.45.216:1234, 131.145.35.233:22, 131.145.35.233:2222, 139.199.163.77:1234, 14.54.245.220:1234, 140.127.211.177:1234, 146.162.39.218:22, 146.162.39.218:2222, 147.100.143.227:22, 147.36.60.101:22, 148.220.11.8:2222, 153.188.99.165:22, 153.188.99.165:2222, 154.106.251.217:22, 160.51.126.93:2222, 161.139.68.245:1234, 164.13.112.81:22, 164.64.20.125:22, 164.64.20.125:2222, 171.14.181.89:22, 171.14.181.89:2222, 171.189.21.233:22, 171.189.21.233:2222, 172.105.92.28:1234, 176.2.157.186:22, 176.2.157.186:2222, 186.193.188.113:2222, 188.109.198.210:2222, 189.53.2.159:22, 190.14.60.114:2222, 196.85.71.18:22, 196.85.71.18:2222, 2.201.202.41:2222, 203.179.133.239:22, 203.179.133.239:2222, 203.98.56.125:22, 21.114.195.148:22, 21.114.195.148:2222, 210.64.43.80:22, 22.93.6.29:22, 240.82.239.102:2222, 249.14.31.106:2222, 25.233.68.184:22, 25.233.68.184:2222, 251.69.42.37:22, 251.69.42.37:2222, 31.155.131.189:22, 31.155.131.189:2222, 40.16.131.59:22, 40.16.131.59:2222, 42.112.185.53:22, 42.112.185.53:2222, 44.207.174.239:22, 44.207.174.239:2222, 5.156.139.231:22, 5.156.139.231:2222, 5.159.127.146:2222, 6.250.233.191:2222, 63.200.99.171:22, 7.86.49.42:22, 70.110.44.11:22, 70.110.44.11:2222, 70.149.240.229:22, 79.231.193.179:22, 83.249.3.229:22, 83.249.3.229:2222, 87.207.73.9:22, 9.123.232.108:22, 9.123.232.108:2222, 91.75.212.144:22, 91.75.212.144:2222, 92.107.223.166:22, 92.107.223.166:2222, 94.102.75.204:2222, 97.145.30.68:22, 97.145.30.68:2222, 99.234.215.82:22 and 99.234.215.82:2222 |
|
Process /etc/ifconfig scanned port 2222 on 39 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 5 times |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 8 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 10 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed 8 times |
Download and Execute |
The file /etc/php-fpm was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|