IP Address: 68.97.74.52Previously Malicious
IP Address: 68.97.74.52Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SSH Download and Allow Execution Successful SSH Login 18 Shell Commands Listening Port 2222 Scan Download and Execute Port 1234 Scan |
Associated Attack Servers |
13.211.234.149 13.238.218.177 45.143.136.213 73.254.114.94 90.249.102.111 100.0.197.18 103.250.228.189 122.51.48.52 166.168.111.151 199.168.253.219 |
IP Address |
68.97.74.52 |
|
Domain |
- |
|
ISP |
Cox Communications |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-06-06 |
Last seen in Akamai Guardicore Segmentation |
2020-06-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 8 times |
Download and Execute |
The file /root/nginx was downloaded and executed 153 times |
Download and Execute |
Process /root/ifconfig scanned port 1234 on 14 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 14 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 14 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 1234 on 40 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 40 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 40 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 1234 on 39 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 39 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /usr/sbin/sshd scanned port 1234 on 14 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 14 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 14 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 14 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig started listening on ports: 1234 |
Listening |
Process /root/ifconfig generated outgoing network traffic to: 103.216.148.185:22, 103.216.148.185:2222, 111.186.79.234:2222, 111.32.77.136:22, 111.32.77.136:2222, 114.125.136.94:22, 114.125.136.94:2222, 114.217.179.49:1234, 117.83.113.162:22, 117.83.113.162:2222, 119.81.140.226:2222, 12.165.9.56:22, 12.165.9.56:2222, 120.24.243.109:1234, 121.155.49.93:1234, 123.231.141.102:1234, 13.80.148.182:1234, 130.46.75.203:22, 130.8.92.74:22, 130.8.92.74:2222, 132.228.165.4:2222, 132.61.151.8:2222, 134.212.71.112:2222, 135.56.126.227:2222, 138.14.128.126:22, 138.14.128.126:2222, 139.139.107.101:22, 139.198.191.245:1234, 139.199.163.77:1234, 14.19.108.51:22, 14.19.108.51:2222, 140.127.211.177:1234, 146.183.176.203:2222, 15.119.253.113:2222, 150.37.129.180:22, 156.153.115.94:2222, 158.242.75.251:22, 158.242.75.251:2222, 159.190.23.28:22, 159.52.93.40:2222, 161.139.68.245:1234, 176.252.137.11:22, 18.138.238.88:1234, 182.110.94.218:22, 182.110.94.218:2222, 190.196.105.48:22, 196.39.56.180:22, 196.39.56.180:2222, 20.89.106.38:22, 20.89.106.38:2222, 205.6.57.113:22, 205.6.57.113:2222, 21.119.60.97:22, 21.164.31.101:22, 21.164.31.101:2222, 22.56.230.83:22, 22.56.230.83:2222, 22.71.35.10:22, 22.71.35.10:2222, 222.234.208.213:2222, 246.47.251.248:22, 246.47.251.248:2222, 246.73.165.208:22, 246.73.165.208:2222, 249.102.24.184:22, 249.102.24.184:2222, 36.198.244.77:22, 37.26.108.33:22, 4.21.23.43:22, 4.21.23.43:2222, 61.142.253.134:22, 61.142.253.134:2222, 64.154.13.234:22, 64.154.13.234:2222, 66.131.203.6:2222, 68.84.68.139:1234, 72.212.245.135:22, 72.212.245.135:2222, 73.254.114.94:1234, 74.34.157.93:22, 75.51.156.175:22, 75.51.156.175:2222, 77.138.9.65:22, 77.138.9.65:2222, 8.147.96.33:22, 8.147.96.33:2222, 83.49.90.133:22, 83.49.90.133:2222, 92.46.93.79:22 and 99.145.66.94:22 |
|
Process /root/ifconfig scanned port 2222 on 39 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /root/php-fpm was downloaded and executed 38 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 22 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 40 times |
Download and Execute |
The file /root/php-fpm was downloaded and granted execution privileges |
Download and Allow Execution |
The file /root/php-fpm was downloaded and executed 3 times |
Download and Execute |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|