IP Address: 130.61.107.198Previously Malicious
IP Address: 130.61.107.198Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Successful SSH Login SCP Download File SSH Download and Execute Download and Allow Execution Superuser Operation |
Associated Attack Servers |
cablevision.net.mx cloudfront.net ovo.sc 5.248.232.129 13.226.153.196 34.229.7.53 40.3.189.8 49.232.205.83 80.197.49.192 93.151.157.174 93.243.172.211 99.181.195.109 114.200.80.77 119.91.152.17 138.136.137.164 145.148.79.55 152.136.145.180 159.75.135.54 185.10.68.181 189.216.238.210 223.212.243.121 |
IP Address |
130.61.107.198 |
|
Domain |
- |
|
ISP |
Oracle Public Cloud |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-20 |
Last seen in Akamai Guardicore Segmentation |
2022-06-09 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/root/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/apache2 was downloaded and executed 186 times |
Download and Execute |
Process /root/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig generated outgoing network traffic to: 1.220.98.197:1234, 103.152.118.20:1234, 103.90.177.102:1234, 104.161.228.246:80, 104.161.228.246:8080, 104.21.25.86:443, 111.53.11.130:1234, 118.218.209.149:1234, 118.219.201.129:80, 118.219.201.129:8080, 118.41.204.72:1234, 123.132.238.210:1234, 142.213.214.205:80, 142.213.214.205:8080, 150.107.95.20:1234, 151.18.101.152:80, 151.18.101.152:8080, 156.80.232.1:80, 156.80.232.1:8080, 161.107.113.27:1234, 161.107.113.34:1234, 163.18.64.24:80, 163.18.64.24:8080, 166.68.157.8:80, 166.68.157.8:8080, 172.67.133.228:443, 172.96.179.148:80, 173.18.35.41:1234, 175.164.70.200:80, 175.164.70.200:8080, 177.11.17.23:80, 177.11.17.23:8080, 18.104.63.169:80, 18.104.63.169:8080, 182.39.30.85:80, 182.39.30.85:8080, 182.69.121.90:80, 182.69.121.90:8080, 189.58.237.233:80, 189.58.237.233:8080, 19.186.95.215:80, 19.186.95.215:8080, 190.12.120.30:1234, 191.242.188.103:1234, 202.238.157.193:80, 202.238.157.193:8080, 218.146.15.97:1234, 218.207.138.23:80, 218.207.138.23:8080, 22.245.44.85:80, 22.245.44.85:8080, 222.100.124.62:1234, 222.103.98.58:1234, 223.99.166.104:1234, 24.65.204.170:80, 24.65.204.170:8080, 243.128.16.37:80, 243.128.16.37:8080, 30.135.190.57:80, 30.135.190.57:8080, 39.147.185.84:80, 39.147.185.84:8080, 41.99.142.154:80, 41.99.142.154:8080, 42.48.186.73:80, 42.48.186.73:8080, 43.242.247.139:1234, 49.233.159.222:1234, 51.75.146.174:443, 53.175.1.216:80, 53.175.1.216:8080, 58.229.125.66:1234, 59.171.180.84:80, 59.171.180.84:8080, 61.203.95.3:80, 61.203.95.3:8080, 64.227.132.175:1234, 7.114.67.77:80, 7.114.67.77:8080, 76.110.243.66:80, 76.110.243.66:8080, 79.219.157.225:80, 82.149.112.170:1234, 85.105.82.39:1234, 89.169.132.121:80, 89.169.132.121:8080, 90.238.78.86:80, 90.238.78.86:8080 and 93.176.229.145:1234 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8087 and 8189 |
Listening |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/local/bin/dash was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|