IP Address: 45.249.92.58Previously Malicious
IP Address: 45.249.92.58Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SSH Download and Allow Execution Successful SSH Login 22 Shell Commands Listening Port 2222 Scan Download and Execute Port 1234 Scan |
Associated Attack Servers |
albacom.net cable.net.co jalawave.net.id ja.net kcell.kz orange-business.com shadwell.com.pa ss-cloudfront.co 2.78.61.194 5.26.254.49 13.57.226.95 14.37.111.114 18.202.242.7 18.222.214.151 45.32.128.117 45.84.196.108 45.143.136.213 47.91.87.67 47.240.81.242 50.222.16.235 50.239.104.242 50.239.104.243 54.91.250.89 54.193.61.106 58.59.125.11 59.31.240.42 60.253.116.46 61.43.208.154 62.150.121.251 73.254.114.94 85.37.147.81 100.0.197.18 100.2.131.143 106.250.176.21 107.172.90.18 114.7.145.103 118.34.230.4 |
IP Address |
45.249.92.58 |
|
Domain |
- |
|
ISP |
Qinglong Road,Longhua New area,Shenzhen China |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-21 |
Last seen in Akamai Guardicore Segmentation |
2020-06-07 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/nginx was downloaded and executed 18 times |
Download and Execute |
Process /root/nginx scanned port 1234 on 12 IP Addresses |
Port 1234 Scan Port 22 Scan |
Process /root/nginx scanned port 1234 on 40 IP Addresses |
Port 1234 Scan Port 22 Scan |
Process /root/nginx scanned port 22 on 12 IP Addresses |
Port 1234 Scan Port 22 Scan |
Process /bin/bash scanned port 1234 on 12 IP Addresses |
Port 1234 Scan |
Process /tmp/ifconfig scanned port 1234 on 12 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 1234 on 40 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 1234 on 34 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 22 on 12 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 2222 on 12 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /bin/nc.openbsd scanned port 1234 on 12 IP Addresses 3 times |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 12 IP Addresses |
Port 1234 Scan |
Process /root/nginx scanned port 22 on 40 IP Addresses |
Port 1234 Scan Port 22 Scan |
Process /tmp/ifconfig scanned port 22 on 40 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 22 on 34 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 2222 on 40 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/nginx started listening on ports: 1234 |
Listening |
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 122 times |
Download and Execute |
Process /tmp/ifconfig started listening on ports: 1234 |
Listening |
Process /tmp/ifconfig generated outgoing network traffic to: 1.109.57.188:22, 102.125.217.230:22, 102.125.217.230:2222, 112.217.225.61:1234, 114.2.154.190:22, 114.2.154.190:2222, 114.57.175.70:22, 12.234.91.165:1234, 122.51.48.52:1234, 126.40.82.47:22, 128.57.156.182:22, 128.57.156.182:2222, 139.41.144.68:22, 146.20.74.4:2222, 150.198.106.246:2222, 159.145.163.94:2222, 159.72.169.133:22, 16.240.203.134:22, 16.240.203.134:2222, 163.41.1.202:2222, 166.168.111.151:1234, 169.150.18.59:22, 169.150.18.59:2222, 175.24.91.223:22, 175.24.91.223:2222, 176.196.167.76:22, 176.196.167.76:2222, 176.26.74.15:22, 176.26.74.15:2222, 184.124.84.81:22, 196.91.34.46:22, 196.91.34.46:2222, 205.223.107.115:22, 205.223.107.115:2222, 205.30.53.207:22, 205.30.53.207:2222, 209.45.115.50:22, 209.45.115.50:2222, 216.94.58.123:22, 218.93.239.44:1234, 22.72.159.100:22, 221.156.247.228:2222, 223.71.209.245:2222, 23.52.59.98:22, 240.202.219.122:22, 240.202.219.122:2222, 245.108.180.29:22, 245.108.180.29:2222, 246.181.41.200:2222, 248.225.52.54:22, 248.225.52.54:2222, 249.74.78.169:22, 249.74.78.169:2222, 26.107.27.87:22, 26.25.175.239:22, 3.4.46.243:22, 3.4.46.243:2222, 42.21.171.252:22, 42.86.24.231:22, 42.86.24.231:2222, 47.100.108.185:1234, 47.91.87.67:1234, 48.89.144.68:2222, 50.250.21.164:1234, 55.69.94.53:22, 55.69.94.53:2222, 56.180.111.202:22, 56.180.111.202:2222, 67.131.247.169:2222, 68.78.50.50:22, 68.78.50.50:2222, 70.203.44.36:22, 70.203.44.36:2222, 73.254.114.94:1234, 75.222.148.202:22, 75.222.148.202:2222, 81.133.93.248:22, 86.157.164.54:22, 86.157.164.54:2222, 86.219.193.34:22, 86.219.193.34:2222, 93.61.61.105:1234 and 96.50.30.156:22 |
|
Process /tmp/ifconfig scanned port 2222 on 34 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 6 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 12 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 10 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 9 times |
Download and Execute |
Connection was closed due to timeout |
|