IP Address: 54.254.215.24Previously Malicious
IP Address: 54.254.215.24Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Listening SFTP Outgoing Connection 1 Shell Commands Access Suspicious Domain Download and Execute Successful SSH Login Port 22 Scan Service Creation SSH Download File Download and Allow Execution |
Associated Attack Servers |
IP Address |
54.254.215.24 |
|
Domain |
- |
|
ISP |
Amazon.com |
|
Country |
Singapore |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-19 |
Last seen in Akamai Guardicore Segmentation |
2022-03-19 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./.1994343289646751801/xinetd was downloaded |
Download File |
The file /root/.1994343289646751801/xinetd was downloaded and executed 43 times |
Download and Execute |
Process /root/.1994343289646751801/xinetd generated outgoing network traffic to: 100.139.70.87:22, 104.74.173.251:22, 105.65.143.92:22, 107.15.56.208:22, 116.54.5.93:22, 117.200.18.161:22, 118.85.178.197:22, 119.62.209.93:22, 122.129.87.107:22, 122.223.185.8:22, 129.212.189.123:22, 13.166.111.141:22, 130.242.17.155:22, 130.62.20.4:22, 131.200.63.207:22, 134.123.51.125:22, 135.62.4.55:22, 136.13.88.52:22, 137.220.45.219:22, 139.96.118.29:22, 142.150.78.32:22, 142.26.52.71:22, 142.38.121.167:22, 143.40.190.67:22, 144.71.195.168:22, 148.55.246.186:22, 148.88.26.140:22, 149.108.125.153:22, 149.247.203.118:22, 156.180.50.204:22, 158.1.137.210:22, 165.170.81.4:22, 169.172.177.130:22, 171.126.43.43:22, 171.242.218.98:22, 174.89.122.64:22, 179.182.242.83:22, 180.176.11.154:22, 182.132.122.248:22, 182.50.94.96:22, 183.199.189.95:22, 187.109.108.78:1919, 187.37.241.148:22, 190.121.17.250:1919, 191.153.183.66:22, 191.231.35.2:22, 192.129.173.89:22, 194.122.177.10:22, 194.161.87.25:22, 194.245.185.161:22, 195.211.20.77:22, 196.142.231.145:22, 20.243.216.94:22, 202.66.186.112:22, 204.82.101.212:22, 207.132.242.132:22, 209.180.219.74:22, 209.77.60.66:22, 21.157.186.230:22, 212.250.61.251:22, 216.158.224.187:22, 216.198.249.168:22, 220.4.78.159:22, 23.241.141.17:22, 25.104.177.37:22, 26.193.35.63:22, 28.254.234.172:22, 28.52.140.178:22, 32.210.114.203:22, 35.192.163.211:22, 36.127.103.1:22, 36.215.96.234:22, 38.245.243.32:22, 39.93.250.153:22, 4.121.102.226:22, 4.188.53.248:22, 40.190.15.206:22, 42.133.121.115:22, 43.43.183.38:22, 48.138.135.251:22, 5.91.215.154:22, 50.217.186.229:22, 51.195.60.71:1919, 53.241.95.12:22, 54.254.215.24:1919, 57.92.73.127:22, 62.213.53.101:22, 64.244.54.55:22, 67.24.159.121:22, 69.170.51.37:22, 71.207.42.253:22, 73.151.165.53:22, 78.181.30.156:22, 83.86.162.73:22, 87.235.113.196:22, 88.217.216.104:22, 91.18.121.159:22, 93.180.69.187:22, 93.246.198.83:22 and 98.54.18.0:22 |
Outgoing Connection |
Process /root/.1994343289646751801/xinetd attempted to access suspicious domains: ampernet.com.br and ip-51-195-60.eu |
Access Suspicious Domain Outgoing Connection |
Process /root/.1994343289646751801/xinetd scanned port 22 on 96 IP Addresses |
Port 22 Scan |
Process /root/.1994343289646751801/xinetd started listening on ports: 1919 |
Listening |
Service systemd-worker was created |
Service Creation |
Connection was closed due to timeout |
|
/root/.1994343289646751801/xinetd |
SHA256: 00411a05a7374d64ce8be4ef85999c1434d867cd8db46c38cd03f76072c91460 |
29986816 bytes |