IP Address: 60.172.206.11Previously Malicious
IP Address: 60.172.206.11Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
38 Shell Commands Port 2222 Scan SSH Listening Port 22 Scan Outgoing Connection Successful SSH Login Download and Allow Execution Download and Execute |
Associated Attack Servers |
18.220.148.98 50.118.182.234 52.53.242.243 54.93.55.80 71.62.129.30 89.105.117.246 123.124.150.10 166.168.111.151 166.255.227.179 170.210.215.142 176.99.12.209 |
IP Address |
60.172.206.11 |
|
Domain |
- |
|
ISP |
China Telecom Anhui |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-08-03 |
Last seen in Akamai Guardicore Segmentation |
2020-08-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 5 times |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/nginx was downloaded and executed 21 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 42 IP Addresses |
Port 22 Scan |
Process /dev/shm/ifconfig scanned port 22 on 42 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 22 on 29 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 42 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig started listening on ports: 1234 |
Listening |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /tmp/nginx was downloaded and executed 12 times |
Download and Execute |
Process /dev/shm/ifconfig started listening on ports: 1234 |
Listening |
Process /tmp/nginx started listening on ports: 1234 |
Listening |
Process /dev/shm/ifconfig generated outgoing network traffic to: 102.146.133.100:2222, 112.207.180.67:22, 112.207.180.67:2222, 112.85.58.165:2222, 113.122.174.181:2222, 128.53.178.41:22, 129.59.27.89:22, 133.8.58.142:22, 133.8.58.142:2222, 135.48.115.249:22, 14.180.49.64:22, 154.233.28.157:22, 154.233.28.157:2222, 158.66.118.232:22, 159.64.135.141:22, 159.64.135.141:2222, 164.113.59.29:22, 164.113.59.29:2222, 166.216.55.75:22, 166.216.55.75:2222, 173.133.141.99:22, 173.133.141.99:2222, 176.99.12.209:1234, 183.218.196.104:22, 183.218.196.104:2222, 184.238.138.232:22, 184.238.138.232:2222, 197.15.70.62:22, 197.15.70.62:2222, 212.138.221.155:22, 241.40.152.79:22, 241.40.152.79:2222, 248.64.151.151:2222, 25.114.89.107:22, 25.114.89.107:2222, 25.168.91.10:22, 250.25.227.147:22, 3.127.255.82:1234, 3.244.154.189:2222, 30.73.107.156:22, 4.127.234.63:22, 41.88.225.15:22, 41.88.225.15:2222, 42.218.181.219:2222, 44.228.75.121:22, 50.15.134.174:22, 50.15.134.174:2222, 51.47.195.229:22, 51.47.195.229:2222, 52.208.189.37:22, 54.93.55.80:1234, 55.250.209.59:22, 55.250.209.59:2222, 58.129.125.180:22, 58.129.125.180:2222, 58.61.219.70:22, 60.172.206.11:1234, 60.60.170.177:22, 60.60.170.177:2222, 65.158.206.137:22, 65.158.206.137:2222, 72.146.117.187:22, 72.67.9.121:22, 72.68.80.115:22, 73.93.142.101:22, 75.95.5.236:22, 75.95.5.236:2222, 83.171.159.227:22, 83.171.159.227:2222, 88.163.172.116:22, 9.132.42.77:2222, 9.64.87.51:22, 9.64.87.51:2222 and 91.53.97.52:22 |
Outgoing Connection |
Process /dev/shm/ifconfig scanned port 2222 on 29 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/nginx was downloaded and executed 11 times |
Download and Execute |
The file /root/nginx was downloaded and executed 48 times |
Download and Execute |
Process /root/nginx started listening on ports: 1234 |
Listening |
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
Connection was closed due to timeout |
|