IP Address: 212.57.36.20Previously Malicious
IP Address: 212.57.36.20Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
212.57.36.20 |
|
Domain |
- |
|
ISP |
Webglobe - Yegon, s.r.o. |
|
Country |
Slovakia |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-02-26 |
Last seen in Akamai Guardicore Segmentation |
2022-10-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
./ifconfig was downloaded 2 times |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 16 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 23 times |
Download and Execute |
Process /root/ifconfig generated outgoing network traffic to: 147.182.233.56:1234 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8085 and 8180 |
Listening |
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /var/tmp/apache2 was downloaded and executed 12 times |
Download and Execute |
Process /var/tmp/ifconfig generated outgoing network traffic to: 80.147.162.151:1234 |
Outgoing Connection |
Process /var/tmp/ifconfig started listening on ports: 1234, 8086 and 8181 |
Listening |
Process /var/tmp/ifconfig attempted to access suspicious domains: t-ipconnect.de |
Access Suspicious Domain Outgoing Connection |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 16 times |
Download and Execute |
Process /root/ifconfig generated outgoing network traffic to: 220.243.148.80:1234 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8088 and 8187 |
Listening |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 5 times |
Download and Execute |
Process /root/ifconfig generated outgoing network traffic to: 212.57.36.20:1234 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8083 and 8183 |
Listening |
The file /etc/ifconfig was downloaded and executed 4 times |
Download and Execute |
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /etc/apache2 was downloaded and executed 11 times |
Download and Execute |
Process /etc/apache2 generated outgoing network traffic to: 185.210.144.122:1234 |
Outgoing Connection |
Process /etc/apache2 started listening on ports: 1234, 8081 and 8183 |
Listening |
Process /etc/apache2 attempted to access suspicious domains: srasia-great.com |
Access Suspicious Domain Outgoing Connection |
The file /etc/apache2 was downloaded and executed 8 times |
Download and Execute |
Process /etc/ifconfig generated outgoing network traffic to: 31.19.237.170:1234 |
Outgoing Connection |
Process /etc/ifconfig attempted to access suspicious domains: kabel-deutschland.de |
Access Suspicious Domain Outgoing Connection |
Process /etc/ifconfig started listening on ports: 1234, 8085 and 8180 |
Listening |
Connection was closed due to user inactivity |
|