IP Address: 3.35.185.49Previously Malicious
IP Address: 3.35.185.49Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP |
Tags |
Superuser Operation Listening SCP 2 Shell Commands Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File Download and Allow Execution |
Associated Attack Servers |
5.182.17.252 15.185.34.173 50.217.22.109 80.200.70.166 183.252.37.196 217.160.172.168 |
IP Address |
3.35.185.49 |
|
Domain |
- |
|
ISP |
Amazon.com |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-18 |
Last seen in Akamai Guardicore Segmentation |
2021-12-24 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 4 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 88 times |
Download and Execute |
Process /tmp/ifconfig scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 22 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig started listening on ports: 1234 and 8084 |
Listening |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
Process /tmp/ifconfig generated outgoing network traffic to: 1.139.37.236:2222, 1.206.224.22:22, 104.40.10.214:22, 106.201.224.185:22, 108.62.208.106:22, 11.73.185.61:2222, 11.80.8.180:22, 111.243.107.102:2222, 121.75.178.175:22, 122.222.232.9:2222, 123.114.179.121:22, 123.80.253.90:22, 136.217.233.26:2222, 142.240.66.80:22, 144.32.201.30:22, 15.243.159.191:2222, 150.150.154.31:2222, 151.116.95.155:2222, 151.30.180.175:2222, 154.60.118.31:22, 155.132.203.27:2222, 16.57.136.201:22, 160.49.212.171:22, 161.216.44.198:2222, 161.234.157.59:2222, 163.98.159.43:22, 164.151.224.252:22, 167.231.198.238:2222, 168.221.3.176:22, 170.183.152.213:22, 173.217.229.247:22, 173.41.54.158:2222, 175.184.32.3:2222, 179.202.174.233:2222, 179.92.182.239:22, 185.67.88.183:22, 187.200.239.28:22, 19.39.203.65:2222, 190.123.127.152:2222, 192.141.184.22:22, 192.235.97.175:2222, 193.187.83.201:22, 2.186.100.123:2222, 201.130.130.46:2222, 208.41.245.19:2222, 21.101.231.242:2222, 211.195.17.209:22, 211.205.206.24:22, 214.212.103.181:2222, 22.126.207.16:22, 22.199.228.181:22, 220.103.150.225:2222, 222.226.213.48:22, 23.250.15.180:2222, 23.71.120.173:2222, 240.90.28.2:2222, 245.28.109.67:22, 25.102.114.193:2222, 252.18.251.232:22, 253.43.251.63:22, 30.195.76.17:2222, 35.150.192.153:2222, 37.81.50.52:2222, 38.90.204.64:22, 43.83.181.109:22, 45.40.6.3:22, 47.14.161.243:22, 52.36.173.158:22, 54.43.10.86:2222, 55.119.146.162:22, 56.111.93.186:2222, 6.185.178.120:22, 6.50.245.196:2222, 61.233.69.148:2222, 62.35.199.213:2222, 64.154.92.69:2222, 66.181.176.119:2222, 67.83.69.45:2222, 69.82.128.115:22, 7.229.60.21:22, 72.237.174.224:2222, 72.45.131.250:2222, 72.74.95.42:2222, 79.95.106.12:22, 8.113.194.152:2222, 84.168.189.209:2222, 87.235.202.211:2222, 87.55.237.146:22, 90.245.234.49:2222 and 93.134.193.157:2222 |
|
Process /tmp/ifconfig scanned port 2222 on 48 IP Addresses |
Port 22 Scan Port 2222 Scan |
./ifconfig was downloaded |
Download File |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 38 times |
Download and Execute |
Process /root/ifconfig started listening on ports: 1234 and 8080 |
Listening |
Connection was closed due to timeout |
|