IP Address: 36.93.83.5Previously Malicious
IP Address: 36.93.83.5Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Outgoing Connection Download Operation SSH SSH Brute Force Superuser Operation Port 22 Scan Successful SSH Login 12 Shell Commands System File Modification Kill Process |
Associated Attack Servers |
IP Address |
36.93.83.5 |
|
Domain |
- |
|
ISP |
PT Telkom Indonesia |
|
Country |
Indonesia |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-16 |
Last seen in Akamai Guardicore Segmentation |
2022-11-09 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ******* - Authentication policy: White List (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
A user logged in using SSH with the following credentials: root / ******* - Authentication policy: Correct Password (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
A possibly malicious Superuser Operation was detected 4 times |
Download Operation Kill Process Superuser Operation |
System file /etc/shadow was modified 9 times |
System File Modification |
A possibly malicious Kill Process was detected 2 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Download Operation was detected 6 times |
Download Operation Kill Process Superuser Operation |
Process /usr/bin/wget generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /dev/shm/ksmdr generated outgoing network traffic to: 142.202.242.45:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /usr/bin/nohup generated outgoing network traffic to: 171.22.30.31:57388 |
Outgoing Connection |
Process /usr/bin/wget generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /usr/bin/nohup generated outgoing network traffic to: 11.120.168.167:22, 111.102.124.238:22, 112.131.26.44:22, 112.200.135.9:22, 113.32.224.199:22, 115.183.108.118:22, 116.251.194.16:22, 116.36.143.18:22, 117.118.162.161:22, 117.228.219.128:22, 117.231.243.179:22, 120.2.5.240:22, 122.181.229.246:22, 122.250.211.233:22, 123.115.143.72:22, 123.146.89.73:22, 129.137.250.81:22, 129.77.75.127:22, 130.223.183.234:22, 131.79.25.50:22, 135.21.144.9:22, 137.76.18.72:22, 138.17.232.71:22, 142.250.190.142:80, 143.16.226.30:22, 146.156.12.50:22, 146.240.58.196:22, 149.59.226.164:22, 154.244.149.216:22, 156.94.158.108:22, 159.25.199.221:22, 161.98.149.21:22, 162.122.210.177:22, 162.50.97.145:22, 165.153.194.44:22, 166.174.64.130:22, 171.22.30.31:45833, 171.22.30.31:80, 172.176.141.193:22, 178.242.160.121:22, 181.215.193.166:22, 183.56.166.251:22, 185.126.140.213:22, 190.74.42.139:22, 191.109.180.103:22, 193.66.245.85:22, 193.92.5.66:22, 199.139.15.47:22, 2.119.251.184:22, 2.193.34.45:22, 20.45.208.115:22, 205.18.140.87:22, 208.151.116.30:22, 209.109.150.129:22, 212.0.169.103:22, 212.132.160.15:22, 212.222.71.166:22, 214.115.25.147:22, 222.29.219.121:22, 241.152.47.71:22, 242.176.252.120:22, 245.116.136.94:22, 251.60.81.227:22, 252.41.29.89:22, 32.26.125.181:22, 33.177.41.64:22, 33.220.59.228:22, 38.246.21.228:22, 41.219.152.154:22, 45.163.64.166:22, 45.52.8.18:22, 46.102.215.43:22, 5.58.59.44:22, 5.6.186.29:22, 50.126.248.67:22, 53.154.29.121:22, 53.234.220.106:22, 55.31.2.208:22, 55.83.49.251:22, 64.110.207.175:22, 64.183.242.19:22, 68.16.215.182:22, 69.40.213.151:22, 72.19.67.76:22, 74.97.13.107:22, 76.51.48.234:22, 80.145.2.51:22, 80.19.238.78:22, 82.131.201.57:22, 84.233.170.0:22, 88.2.165.166:22, 89.171.195.150:22, 96.120.80.61:22, 96.130.69.214:22 and 96.87.146.75:22 |
Outgoing Connection |
Process /usr/bin/nohup scanned port 22 on 92 IP Addresses |
Port 22 Scan |
Connection was closed due to timeout |
|