IP Address: 37.11.123.75Previously Malicious
IP Address: 37.11.123.75Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Port 22 Scan Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
5.161.42.72 20.226.25.68 30.189.135.108 62.135.67.157 90.23.240.185 101.43.47.154 110.42.191.5 117.253.182.220 138.139.210.37 170.53.104.106 194.238.106.200 220.179.231.181 223.171.91.127 |
IP Address |
37.11.123.75 |
|
Domain |
- |
|
ISP |
Orange Espana |
|
Country |
Spain |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-06 |
Last seen in Akamai Guardicore Segmentation |
2022-03-27 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 101.43.47.154:1234, 102.74.113.5:80, 102.74.113.5:8080, 103.4.157.95:80, 103.4.157.95:8080, 104.21.25.86:443, 106.74.25.54:80, 106.74.25.54:8080, 108.110.69.165:22, 110.42.191.5:1234, 112.137.176.139:22, 117.253.182.220:2222, 119.32.236.21:80, 119.32.236.21:8080, 122.95.131.91:80, 122.95.131.91:8080, 124.234.99.161:80, 124.234.99.161:8080, 131.140.44.53:80, 131.140.44.53:8080, 136.224.183.23:80, 136.224.183.23:8080, 138.139.210.37:2222, 139.60.43.222:80, 139.60.43.222:8080, 141.193.235.193:80, 141.193.235.193:8080, 142.157.245.8:80, 142.157.245.8:8080, 145.224.155.27:80, 145.224.155.27:8080, 151.62.88.196:80, 151.62.88.196:8080, 152.131.200.55:80, 152.131.200.55:8080, 156.142.115.184:80, 156.142.115.184:8080, 165.3.114.233:80, 165.3.114.233:8080, 170.53.104.106:2222, 172.67.133.228:443, 175.140.202.233:80, 175.140.202.233:8080, 183.21.65.174:80, 183.21.65.174:8080, 188.111.173.192:80, 188.111.173.192:8080, 194.238.106.200:2222, 198.126.111.226:80, 198.126.111.226:8080, 20.226.25.68:1234, 200.119.16.133:22, 206.6.197.234:80, 206.6.197.234:8080, 217.66.121.62:80, 217.66.121.62:8080, 217.73.241.2:80, 217.73.241.2:8080, 22.12.132.181:22, 22.130.23.229:80, 22.130.23.229:8080, 220.179.231.181:1234, 223.171.91.127:1234, 24.26.121.244:80, 24.26.121.244:8080, 245.213.236.72:22, 251.140.204.147:80, 251.140.204.147:8080, 30.189.135.108:2222, 31.186.223.150:80, 31.186.223.150:8080, 35.242.97.150:80, 35.242.97.150:8080, 39.191.189.41:22, 5.161.42.72:1234, 51.75.146.174:443, 62.135.67.157:2222, 70.64.191.43:22, 79.100.44.125:22, 82.115.153.57:80, 82.115.153.57:8080, 85.223.162.184:22, 90.23.240.185:1234, 91.190.177.38:80, 91.190.177.38:8080, 97.97.37.32:80, 97.97.37.32:8080, 98.77.84.12:80 and 98.77.84.12:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8083 and 8182 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: link.net and wanadoo.fr |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|