IP Address: 5.61.57.196Previously Malicious
IP Address: 5.61.57.196Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation SCP Download and Execute Successful SSH Login SSH Download File |
Associated Attack Servers |
1.117.204.70 103.145.148.138 117.146.172.106 120.194.157.165 183.252.37.216 |
IP Address |
5.61.57.196 |
|
Domain |
- |
|
ISP |
ISPIRIA Networks Ltd |
|
Country |
- |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-13 |
Last seen in Akamai Guardicore Segmentation |
2022-02-01 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 3 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 188 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 22 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/ifconfig started listening on ports: 1234 and 8086 |
Listening |
Process /root/ifconfig generated outgoing network traffic to: 1.239.94.153:2222, 100.133.181.8:22, 100.82.132.209:22, 102.228.141.170:22, 105.15.154.94:2222, 107.179.186.135:2222, 107.238.15.16:2222, 107.65.136.250:22, 107.65.136.250:2222, 108.120.233.190:22, 112.194.55.60:2222, 113.150.115.104:2222, 114.138.126.140:2222, 115.93.193.162:22, 116.11.35.146:2222, 119.137.57.210:2222, 119.231.118.21:2222, 121.130.23.157:2222, 121.87.136.142:22, 128.134.83.206:2222, 13.237.207.252:2222, 134.104.72.101:2222, 135.206.208.29:22, 136.209.234.58:2222, 14.125.227.59:2222, 140.53.192.158:2222, 141.202.113.88:2222, 143.80.246.152:2222, 150.176.125.229:2222, 152.113.13.11:22, 152.73.142.249:22, 16.199.76.154:22, 161.250.224.29:22, 164.231.49.201:2222, 168.85.39.119:2222, 171.92.186.110:22, 171.97.229.200:2222, 173.183.159.136:2222, 177.222.235.93:22, 178.50.221.193:2222, 18.156.13.169:2222, 180.177.112.46:22, 180.36.130.196:2222, 184.241.69.163:22, 186.150.102.5:22, 187.155.123.11:2222, 188.147.194.30:22, 189.200.187.192:2222, 192.144.251.6:22, 194.64.185.102:22, 198.148.77.107:22, 206.179.114.243:2222, 207.146.198.48:22, 210.142.138.199:2222, 214.181.160.46:22, 215.204.139.63:22, 217.222.16.53:22, 217.37.5.164:22, 217.37.5.164:2222, 217.90.228.216:22, 220.10.246.168:2222, 23.67.139.227:22, 242.185.117.145:22, 28.4.174.75:2222, 31.6.205.126:22, 32.183.165.92:22, 4.181.187.126:2222, 42.244.68.168:22, 45.9.33.52:2222, 47.3.13.156:2222, 57.80.180.179:22, 6.134.149.81:2222, 60.33.194.187:22, 62.216.90.1:2222, 63.171.21.236:22, 69.169.64.129:22, 76.108.180.178:2222, 76.196.127.181:2222, 77.152.65.199:22, 80.166.136.95:2222, 84.25.74.218:2222, 84.34.118.52:2222, 86.121.202.253:22, 87.154.124.134:22, 9.171.157.68:2222, 9.201.12.43:22, 9.207.81.33:22, 93.225.107.216:2222 and 96.128.107.22:22 |
|
Process /root/ifconfig scanned port 2222 on 47 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|