IP Address: 79.47.57.130Previously Malicious
IP Address: 79.47.57.130Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
5 Shell Commands Superuser Operation Listening Outgoing Connection SCP Access Suspicious Domain Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File Download and Allow Execution |
Associated Attack Servers |
47.243.181.238 50.217.153.73 50.237.89.161 101.35.138.55 103.156.150.248 179.106.38.141 |
IP Address |
79.47.57.130 |
|
Domain |
- |
|
ISP |
Telecom Italia |
|
Country |
Italy |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-19 |
Last seen in Akamai Guardicore Segmentation |
2022-01-05 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /tmp/ifconfig scanned port 22 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 22 on 37 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /tmp/ifconfig scanned port 2222 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /tmp/apache2 was downloaded and executed 124 times |
Download and Execute |
Process /tmp/ifconfig started listening on ports: 1234 and 8088 |
Listening |
Process /tmp/ifconfig generated outgoing network traffic to: 100.223.53.101:2222, 101.35.138.55:1234, 103.156.150.248:1234, 107.55.139.148:2222, 110.70.131.177:2222, 114.134.42.191:22, 114.51.235.151:2222, 116.117.38.51:22, 116.24.54.164:2222, 118.38.87.185:22, 122.250.155.162:22, 125.13.108.113:22, 125.253.16.114:22, 126.149.203.235:22, 128.118.141.98:2222, 129.231.101.158:2222, 134.125.56.242:2222, 136.228.204.129:2222, 136.3.178.252:22, 138.37.99.147:22, 139.241.58.6:22, 139.90.1.57:22, 140.169.101.62:22, 142.129.249.49:2222, 149.123.47.186:22, 150.45.194.249:22, 152.118.210.241:2222, 154.114.146.73:22, 156.148.63.100:2222, 16.207.100.230:22, 165.150.39.50:2222, 167.74.115.138:22, 168.78.214.146:2222, 169.227.234.243:2222, 173.118.8.221:2222, 177.217.89.100:2222, 177.84.85.134:22, 179.106.38.141:1234, 18.81.90.116:2222, 188.253.59.27:22, 188.57.248.74:22, 193.228.251.76:2222, 197.192.144.213:22, 198.11.134.132:2222, 20.39.134.122:22, 202.208.21.86:2222, 202.216.228.204:22, 205.102.250.118:22, 206.222.155.41:2222, 208.35.57.13:22, 21.1.2.16:2222, 211.132.183.29:2222, 213.28.137.40:22, 216.23.33.123:22, 217.43.197.86:2222, 222.175.157.40:2222, 222.242.4.245:2222, 23.104.231.73:22, 241.222.117.111:22, 243.139.211.119:22, 245.248.110.146:2222, 253.226.128.70:2222, 33.198.143.141:2222, 36.114.137.90:22, 36.209.244.193:22, 37.160.136.198:22, 41.142.72.142:22, 43.236.20.123:22, 47.109.31.123:2222, 47.243.181.238:1234, 50.217.153.73:1234, 50.237.89.161:1234, 52.38.81.163:2222, 53.115.19.204:22, 53.123.37.119:2222, 56.219.126.68:2222, 57.121.3.5:22, 58.156.30.189:22, 62.200.239.205:22, 69.195.130.252:22, 7.125.73.98:2222, 70.51.100.176:22, 83.203.203.25:2222, 86.153.108.29:2222, 90.227.59.250:22 and 95.197.113.176:22 |
Outgoing Connection |
Process /tmp/ifconfig attempted to access suspicious domains: smarttelecom.com.br |
Access Suspicious Domain Outgoing Connection |
Process /tmp/ifconfig scanned port 2222 on 37 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed 2 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 22 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 14 times |
Download and Execute |
Connection was closed due to timeout |
|