IP Address: 139.59.135.142Malicious
IP Address: 139.59.135.142Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SCP SSH |
|
Tags |
SSH SCP Superuser Operation Download File Download and Allow Execution Successful SSH Login Download and Execute |
|
Associated Attack Servers |
airtel.in airtel.ug aniar.ie bai.ne.jp bresnan.net btcentralplus.com caprock-spur.com cloudwaysapps.com herza.id iia.cl infonet.ee lightpath.net neu.edu numericable.fr open-telekom-cloud.com ovh.ca ovh.net poneytelecom.eu rr.com sfr.net telecomitalia.it tokai.or.jp tpnet.pl uaslp.mx unicamp.br veloxzone.com.br yokote-oroshi.jp 1.1.1.1 1.153.128.102 3.22.34.73 3.91.21.110 3.110.236.209 3.224.32.43 3.245.38.53 5.83.119.36 5.188.79.92 5.222.27.166 6.192.133.31 7.208.100.16 8.215.36.214 11.92.189.172 16.128.6.237 18.212.180.57 18.216.252.36 20.58.184.140 20.106.178.203 20.141.185.205 21.111.187.219 23.167.169.41 24.135.203.111 25.151.6.77 25.247.97.109 27.227.8.83 28.194.1.161 29.58.200.159 31.8.37.151 31.225.26.163 |
|
IP Address |
139.59.135.142 |
|
|
Domain |
- |
|
|
ISP |
Digital Ocean |
|
|
Country |
Germany |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-04-13 |
|
Last seen in Akamai Guardicore Segmentation |
2023-03-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 6 times |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 28 times |
Superuser Operation |
|
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 242 times |
Download and Execute |
|
Process /tmp/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan |
|
Process /root/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan |
|
Process /var/tmp/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan |
|
Process /dev/shm/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan |
|
Process /root/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan |
|
Process /tmp/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan |
|
Process /etc/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan |
|
Process /var/tmp/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan |
|
Process /root/apache2 started listening on ports: 1234, 8080 and 8187 |
Listening |
|
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /tmp/apache2 was downloaded and executed 115 times |
Download and Execute |
|
Process /tmp/apache2 generated outgoing network traffic to: 1.1.1.1:443, 142.250.191.164:443, 161.107.113.34:1234, 172.64.201.11:443, 51.75.146.174:443, 58.229.125.66:1234, 8.8.4.4:443 and 8.8.8.8:443 |
Outgoing Connection |
|
Process /root/apache2 generated outgoing network traffic to: 172.64.201.11:443 |
Outgoing Connection |
|
Process /tmp/apache2 started listening on ports: 1234, 8086 and 8185 |
Listening |
|
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
Process /var/tmp/ifconfig started listening on ports: 1234, 8088 and 8189 |
Listening |
|
The file /var/tmp/apache2 was downloaded and executed 161 times |
Download and Execute |
|
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 101.42.90.177:1234, 118.41.204.72:1234, 142.250.191.164:443, 161.70.98.32:1234, 172.64.200.11:443, 183.213.26.13:1234, 190.60.239.44:1234, 191.242.188.103:1234, 206.189.25.255:1234, 210.99.20.194:1234, 222.100.124.62:1234, 222.103.98.58:1234, 222.134.240.91:1234, 223.99.166.104:1234, 31.19.237.170:1234, 46.13.164.29:1234, 51.75.146.174:443, 61.84.162.66:1234, 64.227.132.175:1234, 8.8.4.4:443, 8.8.8.8:443 and 82.149.112.170:1234 |
Outgoing Connection |
|
Process /dev/shm/ifconfig started listening on ports: 1234, 8084 and 8186 |
Listening |
|
./ifconfig was downloaded |
Download File |
|
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
Process /root/apache2 generated outgoing network traffic to: 117.16.44.111:1234, 120.224.34.31:1234, 172.64.200.11:443, 172.64.201.11:443, 184.83.112.246:1234, 211.162.184.120:1234, 223.171.91.127:1234 and 49.233.159.222:1234 |
Outgoing Connection |
|
Process /root/apache2 started listening on ports: 1234, 8085 and 8182 |
Listening |
|
System file /etc/ifconfig was modified 25 times |
System File Modification |
|
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /tmp/apache2 was downloaded and executed 110 times |
Download and Execute |
|
Process /tmp/ifconfig generated outgoing network traffic to: 1.220.98.197:1234, 123.132.238.210:1234, 172.64.201.11:443, 183.213.26.13:1234, 184.83.112.246:1234 and 223.99.166.104:1234 |
Outgoing Connection |
|
Process /tmp/ifconfig started listening on ports: 1234, 8082 and 8185 |
Listening |
|
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
System file /etc/apache2 was modified 4 times |
System File Modification |
|
The file /etc/apache2 was downloaded and executed 90 times |
Download and Execute |
|
Process /etc/ifconfig generated outgoing network traffic to: 103.90.177.102:1234, 172.64.200.11:443, 223.171.91.191:1234, 43.242.247.139:1234 and 89.212.123.191:1234 |
Outgoing Connection |
|
Process /etc/ifconfig started listening on ports: 1234, 8089 and 8189 |
Listening |
|
/root/ifconfig was downloaded |
Download File |
|
The file /var/tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
Process /var/tmp/apache2 started listening on ports: 1234, 8081, 8089 and 8186 |
Listening |
|
Process /var/tmp/apache2 generated outgoing network traffic to: 172.64.200.11:443 |
Outgoing Connection |
|
Connection was closed due to user inactivity |
|
|
/var/tmp/ifconfig |
SHA256: 2fd96aa6470f930f543ef665fcc62ffa4dfe6646b8f506c11b452a191800285b |
2392064 bytes |
|
/var/tmp/ifconfig |
SHA256: 376f8f665f43984bf5aa16524421600b638fc1a7b331e8ac78b60a387fcf8dbb |
2621440 bytes |
|
/var/tmp/ifconfig |
SHA256: 550307921085269ac7b53b3492fbffd8dc7bb9deaee1b26d433b3ebb40282384 |
2195456 bytes |
|
/var/tmp/ifconfig |
SHA256: 861921d16b4f8870dda3d79aecaa828b713b8e41b29ec977aca10c236356144e |
1507328 bytes |
|
/var/tmp/ifconfig |
SHA256: 8e7cf70465391f66bc440eba9c30c73995725eaa95fe9f8ba9da6ecbe060c085 |
2424832 bytes |
|
/var/tmp/ifconfig |
SHA256: b2712bdabd192560eb201c14818ff1368c742242fee50fb164ef9f84142462fc |
2031616 bytes |
|
/var/tmp/ifconfig |
SHA256: b68a8713bece3c5ce9b0e366dd929b6664fb1d7d569f2bc6fafe9a1bded50019 |
1671168 bytes |
|
/root/ifconfig |
SHA256: bf9553be0290bc2603b057d3daa41cbcc7f761941ff5519b7d441abe836ec046 |
2457600 bytes |
© 2023 Akamai Technologies