Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 37.49.226.35Previously Malicious

IP Address: 37.49.226.35Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Connect-Back, Scanner

Services Targeted

SSH

Tags

SSH Log Tampering SSH Brute Force 4 Shell Commands Download Operation Successful SSH Login Outgoing Connection

Associated Attack Servers

athakics.com

37.49.224.156 37.49.226.129 45.95.168.133 45.95.168.176 45.95.168.228

Basic Information

IP Address

37.49.226.35

Domain

-

ISP

ESTOXY OU

Country

Netherlands

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2020-05-26

Last seen in Akamai Guardicore Segmentation

2020-07-24

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / ***** - Authentication policy: White List (Part of a Brute Force Attempt)

SSH Brute Force Successful SSH Login

A user logged in using SSH with the following credentials: root / ***** - Authentication policy: Correct Password (Part of a Brute Force Attempt)

SSH Brute Force Successful SSH Login

A user logged in using SSH with the following credentials: root / ***** - Authentication policy: Correct Password (Part of a Brute Force Attempt) 2 times

SSH Brute Force Successful SSH Login

A possibly malicious Download Operation was detected 8 times

Download Operation

History File Tampering detected from /bin/bash 2 times

Log Tampering

Process /usr/bin/wget generated outgoing network traffic to: 37.49.226.35:80 3 times

Outgoing Connection

History File Tampering detected from /usr/sbin/sshd

Log Tampering

History File Tampering detected from /usr/sbin/sshd

Log Tampering

Process /bin/bash generated outgoing network traffic to: 37.49.226.35:80

Outgoing Connection

Connection was closed due to timeout