IP Address: 51.75.31.39Previously Malicious
IP Address: 51.75.31.39Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 22 Scan SSH 20 Shell Commands Download and Allow Execution Successful SSH Login Listening Port 2222 Scan Download and Execute |
|
Associated Attack Servers |
- |
|
IP Address |
51.75.31.39 |
|
|
Domain |
- |
|
|
ISP |
OVH SAS |
|
|
Country |
France |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2020-06-04 |
|
Last seen in Akamai Guardicore Segmentation |
2020-08-26 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
|
The file /tmp/ifconfig was downloaded and executed 7 times |
Download and Execute |
|
The file /tmp/nginx was downloaded and executed 129 times |
Download and Execute |
|
Process /tmp/nginx scanned port 22 on 49 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /tmp/nginx scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /tmp/nginx scanned port 2222 on 49 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /tmp/nginx started listening on ports: 1234 |
Listening |
|
Process /tmp/nginx generated outgoing network traffic to: 103.138.246.144:22, 103.138.246.144:2222, 104.131.230.2:2222, 104.193.200.6:22, 104.193.200.6:2222, 105.61.167.183:2222, 105.86.150.24:22, 105.86.150.24:2222, 117.64.207.14:22, 117.64.207.14:2222, 119.131.136.5:22, 126.221.80.241:22, 126.221.80.241:2222, 129.47.29.249:22, 129.47.29.249:2222, 13.109.4.171:22, 13.109.4.171:2222, 130.195.100.150:22, 130.195.100.150:2222, 130.6.117.171:22, 132.87.83.190:22, 132.87.83.190:2222, 134.251.111.69:22, 146.197.195.184:22, 146.197.195.184:2222, 149.202.179.87:22, 154.144.111.248:22, 154.144.111.248:2222, 156.56.56.108:22, 156.56.56.108:2222, 159.21.122.8:22, 159.21.122.8:2222, 163.38.115.17:22, 163.38.115.17:2222, 166.230.171.170:22, 166.230.171.170:2222, 168.88.31.10:22, 17.253.65.165:22, 17.253.65.165:2222, 177.48.59.38:22, 183.206.45.89:22, 183.206.45.89:2222, 191.19.149.147:2222, 198.2.176.104:22, 198.2.176.104:2222, 199.167.175.166:2222, 199.210.157.205:2222, 201.73.240.11:22, 201.73.240.11:2222, 202.43.58.230:2222, 205.121.185.118:22, 205.121.185.118:2222, 222.56.19.212:22, 23.147.60.177:22, 23.147.60.177:2222, 243.229.201.56:22, 243.229.201.56:2222, 250.244.59.75:22, 250.244.59.75:2222, 253.48.245.219:2222, 26.201.240.28:2222, 27.217.56.82:22, 27.217.56.82:2222, 29.175.34.145:22, 40.83.31.86:2222, 43.233.213.244:2222, 43.25.140.199:22, 43.25.140.199:2222, 46.250.114.11:22, 47.218.78.126:2222, 50.223.144.233:22, 50.223.144.233:2222, 53.45.12.235:22, 55.168.14.195:22, 55.168.14.195:2222, 56.127.248.25:22, 56.127.248.25:2222, 59.248.206.73:22, 59.248.206.73:2222, 6.166.127.141:22, 62.63.221.98:22, 69.124.197.152:22, 76.150.51.102:22, 76.150.51.102:2222, 80.68.197.29:22, 80.68.197.29:2222, 87.155.224.52:22, 87.155.224.52:2222, 92.242.197.87:22, 95.111.237.87:22 and 95.208.39.99:22 |
|
|
Process /tmp/nginx scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
The file /tmp/php-fpm was downloaded and executed 11 times |
Download and Execute |
|
The file /tmp/php-fpm was downloaded and executed 4 times |
Download and Execute |
|
The file /usr/bin/free was downloaded and executed |
Download and Execute |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies