IP Address: 57.100.69.129Previously Malicious
IP Address: 57.100.69.129Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 22 Scan 10 Shell Commands SSH Download and Allow Execution Successful SSH Login 4 Shell Commands Listening Port 2222 Scan Download and Execute |
|
Associated Attack Servers |
- |
|
IP Address |
57.100.69.129 |
|
|
Domain |
- |
|
|
ISP |
Societe Internationale de Telecommunications Aeron |
|
|
Country |
United States |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2020-05-05 |
|
Last seen in Akamai Guardicore Segmentation |
2020-09-10 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
|
The file /root/nginx was downloaded and executed 78 times |
Download and Execute |
|
Process /root/ifconfig scanned port 22 on 20 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 22 on 23 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig scanned port 2222 on 20 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /root/ifconfig started listening on ports: 1234 |
Listening |
|
Process /root/ifconfig generated outgoing network traffic to: 106.124.107.194:22, 118.195.127.48:22, 118.195.127.48:2222, 12.158.78.36:22, 126.87.112.169:22, 135.117.24.98:22, 135.117.24.98:2222, 137.143.129.88:2222, 14.41.182.219:22, 142.229.91.12:2222, 149.37.139.226:22, 158.1.178.88:22, 158.1.178.88:2222, 17.35.70.214:22, 172.147.164.96:2222, 181.86.249.17:22, 181.86.249.17:2222, 182.165.221.196:22, 182.165.221.196:2222, 184.126.34.89:2222, 187.225.151.129:2222, 194.251.144.34:2222, 195.40.152.70:22, 198.80.65.36:2222, 206.1.142.9:22, 209.192.51.239:2222, 22.239.21.98:2222, 243.59.158.104:22, 37.58.188.127:2222, 45.7.169.152:2222, 45.92.106.141:2222, 46.38.128.104:22, 49.8.14.123:2222, 68.15.112.91:2222, 71.143.195.160:22, 71.143.195.160:2222, 78.206.163.51:2222, 83.129.41.10:22, 94.211.13.31:22, 98.186.21.68:22, 98.186.21.68:2222 and 99.238.132.38:2222 |
|
|
Process /root/ifconfig scanned port 2222 on 23 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
The file /root/php-fpm was downloaded and executed 3 times |
Download and Execute |
© 2023 Akamai Technologies