IP Address: 59.57.13.92Malicious
IP Address: 59.57.13.92Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SMB |
Tags |
Successful SMB Login Service Creation Outgoing Connection CMD Service Deletion SMB Null Session Login MSRPC Service Start Access Suspicious Domain SMB |
Associated Attack Servers |
121.in-addr.arpa 163data.com.cn airtel.in brasiltelecom.net.br cantv.net cloudzy.com collabefood.com colocrossing.com corbina.ru dsl.net.pk justgroup.mn link.net.id pern.pk tedata.net ttnet.com.tr tus.net.id 2.179.64.88 14.173.76.156 14.231.244.149 23.94.61.165 23.234.247.86 37.34.177.223 38.52.220.2 41.33.183.69 43.128.2.180 58.65.153.231 58.136.235.123 58.217.104.137 58.240.33.194 58.250.176.164 61.138.28.41 61.147.107.94 61.189.200.155 64.227.152.193 78.186.41.166 80.85.84.75 85.21.240.170 87.107.28.82 89.109.53.65 89.175.224.162 101.201.121.57 103.9.227.4 103.39.232.44 103.149.201.31 103.155.114.119 |
IP Address |
59.57.13.92 |
|
Domain |
- |
|
ISP |
China Telecom fujian |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-12-17 |
Last seen in Akamai Guardicore Segmentation |
2024-01-06 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SMB with the following username: administrator - Authentication policy: Reached Max Attempts |
Successful SMB Login |
A user logged in using SMB with the following username: administrator - Authentication policy: Previously Approved User |
Successful SMB Login |
c:\windows\system32\services.exe installed and started mshta.exe as a service named AC04 under service group None |
Service Start Service Creation |
Service MSIServer was started |
Service Start |
Process c:\windows\system32\msiexec.exe generated outgoing network traffic to: 139.255.33.5:13155, 175.44.6.48:13648 and 59.57.13.92:18820 |
Outgoing Connection |
Process c:\windows\system32\msiexec.exe attempted to access suspicious domains: link.net.id |
Outgoing Connection Access Suspicious Domain |
A user logged in using SMB with the following username: administrator - Authentication policy: Previously Approved User |
Successful SMB Login |
c:\windows\system32\services.exe installed and started mshta.exe as a service named AC02 under service group None |
Service Start Service Creation |
Connection was closed due to user inactivity |
|