Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 95.39.140.148Previously Malicious

IP Address: 95.39.140.148Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Scanner

Services Targeted

SSH

Tags

Networking Operation 28 Shell Commands Download Operation Successful SSH Login Human Log Tampering Access Suspicious Domain Outgoing Connection Superuser Operation SSH Package Install DNS Query

Associated Attack Servers

eatmybytes.com

46.101.75.86 192.254.204.95 195.110.43.158

Basic Information

IP Address

95.39.140.148

Domain

-

ISP

Vodafone Ono

Country

Spain

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2021-06-06

Last seen in Akamai Guardicore Segmentation

2021-08-02

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List

Successful SSH Login

History File Tampering detected from /usr/sbin/sshd 2 times

Log Tampering

A possibly malicious Networking Operation was detected

Download Operation Networking Operation Package Install Superuser Operation

A possibly malicious Download Operation was detected 2 times

Download Operation Networking Operation Package Install Superuser Operation

Process /usr/bin/wget generated outgoing network traffic to: 195.110.43.158:80

Outgoing Connection

Process /bin/bash generated outgoing network traffic to: 192.254.204.95:80

Outgoing Connection

Process /bin/bash attempted to access suspicious domains: unifiedlayer.com

Access Suspicious Domain Outgoing Connection

Process /bin/ping attempted to access domains: google.com

DNS Query

A possibly malicious Superuser Operation was detected

Download Operation Networking Operation Package Install Superuser Operation

A possibly malicious Download Operation was detected

Download Operation Networking Operation Package Install Superuser Operation

A possibly malicious Package Install was detected

Download Operation Networking Operation Package Install Superuser Operation

Process /usr/lib/apt/methods/http attempted to access domains: _http._tcp.security.ubuntu.com and security.ubuntu.com

DNS Query

Process /usr/bin/apt-get attempted to access domains: _http._tcp.archive.ubuntu.com and archive.ubuntu.com

DNS Query

Connection was closed due to timeout