IP Address: 13.76.89.230Previously Malicious
IP Address: 13.76.89.230Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Download File SSH Superuser Operation Successful SSH Login Download and Execute SCP Download and Allow Execution |
Associated Attack Servers |
13.124.116.69 15.35.9.26 36.69.131.107 42.192.204.53 52.15.224.229 57.76.147.86 61.214.60.164 69.246.216.81 101.42.90.177 107.182.190.58 109.203.9.62 119.11.175.153 153.15.174.195 162.235.186.180 173.18.35.41 194.25.9.149 202.197.221.94 217.42.75.229 247.6.123.77 247.84.59.49 |
IP Address |
13.76.89.230 |
|
Domain |
- |
|
ISP |
Microsoft Corporation |
|
Country |
Singapore |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-28 |
Last seen in Akamai Guardicore Segmentation |
2022-04-04 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 187 times |
Download and Execute |
Process /root/ifconfig scanned port 22 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig generated outgoing network traffic to: 101.146.236.53:80, 101.146.236.53:8080, 101.42.239.124:1234, 103.105.12.48:1234, 103.76.96.195:80, 103.76.96.195:8080, 104.21.25.86:443, 107.235.239.211:80, 107.235.239.211:8080, 120.66.26.59:80, 120.66.26.59:8080, 124.222.13.124:1234, 125.97.2.90:22, 132.207.153.175:2222, 134.132.29.117:22, 136.62.107.125:80, 136.62.107.125:8080, 138.52.84.29:22, 146.223.87.24:80, 146.223.87.24:8080, 149.114.163.14:80, 149.114.163.14:8080, 15.37.183.39:2222, 150.223.22.186:80, 150.223.22.186:8080, 163.182.182.47:80, 163.182.182.47:8080, 164.157.81.57:80, 164.157.81.57:8080, 164.192.198.57:22, 165.94.58.133:80, 165.94.58.133:8080, 171.75.45.104:80, 171.75.45.104:8080, 172.67.133.228:443, 174.197.70.24:22, 176.133.68.110:22, 176.230.99.60:80, 176.230.99.60:8080, 18.51.28.228:80, 18.51.28.228:8080, 186.228.104.249:80, 186.228.104.249:8080, 187.88.28.51:80, 187.88.28.51:8080, 194.113.123.105:80, 194.113.123.105:8080, 194.117.12.194:80, 194.117.12.194:8080, 195.110.29.48:2222, 200.90.200.116:80, 200.90.200.116:8080, 201.26.190.200:80, 201.26.190.200:8080, 202.209.89.101:22, 209.101.82.182:80, 209.101.82.182:8080, 209.14.69.77:1234, 216.47.149.238:22, 218.154.216.47:80, 218.154.216.47:8080, 22.222.162.22:80, 22.222.162.22:8080, 252.1.32.161:22, 3.4.84.195:80, 3.4.84.195:8080, 33.19.252.131:80, 33.19.252.131:8080, 34.72.191.246:80, 34.72.191.246:8080, 38.113.251.95:80, 38.113.251.95:8080, 40.227.145.244:80, 40.227.145.244:8080, 45.33.34.250:1234, 51.75.146.174:443, 57.188.11.19:80, 57.188.11.19:8080, 67.176.220.135:80, 67.176.220.135:8080, 71.176.177.182:2222, 81.70.58.68:1234, 85.240.67.147:2222, 88.22.34.36:80, 88.22.34.36:8080, 90.194.205.232:80, 90.194.205.232:8080, 91.80.149.199:1234 and 96.78.171.202:22 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8089 and 8184 |
Listening |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig attempted to access suspicious domains: linodeusercontent.com and telepac.pt |
Access Suspicious Domain Outgoing Connection |
The file /root/php-fpm was downloaded and executed 38 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed |
Download and Execute |
The file /root/php-fpm was downloaded and executed 9 times |
Download and Execute |
The file /root/php-fpm was downloaded and granted execution privileges |
Download and Allow Execution |
Connection was closed due to timeout |
|