IP Address: 144.22.201.61Previously Malicious
IP Address: 144.22.201.61Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
SSH Superuser Operation Successful SSH Login Download and Execute Download and Allow Execution |
Associated Attack Servers |
1.14.166.163 1.116.153.164 36.249.177.249 44.204.16.215 76.29.166.183 81.68.238.98 83.147.27.178 94.54.44.146 101.43.170.250 115.196.130.154 176.223.110.76 186.28.106.152 197.150.141.68 201.211.201.166 211.74.149.40 220.238.144.148 221.45.16.161 |
IP Address |
144.22.201.61 |
|
Domain |
- |
|
ISP |
Oracle Corporation |
|
Country |
Brazil |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-04 |
Last seen in Akamai Guardicore Segmentation |
2022-04-21 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 4 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 202 times |
Download and Execute |
Process /root/apache2 generated outgoing network traffic to: 1.1.1.1:443, 101.134.237.162:80, 101.134.237.162:8080, 101.43.150.232:1234, 106.15.206.31:2222, 106.62.138.219:80, 106.62.138.219:8080, 107.43.196.28:80, 107.43.196.28:8080, 110.42.189.172:1234, 111.26.161.204:1234, 113.175.48.152:22, 119.12.7.41:80, 119.12.7.41:8080, 124.222.141.43:1234, 129.251.155.250:2222, 140.43.145.181:22, 142.130.50.122:80, 142.130.50.122:8080, 142.251.32.4:443, 146.224.186.209:80, 146.224.186.209:8080, 15.193.170.237:80, 15.193.170.237:8080, 156.69.102.91:80, 156.69.102.91:8080, 172.67.133.228:443, 184.156.83.226:80, 184.156.83.226:8080, 186.147.252.170:80, 186.147.252.170:8080, 187.6.3.3:1234, 19.181.237.240:80, 19.181.237.240:8080, 190.143.178.222:80, 190.143.178.222:8080, 190.156.182.47:80, 190.156.182.47:8080, 199.111.29.185:22, 202.11.17.63:80, 202.11.17.63:8080, 220.122.204.67:80, 220.122.204.67:8080, 222.190.57.28:2222, 23.145.71.188:80, 23.145.71.188:8080, 24.165.112.188:80, 24.165.112.188:8080, 244.26.199.234:2222, 25.112.27.3:80, 25.112.27.3:8080, 252.152.85.165:80, 252.152.85.165:8080, 29.117.105.149:80, 29.117.105.149:8080, 31.125.171.133:22, 32.199.90.49:80, 32.199.90.49:8080, 4.18.10.37:80, 4.18.10.37:8080, 42.142.236.138:80, 42.142.236.138:8080, 50.167.123.26:2222, 51.75.146.174:443, 52.236.227.4:80, 52.236.227.4:8080, 55.147.62.251:80, 55.147.62.251:8080, 56.110.209.186:22, 59.83.103.106:80, 59.83.103.106:8080, 72.180.11.50:80, 72.180.11.50:8080, 76.87.169.151:80, 76.87.169.151:8080, 8.8.4.4:443, 8.8.8.8:443, 82.157.131.41:1234, 88.13.47.56:80, 88.13.47.56:8080, 89.58.19.34:1234, 91.169.54.156:80, 91.169.54.156:8080, 91.227.169.246:80, 91.227.169.246:8080, 94.224.98.41:80, 94.224.98.41:8080 and 94.224.98.41:8090 |
Outgoing Connection |
Process /root/apache2 started listening on ports: 1234, 8081 and 8184 |
Listening |
Process /root/apache2 attempted to access suspicious domains: brasiltelecom.net.br and supersrv.de |
Access Suspicious Domain Outgoing Connection |
Process /root/apache2 scanned port 80 on 32 IP Addresses |
Port 8080 Scan Port 80 Scan |
Process /root/apache2 scanned port 8080 on 32 IP Addresses |
Port 8080 Scan Port 80 Scan |
Process /root/apache2 scanned port 80 on 32 IP Addresses |
Port 8080 Scan Port 80 Scan |
Process /root/apache2 scanned port 8080 on 32 IP Addresses |
Port 8080 Scan Port 80 Scan |
The file /root/php-fpm was downloaded and executed 31 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 31 times |
Download and Execute |
The file /root/php-fpm was downloaded and granted execution privileges |
Download and Allow Execution |
Connection was closed due to timeout |
|