IP Address: 144.22.211.65Previously Malicious
IP Address: 144.22.211.65Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
144.22.211.65 |
|
Domain |
- |
|
ISP |
Oracle Corporation |
|
Country |
Brazil |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-06 |
Last seen in Akamai Guardicore Segmentation |
2022-04-20 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 generated outgoing network traffic to: 103.227.6.28:80, 103.227.6.28:8080, 104.146.208.24:80, 104.146.208.24:8080, 104.21.25.86:443, 105.130.74.10:80, 105.130.74.10:8080, 11.87.248.133:80, 11.87.248.133:8080, 110.42.236.48:1234, 111.172.78.175:80, 111.172.78.175:8080, 114.20.186.154:80, 114.20.186.154:8080, 117.142.1.66:22, 123.35.168.250:80, 123.35.168.250:8080, 124.99.30.90:80, 124.99.30.90:8080, 136.234.203.190:80, 136.234.203.190:8080, 137.248.106.244:80, 137.248.106.244:8080, 143.151.187.190:80, 143.151.187.190:8080, 144.22.211.65:1234, 145.29.181.70:80, 145.29.181.70:8080, 148.191.166.198:2222, 153.133.64.29:80, 153.133.64.29:8080, 158.119.6.79:80, 158.119.6.79:8080, 161.156.119.216:22, 168.233.43.195:80, 168.233.43.195:8080, 17.139.77.26:80, 17.139.77.26:8080, 170.67.184.23:80, 170.67.184.23:8080, 172.67.133.228:443, 18.243.166.24:22, 184.107.194.94:80, 184.107.194.94:8080, 19.111.38.206:80, 19.111.38.206:8080, 190.72.84.28:22, 199.44.247.16:22, 20.226.25.68:1234, 206.202.103.55:80, 206.202.103.55:8080, 207.178.79.16:80, 207.178.79.16:8080, 208.68.208.55:22, 21.50.160.168:80, 21.50.160.168:8080, 212.193.247.168:80, 212.193.247.168:8080, 247.245.54.58:80, 247.245.54.58:8080, 28.211.78.171:80, 28.211.78.171:8080, 29.25.168.60:80, 29.25.168.60:8080, 31.116.91.141:80, 31.116.91.141:8080, 31.19.237.170:1234, 32.249.212.186:2222, 33.192.248.47:80, 33.192.248.47:8080, 36.77.116.62:2222, 4.198.147.69:80, 4.198.147.69:8080, 51.75.146.174:443, 54.87.97.93:22, 6.191.58.149:2222, 61.60.21.165:22, 68.17.237.116:22, 82.181.226.88:80, 82.181.226.88:8080, 85.198.254.49:1234, 89.179.119.117:80, 89.179.119.117:8080, 92.42.106.82:1234, 97.66.20.145:80, 97.66.20.145:8080 and 98.35.32.145:1234 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8087 and 8185 |
Listening |
Process /dev/shm/apache2 attempted to access suspicious domains: kabel-deutschland.de and sileman.net.pl |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|