IP Address: 159.223.83.78Previously Malicious
IP Address: 159.223.83.78Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
SSH Superuser Operation Successful SSH Login Download and Execute Download and Allow Execution |
Associated Attack Servers |
14.247.172.227 20.141.185.205 42.193.193.33 64.239.189.210 88.81.100.162 101.42.101.141 103.111.211.61 112.222.14.56 122.144.252.156 129.152.6.35 129.154.192.207 194.53.108.16 196.209.198.178 213.215.88.157 |
IP Address |
159.223.83.78 |
|
Domain |
- |
|
ISP |
Celanese International Corporation |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-23 |
Last seen in Akamai Guardicore Segmentation |
2022-04-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 2 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 215 times |
Download and Execute |
Process /root/apache2 scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 22 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 generated outgoing network traffic to: 1.1.1.1:443, 1.73.44.33:22, 102.244.81.79:22, 105.164.37.197:80, 105.164.37.197:8080, 105.74.116.2:2222, 108.213.214.218:22, 110.41.73.159:80, 110.41.73.159:8080, 111.53.11.133:1234, 122.151.123.95:80, 122.151.123.95:8080, 124.237.184.97:80, 124.237.184.97:8080, 133.43.222.18:80, 133.43.222.18:8080, 135.72.183.245:22, 139.231.57.236:80, 139.231.57.236:8080, 141.147.52.70:1234, 146.112.234.152:22, 15.77.138.87:22, 156.2.152.63:80, 156.2.152.63:8080, 162.148.247.208:80, 162.148.247.208:8080, 176.167.92.95:80, 176.167.92.95:8080, 176.58.124.207:22, 18.193.250.223:80, 18.193.250.223:8080, 193.194.91.211:1234, 194.237.38.32:80, 194.237.38.32:8080, 2.164.15.218:2222, 20.232.23.215:2222, 20.58.184.140:1234, 202.90.131.38:1234, 208.144.232.105:22, 208.168.186.134:80, 208.168.186.134:8080, 209.66.170.137:2222, 211.173.55.202:80, 211.173.55.202:8080, 219.43.185.2:2222, 24.124.153.196:80, 24.124.153.196:8080, 241.136.235.86:80, 241.136.235.86:8080, 241.214.243.237:22, 253.108.49.181:80, 253.108.49.181:8080, 30.69.200.70:80, 30.69.200.70:8080, 32.251.54.126:80, 32.251.54.126:8080, 4.108.186.213:2222, 43.131.110.43:80, 43.131.110.43:8080, 44.240.173.15:80, 44.240.173.15:8080, 45.120.216.114:1234, 46.237.84.117:80, 46.237.84.117:8080, 59.47.10.154:80, 59.47.10.154:8080, 62.12.106.5:1234, 62.231.244.130:80, 62.231.244.130:8080, 63.10.75.121:80, 63.10.75.121:8080, 64.97.152.38:80, 64.97.152.38:8080, 7.226.241.199:80, 7.226.241.199:8080, 72.164.197.36:2222, 73.57.112.27:2222, 75.242.187.64:80, 75.242.187.64:8080, 81.241.94.67:80, 81.241.94.67:8080, 86.231.100.26:80, 86.231.100.26:8080, 9.176.200.53:80, 9.176.200.53:8080, 91.213.150.121:80, 91.213.150.121:8080, 94.28.143.52:80 and 94.28.143.52:8080 |
Outgoing Connection |
Process /root/apache2 started listening on ports: 1234, 8081 and 8184 |
Listening |
Process /root/apache2 scanned port 80 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 attempted to access suspicious domains: bbtec.net and qwest.net |
Access Suspicious Domain Outgoing Connection |
The file /root/php-fpm was downloaded and executed 41 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 44 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 7 times |
Download and Execute |
Connection was closed due to timeout |
|