IP Address: 167.99.63.88Previously Malicious
IP Address: 167.99.63.88Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
167.99.63.88 |
|
Domain |
- |
|
ISP |
Digital Ocean |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-01-31 |
Last seen in Akamai Guardicore Segmentation |
2022-05-12 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 104.21.25.86:443, 108.205.242.203:80, 108.205.242.203:8080, 11.251.8.217:80, 11.251.8.217:8080, 113.11.154.112:80, 113.11.154.112:8080, 120.197.154.22:1234, 122.14.222.124:1234, 125.138.133.169:80, 125.138.133.169:8080, 126.235.47.184:2222, 130.238.28.226:80, 130.238.28.226:8080, 134.1.173.154:22, 143.249.106.22:80, 143.249.106.22:8080, 152.217.194.167:2222, 157.139.69.253:22, 158.110.10.26:22, 16.61.42.1:2222, 161.166.208.153:2222, 161.166.245.215:80, 161.166.245.215:8080, 162.202.40.92:2222, 167.99.63.88:1234, 172.67.133.228:443, 174.15.24.148:80, 174.15.24.148:8080, 174.182.59.174:80, 174.182.59.174:8080, 18.165.250.70:80, 18.165.250.70:8080, 182.237.116.37:80, 182.237.116.37:8080, 190.12.120.30:1234, 191.107.158.116:80, 191.107.158.116:8080, 195.55.37.245:80, 195.55.37.245:8080, 20.213.160.64:1234, 20.83.118.96:22, 213.236.67.247:22, 214.242.4.124:80, 214.242.4.124:8080, 215.44.168.165:80, 215.44.168.165:8080, 219.149.2.101:80, 219.149.2.101:8080, 244.80.92.173:80, 244.80.92.173:8080, 252.88.230.128:2222, 29.102.9.83:80, 29.102.9.83:8080, 3.37.185.186:2222, 31.14.80.152:22, 35.134.71.126:2222, 39.175.68.100:1234, 40.199.90.141:80, 40.199.90.141:8080, 42.220.248.40:2222, 50.58.124.246:80, 50.58.124.246:8080, 51.75.146.174:443, 58.35.110.37:80, 58.35.110.37:8080, 65.173.231.39:80, 65.173.231.39:8080, 69.191.153.24:80, 69.191.153.24:8080, 76.167.9.180:80, 76.167.9.180:8080, 77.83.168.136:80, 77.83.168.136:8080, 81.207.198.216:80, 81.207.198.216:8080, 81.48.50.164:2222, 82.169.223.147:80, 82.169.223.147:8080, 83.154.147.218:80, 83.154.147.218:8080, 89.170.210.136:80, 89.170.210.136:8080, 93.150.14.2:80, 93.150.14.2:8080, 95.5.251.190:80, 95.5.251.190:8080, 96.169.243.48:80 and 96.169.243.48:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8087 and 8182 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: cps.com.ar |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|