Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 176.59.57.226Previously Malicious

IP Address: 176.59.57.226Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Scanner

Services Targeted

SSH

Tags

Download Operation SSH 2 Shell Commands Package Install Outgoing Connection Successful SSH Login Access Suspicious Domain DNS Query

Associated Attack Servers

awsglobalaccelerator.com

99.83.154.118 185.125.190.39

Basic Information

IP Address

176.59.57.226

Domain

-

ISP

T2 Mobile LLC

Country

Russian Federation

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2022-09-22

Last seen in Akamai Guardicore Segmentation

2022-09-22

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List

Successful SSH Login

A possibly malicious Package Install was detected

Download Operation Package Install

A possibly malicious Download Operation was detected

Download Operation Package Install

A possibly malicious Package Install was detected

Download Operation Package Install

A possibly malicious Download Operation was detected

Download Operation Package Install

Process /usr/lib/apt/methods/http attempted to access domains: _http._tcp.security.ubuntu.com and security.ubuntu.com

DNS Query

Process /usr/lib/apt/methods/http attempted to access domains: _http._tcp.archive.ubuntu.com and archive.ubuntu.com

DNS Query

Process /usr/lib/apt/methods/http generated outgoing network traffic to: 185.125.190.39:80 2 times

Outgoing Connection

Process /usr/bin/wget attempted to access suspicious domains: awsglobalaccelerator.com and repo.ark-event.net

DNS Query Access Suspicious Domain Outgoing Connection

Process /usr/bin/wget generated outgoing network traffic to: 99.83.154.118:80

Outgoing Connection

Connection was closed due to timeout