IP Address: 88.214.189.128Previously Malicious
IP Address: 88.214.189.128Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Superuser Operation Listening SCP 2 Shell Commands Download and Execute Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File |
Associated Attack Servers |
3.12.112.121 3.91.21.110 6.210.239.227 44.121.221.139 44.193.232.204 82.157.139.183 115.4.68.113 120.53.123.221 139.148.26.70 150.158.76.27 152.136.145.180 |
IP Address |
88.214.189.128 |
|
Domain |
- |
|
ISP |
MEO |
|
Country |
Portugal |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-01-01 |
Last seen in Akamai Guardicore Segmentation |
2022-11-20 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /root/apache2 scanned port 22 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/apache2 scanned port 2222 on 46 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/apache2 scanned port 22 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /root/apache2 was downloaded and executed 117 times |
Download and Execute |
Process /root/apache2 started listening on ports: 1234 and 8085 |
Listening |
Process /root/apache2 generated outgoing network traffic to: 103.239.21.10:2222, 104.218.12.161:2222, 105.108.178.160:2222, 105.66.48.115:22, 108.138.53.44:22, 111.174.101.164:22, 111.240.189.150:2222, 112.31.80.4:2222, 119.32.129.198:2222, 119.82.109.207:22, 120.73.88.139:22, 121.218.138.226:22, 129.120.81.202:22, 131.100.251.151:2222, 131.111.174.141:22, 134.204.183.101:2222, 134.229.56.250:2222, 136.202.13.34:22, 138.60.109.158:22, 140.219.213.159:22, 142.213.118.156:2222, 145.59.162.183:2222, 147.119.58.6:2222, 15.116.39.148:2222, 150.28.17.208:2222, 152.156.84.92:22, 152.156.84.92:2222, 158.200.234.132:2222, 16.52.99.203:22, 16.68.79.16:22, 16.95.211.215:2222, 160.116.8.189:2222, 161.128.46.4:2222, 161.209.100.137:22, 163.73.155.120:22, 164.61.155.109:2222, 164.75.217.180:2222, 166.67.8.39:22, 172.212.103.230:22, 177.25.196.170:2222, 178.71.77.233:2222, 18.121.56.63:22, 183.224.210.1:22, 184.76.25.60:22, 19.239.101.136:22, 198.166.190.132:22, 198.194.27.37:22, 199.234.184.169:2222, 199.234.6.197:22, 199.253.232.43:2222, 204.227.86.59:2222, 210.129.23.163:2222, 216.8.149.139:22, 219.200.34.65:22, 22.77.177.204:22, 222.220.213.184:22, 25.194.13.248:22, 253.26.23.119:2222, 26.155.129.211:22, 27.104.119.28:2222, 27.218.20.148:22, 33.105.52.21:22, 4.158.193.185:2222, 44.109.43.25:2222, 45.64.9.209:22, 5.212.78.234:22, 53.220.28.94:2222, 54.27.165.241:22, 54.62.21.35:2222, 56.141.26.108:22, 57.77.103.7:2222, 60.126.153.224:2222, 60.235.40.174:22, 60.235.40.174:2222, 66.115.79.219:2222, 7.72.61.150:2222, 70.151.20.45:22, 74.91.24.217:2222, 75.64.161.199:22, 77.53.95.49:2222, 79.235.133.59:22, 82.206.163.209:2222, 84.36.65.133:2222, 93.211.139.34:2222, 96.35.24.130:22, 96.96.208.51:2222, 97.199.165.186:22, 98.219.193.157:22 and 98.44.177.175:22 |
|
Process /root/apache2 scanned port 2222 on 44 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
Connection was closed due to timeout |
|