IP Address: 88.66.15.6Previously Malicious
IP Address: 88.66.15.6Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Port 2222 Scan Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
aeza.network Majordomo.ru uol.com.br 45.142.122.215 47.37.93.113 52.131.32.110 63.237.173.117 65.205.135.22 84.119.69.107 101.80.224.17 185.105.108.169 195.184.100.190 200.221.209.72 204.207.147.230 240.38.149.221 |
IP Address |
88.66.15.6 |
|
Domain |
- |
|
ISP |
Vodafone DSL |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-25 |
Last seen in Akamai Guardicore Segmentation |
2022-03-25 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 101.182.179.158:2222, 101.74.90.4:80, 101.74.90.4:8080, 101.80.224.17:1234, 104.21.25.86:443, 110.54.190.13:2222, 112.43.241.75:2222, 118.199.102.76:80, 118.199.102.76:8080, 124.154.41.104:80, 124.154.41.104:8080, 126.114.227.149:80, 126.114.227.149:8080, 129.178.77.180:80, 129.178.77.180:8080, 129.213.77.175:80, 129.213.77.175:8080, 129.247.61.92:80, 129.247.61.92:8080, 129.52.73.137:80, 129.52.73.137:8080, 130.214.108.28:2222, 136.191.195.129:80, 136.191.195.129:8080, 143.78.185.204:80, 143.78.185.204:8080, 145.89.214.80:2222, 146.106.203.237:80, 146.106.203.237:8080, 156.185.69.6:80, 156.185.69.6:8080, 163.112.126.93:80, 163.112.126.93:8080, 168.19.97.228:80, 168.19.97.228:8080, 172.67.133.228:443, 177.138.116.134:80, 177.138.116.134:8080, 18.78.228.127:80, 18.78.228.127:8080, 185.105.108.169:1234, 188.156.61.198:80, 188.156.61.198:8080, 195.184.100.190:22, 196.245.50.155:2222, 197.36.151.144:80, 197.36.151.144:8080, 200.221.209.72:22, 201.17.49.120:2222, 204.207.147.230:22, 209.157.55.155:80, 209.157.55.155:8080, 222.9.126.191:80, 222.9.126.191:8080, 23.96.48.138:2222, 240.38.149.221:22, 245.138.139.64:80, 245.138.139.64:8080, 245.3.217.80:80, 245.3.217.80:8080, 249.138.116.117:80, 249.138.116.117:8080, 250.31.177.210:80, 250.31.177.210:8080, 28.225.141.237:80, 28.225.141.237:8080, 30.66.59.224:2222, 33.14.57.61:80, 33.14.57.61:8080, 41.43.201.222:80, 41.43.201.222:8080, 45.142.122.215:1234, 47.37.93.113:22, 51.75.146.174:443, 52.131.32.110:1234, 61.184.140.3:80, 61.184.140.3:8080, 63.237.173.117:22, 65.205.135.22:1234, 78.73.146.28:80, 78.73.146.28:8080, 8.4.18.48:2222, 84.119.69.107:1234, 9.201.121.237:80, 9.201.121.237:8080, 97.51.129.134:80, 97.51.129.134:8080, 99.139.41.156:80 and 99.139.41.156:8080 |
Outgoing Connection |
Process /dev/shm/apache2 attempted to access suspicious domains: Majordomo.ru, aeza.network and vodafone-ip.de |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8081 and 8182 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|