IP Address: 144.22.158.72Previously Malicious
IP Address: 144.22.158.72Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan SFTP 2 Shell Commands Download File SSH Successful SSH Login Download and Execute Access Suspicious Domain Outgoing Connection Listening Download and Allow Execution |
Associated Attack Servers |
23.128.64.141 34.117.59.81 49.12.234.183 52.21.227.162 52.72.57.193 54.91.59.199 157.7.208.157 162.159.128.233 |
IP Address |
144.22.158.72 |
|
Domain |
- |
|
ISP |
Oracle Corporation |
|
Country |
Brazil |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-12 |
Last seen in Akamai Guardicore Segmentation |
2022-04-14 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ************* - Authentication policy: White List |
Successful SSH Login |
./.13139744672923632/sshd was downloaded |
Download File |
The file /root/.13139744672923632/sshd was downloaded and executed 17 times |
Download and Execute |
Process /root/.13139744672923632/sshd generated outgoing network traffic to: 103.63.18.192:22, 105.202.26.97:22, 107.246.215.235:22, 108.67.204.172:22, 111.237.227.81:22, 114.28.243.44:22, 115.212.39.190:22, 116.104.193.168:22, 128.145.126.159:22, 129.175.155.222:22, 133.185.51.31:22, 133.75.124.176:22, 134.154.81.201:22, 135.100.105.31:22, 142.248.107.146:22, 142.7.24.146:22, 144.142.217.169:22, 15.71.166.136:22, 150.218.1.122:22, 152.96.189.236:22, 153.10.105.147:22, 153.88.77.248:22, 156.2.153.152:22, 157.7.208.157:80, 158.5.107.239:22, 159.40.74.67:22, 159.87.122.142:22, 162.159.128.233:443, 164.201.51.207:22, 169.52.178.94:22, 170.247.90.193:22, 170.43.222.177:22, 170.98.115.15:22, 171.110.142.159:22, 177.19.229.51:22, 178.97.119.173:22, 179.73.183.166:22, 180.175.29.235:22, 183.245.142.208:22, 184.181.178.78:22, 186.235.124.66:22, 188.133.123.7:22, 19.5.220.115:22, 19.89.63.241:22, 191.243.87.222:22, 192.236.197.145:22, 194.49.202.103:22, 202.182.18.160:22, 206.28.9.60:22, 209.224.252.137:22, 216.165.180.228:22, 216.55.200.18:22, 222.249.130.46:22, 23.128.64.141:443, 23.145.121.3:22, 23.168.22.16:22, 24.90.144.219:22, 26.241.4.5:22, 27.252.87.225:22, 29.71.192.58:22, 3.102.14.40:22, 3.235.139.47:22, 32.134.143.63:22, 34.117.59.81:80, 34.161.109.187:22, 35.176.173.29:22, 37.102.130.190:22, 38.141.72.111:22, 38.41.238.190:22, 4.132.71.26:22, 41.58.56.149:22, 41.82.2.232:22, 48.106.251.233:22, 49.103.138.212:22, 49.12.234.183:443, 49.27.64.7:22, 5.234.53.158:22, 52.21.227.162:80, 52.59.5.101:22, 52.72.57.193:443, 53.89.79.222:22, 54.242.169.175:22, 54.91.59.199:443, 57.43.250.60:22, 60.62.218.191:22, 60.79.132.46:22, 68.57.226.34:22, 7.18.217.76:22, 71.165.5.182:22, 71.51.87.91:22, 73.182.38.16:22, 82.174.49.40:22, 86.148.212.97:22, 90.176.145.40:22, 91.161.104.60:22, 92.142.212.157:22, 94.31.139.68:22, 95.160.243.59:22, 97.167.176.7:22 and 98.219.6.113:22 |
Outgoing Connection |
Process /root/.13139744672923632/sshd attempted to access suspicious domains: googleusercontent.com, ident.me and myvps.jp |
Access Suspicious Domain Outgoing Connection |
Process /root/.13139744672923632/sshd scanned port 22 on 92 IP Addresses |
Port 22 Scan |
Process /root/.13139744672923632/sshd started listening on ports: 22 |
Listening |
Connection was closed due to timeout |
|
/root/.13139744672923632/sshd |
SHA256: 190a6e964fa744c44e4aa1a68e34aee0c7fc813654e914f530682e039b436d46 |
30316760 bytes |