Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 178.128.106.155Previously Malicious

IP Address: 178.128.106.155Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Scanner

Services Targeted

SSH

Tags

SSH Log Tampering Successful SSH Login Download Operation 3 Shell Commands Outgoing Connection

Associated Attack Servers

-

Basic Information

IP Address

178.128.106.155

Domain

-

ISP

Digital Ocean

Country

Singapore

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2020-05-01

Last seen in Akamai Guardicore Segmentation

2020-05-22

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / ******** - Authentication policy: White List

Successful SSH Login

A user logged in using SSH with the following credentials: root / ******** - Authentication policy: Correct Password

Successful SSH Login

A user logged in using SSH with the following credentials: root / ******** - Authentication policy: Correct Password

Successful SSH Login

A possibly malicious Download Operation was detected 6 times

Download Operation

History File Tampering detected from /usr/sbin/sshd 2 times

Log Tampering

Process /usr/bin/wget generated outgoing network traffic to: 165.22.191.183:80 2 times

Outgoing Connection

History File Tampering detected from /bin/bash

Log Tampering

Process /bin/bash generated outgoing network traffic to: 165.22.191.183:80

Outgoing Connection

History File Tampering detected from /bin/rm on the following logs: /root/.bash_history

Log Tampering

Connection was closed due to user inactivity