IP Address: 44.242.135.172Previously Malicious
IP Address: 44.242.135.172Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Download File SSH Superuser Operation Successful SSH Login Download and Execute SCP Download and Allow Execution |
Associated Attack Servers |
20.141.185.205 70.216.117.138 78.189.25.224 101.42.223.157 111.7.82.200 112.114.56.154 113.83.49.174 122.134.83.245 139.237.76.13 140.208.223.225 143.244.138.59 161.252.54.181 182.137.178.189 193.148.102.21 210.101.83.129 220.81.63.153 221.219.79.53 242.96.248.137 244.62.42.46 |
IP Address |
44.242.135.172 |
|
Domain |
- |
|
ISP |
University of California, San Diego |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-16 |
Last seen in Akamai Guardicore Segmentation |
2022-04-18 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 3 times |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 201 times |
Download and Execute |
Process /tmp/apache2 generated outgoing network traffic to: 1.205.207.16:80, 1.205.207.16:8080, 103.120.223.29:1234, 104.21.25.86:443, 109.144.45.77:80, 109.144.45.77:8080, 112.165.253.41:2222, 117.16.44.111:1234, 117.54.14.169:1234, 119.60.182.20:80, 119.60.182.20:8080, 119.91.157.192:1234, 12.115.2.244:80, 12.115.2.244:8080, 132.226.241.121:1234, 135.135.231.73:2222, 139.148.27.150:1234, 147.248.207.176:80, 147.248.207.176:8080, 149.173.86.89:80, 149.173.86.89:8080, 155.190.224.71:80, 155.190.224.71:8080, 157.152.196.141:80, 157.152.196.141:8080, 169.212.20.76:80, 169.212.20.76:8080, 172.67.133.228:443, 177.38.140.231:2222, 18.252.203.135:80, 18.252.203.135:8080, 182.236.49.42:80, 182.236.49.42:8080, 19.179.237.103:2222, 190.159.251.193:80, 190.159.251.193:8080, 194.243.91.51:2222, 201.84.248.79:80, 201.84.248.79:8080, 210.170.5.174:80, 210.170.5.174:8080, 213.58.242.34:22, 217.134.156.144:80, 217.134.156.144:8080, 22.217.253.173:80, 22.217.253.173:8080, 221.164.27.32:2222, 240.128.240.58:80, 240.128.240.58:8080, 251.121.114.93:80, 251.121.114.93:8080, 28.228.147.191:80, 28.228.147.191:8080, 29.31.161.140:80, 29.31.161.140:8080, 33.43.135.181:80, 33.43.135.181:8080, 37.15.179.115:80, 37.15.179.115:8080, 38.33.202.69:80, 38.33.202.69:8080, 51.75.146.174:443, 53.252.57.79:22, 55.12.31.238:2222, 6.80.230.237:80, 6.80.230.237:8080, 60.175.232.16:80, 60.175.232.16:8080, 60.98.45.173:80, 60.98.45.173:8080, 63.222.20.15:80, 63.222.20.15:8080, 68.164.134.132:80, 68.164.134.132:8080, 68.233.145.109:2222, 69.159.52.51:22, 71.86.78.24:80, 71.86.78.24:8080, 80.193.81.178:80, 80.193.81.178:8080, 83.175.134.213:80, 83.175.134.213:8080, 85.9.212.243:22, 88.42.216.195:22, 91.247.167.245:2222, 95.209.210.70:22, 96.152.90.108:80, 96.152.90.108:8080 and 99.208.73.86:2222 |
Outgoing Connection |
Process /tmp/apache2 started listening on ports: 1234, 8082 and 8186 |
Listening |
Process /tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 80 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 8080 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 2222 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 attempted to access suspicious domains: oister.dk |
Access Suspicious Domain Outgoing Connection |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 25 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 21 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 3 times |
Download and Execute |
Connection was closed due to timeout |
|