IP Address: 66.228.28.18Previously Malicious
IP Address: 66.228.28.18Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
66.228.28.18 |
|
Domain |
- |
|
ISP |
Gorge Networks |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-06 |
Last seen in Akamai Guardicore Segmentation |
2022-04-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
Process /tmp/apache2 scanned port 22 on 13 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 22 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 80 on 13 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 8080 on 13 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
The file /tmp/apache2 was downloaded and executed 183 times |
Download and Execute |
Process /tmp/apache2 generated outgoing network traffic to: 1.1.1.1:443, 101.43.150.232:1234, 104.21.25.86:443, 107.175.215.247:1234, 107.70.165.238:80, 107.70.165.238:8080, 107.92.30.15:80, 107.92.30.15:8080, 11.173.153.74:80, 11.173.153.74:8080, 120.197.154.22:1234, 126.107.184.218:22, 128.54.206.1:22, 13.44.8.222:80, 13.44.8.222:8080, 130.150.149.127:80, 130.150.149.127:8080, 130.204.212.9:22, 131.117.187.87:80, 131.117.187.87:8080, 139.209.222.134:1234, 142.250.190.4:443, 146.211.177.74:22, 147.117.140.106:80, 147.117.140.106:8080, 164.172.132.38:80, 164.172.132.38:8080, 165.19.152.28:80, 165.19.152.28:8080, 167.23.87.32:80, 167.23.87.32:8080, 178.41.80.165:80, 178.41.80.165:8080, 183.127.183.235:80, 183.127.183.235:8080, 187.217.144.250:22, 189.16.201.249:80, 189.16.201.249:8080, 190.215.222.2:80, 190.215.222.2:8080, 199.18.92.100:80, 199.18.92.100:8080, 199.65.184.57:80, 199.65.184.57:8080, 201.85.194.160:80, 201.85.194.160:8080, 21.79.13.230:80, 21.79.13.230:8080, 210.99.20.194:1234, 212.186.229.39:80, 212.186.229.39:8080, 222.67.63.13:80, 222.67.63.13:8080, 23.222.11.66:2222, 243.208.109.4:80, 243.208.109.4:8080, 250.159.39.127:80, 250.159.39.127:8080, 3.118.68.73:22, 32.3.211.143:80, 32.3.211.143:8080, 38.47.195.94:22, 42.14.149.129:80, 42.14.149.129:8080, 42.231.63.152:1234, 46.118.139.151:80, 46.118.139.151:8080, 47.175.249.156:22, 48.100.162.86:80, 48.100.162.86:8080, 51.75.146.174:443, 52.6.130.85:22, 58.2.120.60:80, 58.2.120.60:8080, 61.113.3.194:80, 61.113.3.194:8080, 61.248.193.97:80, 61.248.193.97:8080, 62.23.126.34:80, 62.23.126.34:8080, 65.147.12.138:80, 65.147.12.138:8080, 71.251.137.106:2222, 77.66.47.235:22, 79.204.115.115:22, 82.194.3.95:22, 86.107.187.239:1234, 89.41.168.62:80 and 89.41.168.62:8080 |
Outgoing Connection |
Process /tmp/apache2 started listening on ports: 1234, 8087 and 8186 |
Listening |
Process /tmp/apache2 scanned port 80 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 8080 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 attempted to access suspicious domains: adsl, jlccptt.net.cn and trined.nl |
Access Suspicious Domain Outgoing Connection |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 22 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 25 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 7 times |
Download and Execute |
Connection was closed due to timeout |
|