IP Address: 192.210.196.213Previously Malicious
IP Address: 192.210.196.213Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 3 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Connect Back Servers |
8.215.36.214 20.141.185.205 32.38.65.24 81.70.147.119 89.102.242.252 111.53.11.133 112.56.116.4 124.128.10.130 134.101.106.99 146.181.199.92 172.105.162.113 173.82.48.50 175.243.90.213 204.76.204.244 222.178.238.33 245.170.227.56 |
IP Address |
192.210.196.213 |
|
Domain |
- |
|
ISP |
ColoCrossing |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-23 |
Last seen in Akamai Guardicore Segmentation |
2022-04-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 103.105.12.48:1234, 104.21.25.86:443, 111.53.11.133:1234, 112.56.116.4:22, 113.133.138.160:80, 113.133.138.160:8080, 120.126.179.193:80, 120.126.179.193:8080, 124.128.10.130:2222, 134.101.106.99:2222, 135.246.151.12:80, 135.246.151.12:8080, 142.250.191.228:443, 146.181.199.92:22, 159.214.207.146:80, 159.214.207.146:8080, 161.149.194.228:80, 161.149.194.228:8080, 172.105.162.113:1234, 173.82.48.50:1234, 175.243.90.213:22, 176.20.191.198:80, 176.20.191.198:8080, 178.113.21.89:80, 178.113.21.89:8080, 184.125.169.62:80, 184.125.169.62:8080, 196.131.144.222:80, 196.131.144.222:8080, 2.70.218.45:80, 2.70.218.45:8080, 20.141.185.205:1234, 203.126.247.112:80, 203.126.247.112:8080, 204.76.204.244:22, 21.193.69.7:80, 21.193.69.7:8080, 21.20.223.41:80, 21.20.223.41:8080, 222.178.238.33:80, 222.178.238.33:8080, 222.178.238.33:8090, 241.201.131.251:80, 241.201.131.251:8080, 245.170.227.56:2222, 3.228.133.109:80, 3.228.133.109:8080, 30.169.209.22:80, 30.169.209.22:8080, 32.38.65.24:22, 36.112.121.66:80, 36.112.121.66:8080, 43.121.77.181:80, 43.121.77.181:8080, 46.2.15.58:80, 46.2.15.58:8080, 48.20.55.132:80, 48.20.55.132:8080, 51.110.165.168:80, 51.110.165.168:8080, 51.75.146.174:443, 57.136.219.175:80, 57.136.219.175:8080, 63.32.62.215:80, 63.32.62.215:8080, 70.219.129.217:80, 70.219.129.217:8080, 71.10.50.9:80, 71.10.50.9:8080, 71.237.25.83:80, 71.237.25.83:8080, 72.97.4.43:80, 72.97.4.43:8080, 8.177.208.60:80, 8.177.208.60:8080, 8.215.36.214:1234, 8.8.8.8:443, 81.70.147.119:1234, 85.232.128.152:80, 85.232.128.152:8080, 89.102.242.252:80, 89.102.242.252:8080, 89.102.242.252:8090, 90.168.52.180:80 and 90.168.52.180:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8086 and 8186 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: linodeusercontent.com, multacom.com and upcbroadband.cz |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|