IP Address: 193.141.62.226Previously Malicious
IP Address: 193.141.62.226Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
|
Associated Attack Servers |
22-clientes-izzi.mx 60.in-addr.arpa telecel.com.py 8.60.155.66 52.54.195.158 60.10.103.148 66.228.28.19 71.96.17.87 98.35.32.145 103.141.246.254 114.132.242.231 120.6.6.63 120.53.123.221 124.25.10.175 147.103.60.219 156.52.109.143 157.126.237.76 166.52.46.103 181.127.186.12 182.180.71.90 182.241.85.40 195.162.180.82 201.173.143.22 212.229.74.247 243.92.249.220 |
|
IP Address |
193.141.62.226 |
|
|
Domain |
- |
|
|
ISP |
KPN |
|
|
Country |
Germany |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
|
Last seen in Akamai Guardicore Segmentation |
2022-03-28 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
Process /dev/shm/apache2 generated outgoing network traffic to: 102.73.40.158:80, 102.73.40.158:8080, 103.131.210.227:80, 103.131.210.227:8080, 103.141.246.254:1234, 104.21.25.86:443, 109.226.181.184:80, 109.226.181.184:8080, 114.132.242.231:1234, 120.120.150.188:80, 120.120.150.188:8080, 120.53.123.221:1234, 120.6.6.63:22, 124.25.10.175:2222, 139.33.148.113:80, 139.33.148.113:8080, 147.103.60.219:2222, 156.137.157.54:80, 156.137.157.54:8080, 156.52.109.143:22, 157.126.237.76:22, 158.236.54.112:80, 158.236.54.112:8080, 163.78.221.89:80, 163.78.221.89:8080, 166.52.46.103:22, 172.237.220.140:80, 172.237.220.140:8080, 172.67.133.228:443, 179.62.86.130:80, 179.62.86.130:8080, 18.196.239.209:80, 18.196.239.209:8080, 180.240.194.46:80, 180.240.194.46:8080, 181.127.186.12:1234, 182.180.71.90:2222, 182.241.85.40:22, 185.25.21.27:80, 185.25.21.27:8080, 19.33.51.74:80, 19.33.51.74:8080, 190.165.57.248:80, 190.165.57.248:8080, 193.133.231.66:80, 193.133.231.66:8080, 195.162.180.82:1234, 201.173.143.22:2222, 202.102.223.9:80, 202.102.223.9:8080, 204.166.168.243:80, 204.166.168.243:8080, 212.229.74.247:2222, 214.74.184.172:80, 214.74.184.172:8080, 223.122.243.182:80, 223.122.243.182:8080, 243.92.249.220:22, 247.13.54.105:80, 247.13.54.105:8080, 3.82.133.84:80, 3.82.133.84:8080, 51.139.175.218:80, 51.139.175.218:8080, 51.75.146.174:443, 52.54.195.158:2222, 54.218.26.1:80, 54.218.26.1:8080, 55.41.37.195:80, 55.41.37.195:8080, 60.10.103.148:22, 60.244.225.44:80, 60.244.225.44:8080, 66.228.28.19:1234, 68.194.210.113:80, 68.194.210.113:8080, 71.96.17.87:22, 73.145.177.192:80, 73.145.177.192:8080, 73.148.72.225:80, 73.148.72.225:8080, 73.188.45.77:80, 73.188.45.77:8080, 75.134.100.247:80, 75.134.100.247:8080, 8.60.155.66:2222, 91.11.241.219:80, 91.11.241.219:8080 and 98.35.32.145:1234 |
Outgoing Connection |
|
Process /dev/shm/apache2 started listening on ports: 1234, 8084 and 8187 |
Listening |
|
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 attempted to access suspicious domains: 22-clientes-izzi.mx, 60.in-addr.arpa and telecel.com.py |
Access Suspicious Domain Outgoing Connection |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies