IP Address: 193.163.203.3Previously Malicious
IP Address: 193.163.203.3Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
2.201.92.98 49.233.159.222 53.132.20.195 69.39.77.3 81.70.78.238 98.86.150.2 102.221.104.166 111.26.161.204 117.54.14.169 167.46.50.251 167.99.63.88 167.120.12.206 185.105.108.171 211.162.184.120 244.230.214.234 |
IP Address |
193.163.203.3 |
|
Domain |
- |
|
ISP |
TDC Danmark |
|
Country |
Denmark |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-07 |
Last seen in Akamai Guardicore Segmentation |
2022-04-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 102.221.104.166:22, 11.71.5.113:80, 11.71.5.113:8080, 111.26.161.204:1234, 113.164.160.11:80, 113.164.160.11:8080, 117.54.14.169:1234, 118.86.206.217:80, 118.86.206.217:8080, 129.55.2.111:80, 129.55.2.111:8080, 139.5.228.119:80, 139.5.228.119:8080, 142.251.32.4:443, 143.24.194.192:80, 143.24.194.192:8080, 155.6.169.2:80, 155.6.169.2:8080, 166.186.207.67:80, 166.186.207.67:8080, 167.120.12.206:22, 167.46.50.251:22, 167.99.63.88:1234, 167.99.63.88:2222, 172.67.133.228:443, 180.41.68.220:80, 180.41.68.220:8080, 183.68.41.114:80, 183.68.41.114:8080, 185.105.108.171:1234, 193.193.149.78:80, 193.193.149.78:8080, 2.201.92.98:22, 20.90.245.247:80, 20.90.245.247:8080, 205.113.188.211:80, 205.113.188.211:8080, 205.86.180.20:80, 205.86.180.20:8080, 209.51.104.40:80, 209.51.104.40:8080, 211.162.184.120:1234, 221.199.219.192:80, 221.199.219.192:8080, 240.66.73.142:80, 240.66.73.142:8080, 243.244.194.195:80, 243.244.194.195:8080, 244.230.214.234:2222, 250.24.31.46:80, 250.24.31.46:8080, 37.230.27.35:80, 37.230.27.35:8080, 38.152.213.49:80, 38.152.213.49:8080, 4.243.179.239:80, 4.243.179.239:8080, 4.82.78.199:80, 4.82.78.199:8080, 44.16.114.220:80, 44.16.114.220:8080, 49.233.159.222:1234, 51.75.146.174:443, 52.24.143.59:80, 52.24.143.59:8080, 53.132.20.195:22, 67.142.61.81:80, 67.142.61.81:8080, 69.39.77.3:80, 69.39.77.3:8080, 69.39.77.3:8090, 7.2.33.252:80, 7.2.33.252:8080, 8.8.4.4:443, 8.8.8.8:443, 81.70.78.238:1234, 86.46.72.51:80, 86.46.72.51:8080, 87.26.217.181:80, 87.26.217.181:8080, 89.140.39.114:80, 89.140.39.114:8080, 98.41.160.136:80, 98.41.160.136:8080 and 98.86.150.2:22 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8087 and 8187 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: Majordomo.ru, ccclients.com and vodafone-ip.de |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|