IP Address: 73.134.75.208Previously Malicious
IP Address: 73.134.75.208Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
SSH SCP Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Download File |
Associated Attack Servers |
142.44.160.173 172.64.110.32 172.64.111.32 209.216.177.158 218.146.15.97 |
IP Address |
73.134.75.208 |
|
Domain |
- |
|
ISP |
Comcast Cable |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-08-14 |
Last seen in Akamai Guardicore Segmentation |
2022-09-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 11 times |
Successful SSH Login |
/tmp/ifconfig was downloaded 2 times |
Download File |
./ifconfig was downloaded 2 times |
Download File |
A possibly malicious Superuser Operation was detected 6 times |
Superuser Operation |
The file /var/tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /var/tmp/apache2 was downloaded and executed 20 times |
Download and Execute |
Process /var/tmp/apache2 scanned port 1234 on 19 IP Addresses |
Port 1234 Scan Port 80 Scan |
Process /var/tmp/apache2 scanned port 80 on 19 IP Addresses |
Port 1234 Scan Port 80 Scan |
Process /var/tmp/apache2 scanned port 1234 on 47 IP Addresses |
Port 1234 Scan Port 80 Scan |
Process /bin/bash scanned port 1234 on 19 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig scanned port 1234 on 19 IP Addresses |
Port 1234 Scan Port 80 Scan |
Process /root/ifconfig scanned port 80 on 19 IP Addresses |
Port 1234 Scan Port 80 Scan |
Process /root/ifconfig scanned port 1234 on 47 IP Addresses |
Port 1234 Scan Port 80 Scan |
Process /bin/bash scanned port 1234 on 19 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 19 IP Addresses |
Port 1234 Scan |
Process /var/tmp/apache2 generated outgoing network traffic to: 1.1.1.1:443, 105.122.37.253:80, 118.41.204.72:1234, 128.177.226.2:80, 135.192.212.171:80, 136.61.43.8:80, 140.76.230.13:80, 142.250.190.4:443, 147.182.233.56:1234, 147.182.233.56:2222, 161.107.113.34:1234, 162.206.6.55:80, 165.223.126.177:80, 168.220.217.116:80, 170.8.79.3:80, 171.217.104.233:80, 172.67.133.228:443, 174.23.230.128:80, 183.15.187.82:80, 184.162.240.33:80, 184.83.112.246:1234, 205.191.203.122:80, 207.103.29.53:80, 212.57.36.20:1234, 218.146.15.97:1234, 221.37.18.51:80, 23.89.72.79:80, 252.117.198.252:80, 3.109.95.237:80, 31.19.237.170:1234, 40.156.180.225:80, 42.179.57.171:80, 42.74.149.140:80, 45.49.189.195:80, 49.233.159.222:1234, 51.75.146.174:443, 52.184.106.2:80, 55.83.94.198:80, 62.87.153.182:80, 63.231.218.181:80, 64.48.221.240:80, 68.215.37.137:80, 8.8.8.8:443, 87.167.118.248:80, 89.21.30.110:80, 95.154.21.210:1234 and 96.16.186.55:80 |
Outgoing Connection |
Process /var/tmp/apache2 started listening on ports: 1234, 8082 and 8188 |
Listening |
Process /var/tmp/apache2 scanned port 80 on 47 IP Addresses |
Port 1234 Scan Port 80 Scan |
Process /root/ifconfig scanned port 80 on 47 IP Addresses |
Port 1234 Scan Port 80 Scan |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 104 times |
Download and Execute |
Process /root/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 102.80.66.236:80, 104.188.30.223:80, 104.21.25.86:443, 109.148.16.250:80, 120.31.133.162:1234, 126.79.94.201:80, 142.250.190.4:443, 143.220.83.92:80, 152.242.5.12:80, 186.183.67.28:80, 191.242.188.103:1234, 195.4.7.192:80, 206.226.157.162:80, 209.216.177.238:1234, 214.162.129.61:80, 218.187.114.198:80, 222.165.136.99:1234, 223.171.91.149:1234, 223.171.91.160:1234, 223.99.166.104:1234, 250.88.213.242:80, 34.17.219.191:80, 51.75.146.174:443, 58.41.146.138:80, 6.214.75.253:80, 8.8.4.4:443, 8.8.8.8:443 and 94.153.165.43:1234 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8087 and 8180 |
Listening |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|
/var/tmp/ifconfig |
SHA256: 0714ec5521ae6a3a058ad379f0e65f8d512eda05239e9e72223a79b456e4362f |
1933312 bytes |
/var/tmp/ifconfig |
SHA256: 1b40245f21f1cb845b7fdf2428315166a8b1d8d5e1e42cd290cd8e479ed61ad7 |
2129920 bytes |
/var/tmp/ifconfig |
SHA256: 2aacc3f6c14a2bd120ce9f7cab7af1f4d3e207bea33d56f02a14f75613a7930c |
786432 bytes |
/var/tmp/ifconfig |
SHA256: 376f8f665f43984bf5aa16524421600b638fc1a7b331e8ac78b60a387fcf8dbb |
2621440 bytes |
/var/tmp/ifconfig |
SHA256: 3b9707d2b3c510499a866fe655f57f05eba1eb55566b03979602e5b9d6616a05 |
655360 bytes |
/var/tmp/ifconfig |
SHA256: 60cc0b454c5174dc5ec389859f0890a7ac0733c005f894083585a4274b71de5b |
2719744 bytes |
/var/tmp/ifconfig |
SHA256: 861921d16b4f8870dda3d79aecaa828b713b8e41b29ec977aca10c236356144e |
1507328 bytes |
/root/ifconfig |
SHA256: 8a53c1d12942d21d2876a4b8d1eeed8a33a4a9d9f6d1ff3474980278e76a7cc9 |
1310720 bytes |