IP Address: 73.222.113.186Previously Malicious
IP Address: 73.222.113.186Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
28.51.226.235 42.231.29.38 43.87.177.199 47.93.228.251 64.142.88.143 79.79.154.242 99.150.26.120 101.80.224.17 103.141.181.51 110.40.169.154 125.180.66.204 140.87.148.44 143.219.14.184 147.129.193.169 186.250.45.150 193.123.106.215 201.2.212.227 212.57.36.20 216.147.171.213 241.198.237.96 247.17.46.207 247.38.161.32 |
IP Address |
73.222.113.186 |
|
Domain |
- |
|
ISP |
Comcast Cable |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-03 |
Last seen in Akamai Guardicore Segmentation |
2022-04-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.44.87.3:80, 1.44.87.3:8080, 101.80.224.17:1234, 103.141.181.51:22, 104.21.25.86:443, 11.250.131.10:80, 11.250.131.10:8080, 110.40.169.154:1234, 118.214.170.84:80, 118.214.170.84:8080, 12.40.15.206:80, 12.40.15.206:8080, 123.19.169.152:80, 123.19.169.152:8080, 125.180.66.204:2222, 130.29.7.247:80, 130.29.7.247:8080, 136.23.248.147:80, 136.23.248.147:8080, 140.87.148.44:22, 143.219.14.184:22, 147.129.193.169:22, 151.228.31.225:80, 151.228.31.225:8080, 16.238.182.225:80, 16.238.182.225:8080, 161.73.154.110:80, 161.73.154.110:8080, 163.220.10.98:80, 163.220.10.98:8080, 171.212.218.185:80, 171.212.218.185:8080, 172.67.133.228:443, 180.44.240.38:80, 180.44.240.38:8080, 183.250.81.11:80, 183.250.81.11:8080, 186.250.45.150:1234, 193.123.106.215:1234, 197.240.251.80:80, 197.240.251.80:8080, 201.2.212.227:2222, 202.36.250.209:80, 202.36.250.209:8080, 204.246.25.123:80, 204.246.25.123:8080, 205.155.217.39:80, 205.155.217.39:8080, 209.116.175.99:80, 209.116.175.99:8080, 21.85.124.238:80, 21.85.124.238:8080, 212.57.36.20:1234, 216.147.171.213:2222, 219.25.152.114:80, 219.25.152.114:8080, 22.23.25.191:80, 22.23.25.191:8080, 241.198.237.96:2222, 247.17.46.207:2222, 247.38.161.32:22, 248.137.245.19:80, 248.137.245.19:8080, 28.51.226.235:22, 31.38.162.13:80, 31.38.162.13:8080, 32.42.202.67:80, 32.42.202.67:8080, 34.138.206.43:80, 34.138.206.43:8080, 37.122.18.85:80, 37.122.18.85:8080, 39.92.89.152:80, 39.92.89.152:8080, 42.231.29.38:1234, 43.87.177.199:22, 47.93.228.251:1234, 50.4.39.89:80, 50.4.39.89:8080, 51.75.146.174:443, 64.142.88.143:2222, 77.87.209.108:80, 77.87.209.108:8080, 79.79.154.242:2222, 83.208.232.205:80, 83.208.232.205:8080, 93.103.13.230:80, 93.103.13.230:8080 and 99.150.26.120:22 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8082 and 8189 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: adsl and brasiltelecom.net.br |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|