IP Address: 73.30.225.193Previously Malicious
IP Address: 73.30.225.193Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan Port 80 Scan Superuser Operation Outgoing Connection Successful SSH Login Download and Execute Port 8080 Scan SSH System File Modification SCP Download File 4 Shell Commands Listening |
Associated Attack Servers |
IP Address |
73.30.225.193 |
|
Domain |
- |
|
ISP |
Comcast Cable |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-06-08 |
Last seen in Akamai Guardicore Segmentation |
2022-07-15 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
System file /etc/ifconfig was modified 9 times |
System File Modification |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
System file /etc/apache2 was modified 4 times |
System File Modification |
The file /etc/apache2 was downloaded and executed 122 times |
Download and Execute |
Process /etc/apache2 scanned port 1234 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /usr/sbin/sshd scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /etc/apache2 generated outgoing network traffic to: 100.39.248.218:80, 100.39.248.218:8080, 101.88.246.166:80, 103.105.12.48:1234, 104.21.25.86:443, 111.53.11.130:1234, 117.54.14.169:1234, 120.224.34.31:1234, 120.236.79.182:1234, 123.81.74.200:80, 123.81.74.200:8080, 136.239.167.69:80, 145.75.73.244:80, 145.75.73.244:8080, 146.207.83.61:80, 146.207.83.61:8080, 154.69.93.57:80, 154.69.93.57:8080, 172.67.133.228:443, 173.18.35.41:1234, 177.66.193.230:80, 177.66.193.230:8080, 18.147.125.223:80, 18.147.125.223:8080, 182.28.34.25:80, 182.28.34.25:8080, 183.175.220.230:80, 183.175.220.230:8080, 183.70.178.99:80, 183.70.178.99:8080, 184.83.112.246:1234, 185.210.144.122:1234, 185.69.223.155:80, 185.69.223.155:8080, 187.188.206.67:80, 187.188.206.67:8080, 188.252.86.222:80, 188.252.86.222:8080, 190.12.120.30:1234, 190.60.239.44:1234, 199.247.126.50:80, 199.247.126.50:8080, 206.189.25.255:1234, 206.90.55.117:80, 206.90.55.117:8080, 209.216.177.158:1234, 210.9.246.81:80, 210.9.246.81:8080, 211.162.184.120:1234, 212.57.36.20:1234, 215.59.225.120:80, 215.59.225.120:8080, 215.69.158.72:80, 215.69.158.72:8080, 215.85.42.82:80, 215.85.42.82:8080, 218.146.15.97:1234, 223.171.91.149:1234, 223.171.91.160:1234, 223.171.91.191:1234, 31.19.237.170:1234, 36.74.215.119:80, 36.74.215.119:8080, 44.232.154.206:80, 44.232.154.206:8080, 47.47.131.105:80, 47.47.131.105:8080, 5.209.156.182:80, 5.209.156.182:8080, 51.75.146.174:443, 52.131.32.110:1234, 6.14.192.103:80, 6.14.192.103:8080, 61.77.105.219:1234, 61.84.162.66:1234, 64.40.85.32:80, 64.40.85.32:8080, 7.138.126.24:80, 7.138.126.24:8080, 73.66.200.112:80, 73.66.200.112:8080, 75.146.177.140:80, 75.146.177.140:8080, 78.25.159.14:80, 78.25.159.14:8080, 85.105.82.39:1234, 87.84.199.84:80, 93.176.229.145:1234 and 94.153.165.43:1234 |
Outgoing Connection |
Process /etc/apache2 started listening on ports: 1234, 8087 and 8182 |
Listening |
Process /etc/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to user inactivity |
|