IP Address: 73.59.46.2Previously Malicious
IP Address: 73.59.46.2Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Successful SSH Login SSH Download and Execute Download and Allow Execution Superuser Operation |
Associated Attack Servers |
1.15.13.216 1.81.224.211 17.19.183.187 20.213.160.64 31.75.205.26 47.112.205.162 59.3.186.45 80.147.162.151 87.201.6.14 104.211.12.69 117.54.14.169 126.229.47.103 154.246.139.23 178.196.205.161 183.27.91.199 194.8.208.154 249.137.17.57 |
IP Address |
73.59.46.2 |
|
Domain |
- |
|
ISP |
Comcast Cable |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-01 |
Last seen in Akamai Guardicore Segmentation |
2022-06-09 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /var/tmp/apache2 was downloaded and executed 185 times |
Download and Execute |
Process /var/tmp/apache2 scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /var/tmp/apache2 generated outgoing network traffic to: 103.152.118.20:1234, 104.21.25.86:443, 11.105.235.204:80, 11.105.235.204:8080, 110.237.92.144:80, 110.237.92.144:8080, 117.80.212.33:1234, 120.236.78.194:1234, 120.31.133.162:1234, 124.115.231.214:1234, 125.103.84.220:80, 125.103.84.220:8080, 139.209.222.134:1234, 142.36.185.242:80, 142.36.185.242:8080, 144.56.83.172:80, 144.56.83.172:8080, 156.121.79.169:80, 156.121.79.169:8080, 159.16.38.18:80, 161.107.113.34:1234, 170.85.219.36:80, 170.85.219.36:8080, 172.67.133.228:443, 175.43.235.30:80, 175.43.235.30:8080, 177.32.142.89:80, 177.32.142.89:8080, 18.89.228.201:80, 18.89.228.201:8080, 184.83.112.246:1234, 190.12.120.30:1234, 191.242.182.210:1234, 191.242.188.103:1234, 20.141.185.205:1234, 206.189.25.255:1234, 209.135.202.81:80, 209.135.202.81:8080, 211.162.184.120:1234, 212.246.42.62:80, 212.246.42.62:8080, 212.57.36.20:1234, 220.157.28.54:80, 220.157.28.54:8080, 220.243.148.80:1234, 222.165.136.99:1234, 223.171.91.127:1234, 223.171.91.160:1234, 242.164.201.251:80, 242.164.201.251:8080, 243.247.168.13:80, 243.247.168.13:8080, 245.151.98.1:80, 245.151.98.1:8080, 246.222.176.4:80, 246.222.176.4:8080, 246.31.105.41:80, 246.31.105.41:8080, 246.33.241.136:80, 246.33.241.136:8080, 250.244.206.43:80, 31.165.197.147:80, 31.165.197.147:8080, 31.19.237.170:1234, 42.58.150.32:80, 42.58.150.32:8080, 43.253.143.71:80, 43.253.143.71:8080, 49.112.94.96:80, 49.112.94.96:8080, 49.233.159.222:1234, 51.75.146.174:443, 54.143.219.161:80, 54.143.219.161:8080, 82.149.112.170:1234, 83.191.225.147:80, 83.191.225.147:8080, 84.204.148.99:1234, 84.41.75.99:80, 84.41.75.99:8080, 87.162.173.219:80, 87.162.173.219:8080, 90.132.249.184:80, 90.132.249.184:8080, 94.153.165.43:1234, 96.244.43.37:80, 96.244.43.37:8080, 98.125.242.55:80 and 98.125.242.55:8080 |
Outgoing Connection |
Process /var/tmp/apache2 started listening on ports: 1234, 8083 and 8185 |
Listening |
Process /var/tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /usr/local/mysql/bin/mysqld started listening on ports: 3306 |
Listening |
Connection was closed due to timeout |
|