IP Address: 173.212.208.146Previously Malicious
IP Address: 173.212.208.146Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 22 Scan SFTP Service Creation Download File SSH Successful SSH Login Download and Execute Access Suspicious Domain 1 Shell Commands Outgoing Connection Listening |
|
Associated Attack Servers |
bsconect.com.br ertelecom.ru shadwell.com.pa 15.228.148.72 23.21.27.48 52.187.42.57 61.63.121.34 62.210.130.171 64.31.35.102 65.0.154.17 81.222.221.226 85.214.90.124 95.78.141.242 103.60.137.111 119.45.1.175 128.8.238.76 138.185.197.214 162.243.169.175 167.71.160.75 190.14.220.3 194.32.78.170 198.58.124.100 200.24.152.166 212.58.82.70 |
|
IP Address |
173.212.208.146 |
|
|
Domain |
- |
|
|
ISP |
Contabo GmbH |
|
|
Country |
Germany |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-04-04 |
|
Last seen in Akamai Guardicore Segmentation |
2022-04-20 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
./.5214759929627120102/sshd was downloaded |
Download File |
|
The file /root/.5214759929627120102/sshd was downloaded and executed 28 times |
Download and Execute |
|
Process /root/.5214759929627120102/sshd generated outgoing network traffic to: 1.252.224.156:22, 100.230.124.6:22, 102.4.170.77:22, 103.79.219.234:22, 105.51.150.54:22, 106.1.61.227:22, 11.27.106.211:22, 111.19.201.31:22, 113.179.42.46:22, 114.45.40.60:22, 118.110.77.107:22, 119.45.1.175:1919, 122.163.234.210:22, 123.128.218.102:22, 128.8.238.76:1919, 135.166.133.188:22, 136.35.122.144:22, 138.185.197.214:1919, 141.100.12.216:22, 141.193.25.24:22, 147.161.8.56:22, 148.35.69.158:22, 148.63.213.53:22, 15.228.148.72:1919, 153.98.143.190:22, 154.148.89.113:22, 155.202.240.194:22, 159.37.19.101:22, 16.21.97.103:22, 160.75.177.211:22, 168.76.203.148:22, 169.118.79.31:22, 170.200.211.154:22, 172.140.68.161:22, 173.212.208.146:1919, 174.216.83.188:22, 177.78.158.207:22, 178.232.35.147:22, 179.87.103.153:22, 18.248.118.157:22, 183.108.99.109:22, 184.118.139.34:22, 186.148.252.83:22, 192.115.163.118:22, 194.88.227.111:22, 197.52.164.185:22, 198.170.214.128:22, 198.186.106.202:22, 2.152.161.91:22, 2.32.56.133:22, 201.67.96.69:22, 203.71.54.99:22, 206.81.41.115:22, 209.143.70.3:22, 209.32.207.151:22, 210.70.38.134:22, 212.21.207.153:22, 212.58.82.70:1919, 213.108.187.146:22, 213.205.70.235:22, 213.8.24.36:22, 214.131.206.170:22, 215.80.175.76:22, 218.61.169.151:22, 219.55.95.12:22, 222.62.147.30:22, 223.243.114.246:22, 23.142.246.159:22, 23.26.35.109:22, 3.45.215.121:22, 31.210.241.109:22, 33.132.111.197:22, 37.31.173.220:22, 38.110.82.253:22, 38.168.211.231:22, 40.127.116.27:22, 43.202.20.250:22, 45.241.172.111:22, 45.7.128.174:22, 46.115.248.215:22, 51.65.166.196:22, 57.13.22.177:22, 6.100.214.4:22, 61.63.121.34:1919, 62.210.130.171:1919, 63.67.63.226:22, 64.97.220.5:22, 66.3.133.182:22, 7.19.14.83:22, 70.104.162.68:22, 70.46.89.122:22, 73.111.122.213:22, 73.95.66.103:22, 75.82.162.198:22, 80.209.31.202:22, 81.222.221.226:1919, 83.99.170.227:22, 91.115.107.31:22, 92.247.39.42:22 and 99.0.12.147:22 |
Outgoing Connection |
|
Process /root/.5214759929627120102/sshd attempted to access suspicious domains: bsconect.com.br, peperstock.com, private-mail666.tk and tbcnet.net.tw |
Access Suspicious Domain Outgoing Connection |
|
Process /root/.5214759929627120102/sshd scanned port 22 on 91 IP Addresses |
Port 22 Scan |
|
Process /root/.5214759929627120102/sshd started listening on ports: 1919 and 22 |
Listening |
|
Service systemd-worker was created |
Service Creation |
|
Connection was closed due to timeout |
|
|
/root/.2032687141960750504/xinetd |
SHA256: b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0 |
30171136 bytes |
© 2023 Akamai Technologies