IP Address: 173.82.48.50Malicious
IP Address: 173.82.48.50Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
173.82.48.50 |
|
Domain |
- |
|
ISP |
Multacom Corporation |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-01-30 |
Last seen in Akamai Guardicore Segmentation |
2023-06-16 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 13 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 13 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 13 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 1.3.70.83:22, 101.43.142.151:1234, 110.227.159.23:80, 110.227.159.23:8080, 112.225.18.14:80, 112.225.18.14:8080, 113.29.32.181:22, 120.211.227.11:1234, 124.223.5.118:1234, 133.110.43.56:80, 133.110.43.56:8080, 133.111.25.139:22, 135.64.84.224:2222, 146.98.122.124:22, 155.85.232.129:80, 155.85.232.129:8080, 158.100.200.226:80, 158.100.200.226:8080, 158.235.135.95:80, 158.235.135.95:8080, 168.221.10.160:80, 168.221.10.160:8080, 173.82.48.50:1234, 183.248.166.217:80, 183.248.166.217:8080, 186.233.211.98:22, 188.57.71.128:80, 188.57.71.128:8080, 192.205.206.58:22, 192.28.74.236:22, 193.190.216.49:2222, 199.34.22.110:1234, 199.87.93.230:80, 199.87.93.230:8080, 210.120.232.174:80, 210.120.232.174:8080, 211.10.89.64:22, 212.251.61.42:80, 212.251.61.42:8080, 212.57.36.20:1234, 218.163.100.176:80, 218.163.100.176:8080, 23.6.48.208:80, 23.6.48.208:8080, 24.197.227.230:2222, 241.206.188.35:22, 29.202.186.233:80, 29.202.186.233:8080, 31.43.3.195:80, 31.43.3.195:8080, 35.178.21.39:80, 35.178.21.39:8080, 36.222.11.99:80, 36.222.11.99:8080, 4.80.103.119:80, 4.80.103.119:8080, 41.231.127.5:1234, 44.87.202.1:80, 44.87.202.1:8080, 46.144.55.125:22, 49.183.174.158:80, 49.183.174.158:8080, 6.45.58.21:80, 6.45.58.21:8080, 62.33.217.183:80, 62.33.217.183:8080, 67.28.23.143:22, 69.75.100.146:80, 69.75.100.146:8080, 71.54.236.42:80, 71.54.236.42:8080, 72.137.240.216:80, 72.137.240.216:8080, 80.156.119.156:80, 80.156.119.156:8080, 81.157.60.185:80, 81.157.60.185:8080, 81.248.120.142:80, 81.248.120.142:8080, 9.231.34.122:80, 9.231.34.122:8080, 9.8.73.152:80, 9.8.73.152:8080, 92.17.124.45:22, 94.134.207.96:80 and 94.134.207.96:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8086 and 8188 |
Listening |
Process /dev/shm/ifconfig attempted to access suspicious domains: multacom.com |
Outgoing Connection Access Suspicious Domain |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|
/var/tmp/apache2 |
SHA256: 10aaadaf66ae0b4f687aa7239e1b0b6959973c5d0c973a7a34db0ac78f070078 |
2875664 bytes |