IP Address: 73.144.18.16Previously Malicious
IP Address: 73.144.18.16Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan 10 Shell Commands SSH Download and Allow Execution Successful SSH Login Listening Port 2222 Scan Download and Execute Port 1234 Scan |
Associated Attack Servers |
13.92.247.241 18.162.120.237 18.162.200.166 18.228.44.254 31.15.241.181 47.91.87.67 50.233.209.202 52.175.252.75 68.84.68.139 73.254.114.94 98.14.171.84 100.0.197.18 103.127.80.9 113.15.114.151 114.217.179.49 122.51.48.52 161.139.68.245 172.105.92.28 217.10.240.62 218.146.128.93 218.151.35.193 |
IP Address |
73.144.18.16 |
|
Domain |
- |
|
ISP |
Comcast Cable |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-06-06 |
Last seen in Akamai Guardicore Segmentation |
2020-06-09 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
The file /usr/ifconfig was downloaded and executed 6 times |
Download and Execute |
Process /usr/nginx scanned port 1234 on 15 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /usr/nginx scanned port 22 on 15 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /usr/nginx scanned port 2222 on 15 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /usr/nginx scanned port 1234 on 42 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /usr/nginx scanned port 1234 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /bin/nc.openbsd scanned port 1234 on 15 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 15 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 15 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 15 IP Addresses |
Port 1234 Scan |
Process /usr/nginx scanned port 22 on 42 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /usr/nginx scanned port 2222 on 42 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /usr/nginx scanned port 22 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /usr/nginx was downloaded and executed 130 times |
Download and Execute |
Process /usr/nginx started listening on ports: 1234 |
Listening |
Process /usr/nginx generated outgoing network traffic to: 100.191.68.251:22, 106.241.175.73:22, 106.241.175.73:2222, 11.223.15.203:22, 11.223.15.203:2222, 113.15.114.151:1234, 114.217.179.49:1234, 115.57.41.167:22, 115.57.41.167:2222, 118.169.136.74:22, 118.169.136.74:2222, 120.73.196.101:2222, 121.156.203.3:1234, 124.252.76.186:22, 124.252.76.186:2222, 128.196.98.144:2222, 131.101.2.178:22, 131.101.2.178:2222, 134.189.25.139:22, 134.189.25.139:2222, 134.221.199.173:2222, 140.127.211.177:1234, 140.154.185.93:22, 140.154.185.93:2222, 145.14.157.171:1234, 146.61.6.83:22, 146.61.6.83:2222, 149.4.114.101:22, 149.4.114.101:2222, 156.149.109.175:2222, 161.60.91.149:2222, 169.253.252.249:22, 172.105.92.28:1234, 177.198.211.128:22, 18.162.200.166:1234, 184.218.29.180:22, 184.218.29.180:2222, 189.175.185.200:22, 19.103.187.53:22, 19.103.187.53:2222, 190.139.172.26:22, 195.137.242.61:22, 195.137.242.61:2222, 196.151.237.228:2222, 2.78.61.194:1234, 200.150.120.66:22, 200.150.120.66:2222, 202.173.153.43:22, 202.173.153.43:2222, 21.165.130.248:2222, 215.43.178.49:22, 215.43.178.49:2222, 218.248.250.217:2222, 218.93.239.44:1234, 220.47.97.58:22, 241.50.164.94:22, 241.50.164.94:2222, 244.41.30.27:22, 244.41.30.27:2222, 249.224.195.30:22, 249.224.195.30:2222, 252.197.94.28:22, 26.200.221.89:22, 29.159.170.86:22, 30.99.216.242:22, 32.194.53.229:22, 34.142.230.252:2222, 41.184.135.9:22, 41.184.135.9:2222, 43.93.88.2:22, 43.93.88.2:2222, 44.31.83.66:22, 45.249.92.58:1234, 47.225.71.147:22, 52.175.252.75:1234, 52.19.171.194:1234, 60.182.13.188:22, 60.182.13.188:2222, 62.12.148.75:22, 62.12.148.75:2222, 62.197.17.69:2222, 63.173.29.1:22, 69.231.91.225:22, 69.231.91.225:2222, 72.45.69.77:22, 72.45.69.77:2222, 74.243.165.195:22, 85.168.252.67:2222, 94.191.15.40:1234 and 98.11.227.224:22 |
|
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Process /usr/nginx scanned port 2222 on 36 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /usr/bin/free was downloaded and executed 2 times |
Download and Execute |
The file /usr/php-fpm was downloaded and executed 21 times |
Download and Execute |
The file /usr/php-fpm was downloaded and executed 35 times |
Download and Execute |
The file /usr/php-fpm was downloaded and executed 25 times |
Download and Execute |
The file /usr/php-fpm was downloaded and executed 6 times |
Download and Execute |
Connection was closed due to timeout |
|