IP Address: 1.116.183.243Previously Malicious
IP Address: 1.116.183.243Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
|
Associated Attack Servers |
40.205.19.101 52.53.125.53 57.64.70.139 71.52.131.195 81.70.147.119 81.157.132.23 92.181.17.60 107.182.190.58 111.55.153.94 118.223.205.150 130.104.172.90 134.209.32.120 152.136.145.180 152.136.255.57 155.253.151.170 173.93.175.164 180.166.165.212 188.161.163.41 194.108.58.48 195.227.230.83 206.96.26.185 217.167.113.174 221.222.190.150 |
|
IP Address |
1.116.183.243 |
|
|
Domain |
- |
|
|
ISP |
Tencent cloud computing |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-04-14 |
|
Last seen in Akamai Guardicore Segmentation |
2022-04-18 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
Process /dev/shm/ifconfig generated outgoing network traffic to: 104.21.25.86:443, 111.55.153.94:22, 112.172.196.67:80, 112.172.196.67:8080, 118.223.205.150:22, 121.123.40.215:80, 121.123.40.215:8080, 13.113.125.222:80, 13.113.125.222:8080, 130.104.172.90:22, 134.209.32.120:1234, 139.101.227.205:80, 139.101.227.205:8080, 144.231.235.9:80, 144.231.235.9:8080, 15.99.21.15:80, 15.99.21.15:8080, 152.136.145.180:1234, 152.136.255.57:1234, 152.37.180.216:80, 152.37.180.216:8080, 154.221.161.203:80, 154.221.161.203:8080, 155.253.151.170:2222, 156.229.73.231:80, 156.229.73.231:8080, 162.48.118.25:80, 162.48.118.25:8080, 163.26.19.213:80, 163.26.19.213:8080, 172.67.133.228:443, 173.93.175.164:22, 180.166.165.212:1234, 188.161.163.41:2222, 190.16.134.247:80, 190.16.134.247:8080, 194.108.58.48:2222, 195.227.230.83:2222, 204.146.194.94:80, 204.146.194.94:8080, 206.96.26.185:22, 217.167.113.174:22, 217.66.218.148:80, 217.66.218.148:8080, 221.222.190.150:2222, 23.27.209.231:80, 23.27.209.231:8080, 244.148.82.70:80, 244.148.82.70:8080, 32.97.191.120:80, 32.97.191.120:8080, 34.179.179.235:80, 34.179.179.235:8080, 35.101.100.238:80, 35.101.100.238:8080, 39.139.233.132:80, 39.139.233.132:8080, 40.205.19.101:2222, 40.78.133.136:80, 40.78.133.136:8080, 45.138.142.47:80, 45.138.142.47:8080, 46.146.29.120:80, 46.146.29.120:8080, 51.75.146.174:443, 52.53.125.53:1234, 57.64.70.139:2222, 66.116.13.134:80, 66.116.13.134:8080, 68.5.14.146:80, 68.5.14.146:8080, 7.33.93.97:80, 7.33.93.97:8080, 71.52.131.195:22, 73.59.223.10:80, 73.59.223.10:8080, 81.157.132.23:2222, 81.70.147.119:1234, 83.5.98.191:80, 83.5.98.191:8080, 85.102.248.57:80, 85.102.248.57:8080, 89.151.214.48:80, 89.151.214.48:8080, 91.15.65.176:80, 91.15.65.176:8080, 92.181.17.60:22, 99.58.231.209:80 and 99.58.231.209:8080 |
Outgoing Connection |
|
Process /dev/shm/ifconfig started listening on ports: 1234, 8081 and 8181 |
Listening |
|
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig attempted to access suspicious domains: btcentralplus.com, embarqhsd.net and lilly.com |
Access Suspicious Domain Outgoing Connection |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies