IP Address: 1.164.228.234Previously Malicious
IP Address: 1.164.228.234Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 2222 Scan Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
Associated Attack Servers |
35.25.115.3 55.10.4.84 103.111.211.61 119.91.152.17 138.20.229.74 138.81.9.185 143.244.138.59 185.8.56.123 202.90.131.38 202.90.131.39 213.255.16.156 253.12.137.165 |
IP Address |
1.164.228.234 |
|
Domain |
- |
|
ISP |
HiNet |
|
Country |
Taiwan, Province of China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-14 |
Last seen in Akamai Guardicore Segmentation |
2022-04-17 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 103.111.211.61:1234, 104.21.25.86:443, 106.237.44.172:80, 106.237.44.172:8080, 11.234.152.242:2222, 115.7.161.154:80, 115.7.161.154:8080, 119.91.152.17:1234, 12.234.211.149:80, 12.234.211.149:8080, 131.35.124.168:80, 131.35.124.168:8080, 132.105.119.150:80, 132.105.119.150:8080, 138.20.229.74:22, 138.81.9.185:22, 139.84.40.76:80, 139.84.40.76:8080, 143.244.138.59:1234, 155.95.172.206:80, 155.95.172.206:8080, 158.138.67.238:80, 158.138.67.238:8080, 16.241.165.27:80, 16.241.165.27:8080, 16.43.195.56:80, 16.43.195.56:8080, 169.43.215.8:80, 169.43.215.8:8080, 172.67.133.228:443, 173.220.80.157:80, 173.220.80.157:8080, 183.10.55.236:80, 183.10.55.236:8080, 185.8.56.123:1234, 186.91.223.243:80, 186.91.223.243:8080, 188.116.115.50:80, 188.116.115.50:8080, 194.138.230.240:80, 194.138.230.240:8080, 202.90.131.38:1234, 202.90.131.39:1234, 213.255.16.156:1234, 216.100.30.57:80, 216.100.30.57:8080, 219.207.5.228:80, 219.207.5.228:8080, 243.211.135.118:2222, 253.12.137.165:22, 253.165.242.39:80, 253.165.242.39:8080, 253.8.168.189:80, 253.8.168.189:8080, 3.81.113.210:80, 3.81.113.210:8080, 35.25.115.3:22, 36.181.57.73:80, 36.181.57.73:8080, 37.117.33.123:80, 37.117.33.123:8080, 38.160.194.159:2222, 38.201.210.235:2222, 38.49.77.184:80, 38.49.77.184:8080, 41.23.33.128:2222, 41.28.180.207:2222, 47.31.11.62:80, 47.31.11.62:8080, 51.75.146.174:443, 55.10.4.84:22, 57.28.248.172:80, 57.28.248.172:8080, 58.104.31.214:2222, 58.162.101.126:80, 58.162.101.126:8080, 61.180.170.214:2222, 61.65.224.194:80, 61.65.224.194:8080, 70.93.89.159:80, 70.93.89.159:8080, 74.95.150.146:80, 74.95.150.146:8080, 8.206.125.16:2222, 8.71.150.81:2222, 83.66.81.5:80, 83.66.81.5:8080, 90.203.209.147:80 and 90.203.209.147:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8084 and 8183 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: eudc.cloud and infinito.it |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|