IP Address: 106.75.109.253Previously Malicious
IP Address: 106.75.109.253Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
106.75.109.253 |
|
Domain |
- |
|
ISP |
Shanghai UCloud Information Technology Company Lim |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
Last seen in Akamai Guardicore Segmentation |
2022-05-13 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 14 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 14 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 14 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 101.69.135.110:1234, 104.21.25.86:443, 106.75.109.253:1234, 110.186.146.130:22, 115.227.100.233:22, 12.135.94.207:80, 12.135.94.207:8080, 123.132.238.210:1234, 123.173.174.191:80, 123.173.174.191:8080, 124.223.5.118:1234, 126.78.237.205:80, 126.78.237.205:8080, 13.253.59.149:80, 13.253.59.149:8080, 131.43.136.191:80, 131.43.136.191:8080, 139.209.38.21:80, 139.209.38.21:8080, 140.97.250.22:80, 140.97.250.22:8080, 142.124.94.222:80, 142.124.94.222:8080, 144.217.5.204:1234, 148.124.61.158:80, 148.124.61.158:8080, 149.89.208.13:80, 149.89.208.13:8080, 151.204.184.60:80, 151.204.184.60:8080, 16.176.119.159:22, 161.222.233.201:80, 161.222.233.201:8080, 165.66.86.176:22, 167.4.23.136:22, 172.67.133.228:443, 18.241.178.228:80, 18.241.178.228:8080, 184.169.37.223:80, 184.169.37.223:8080, 184.170.2.247:80, 184.170.2.247:8080, 184.84.185.50:80, 184.84.185.50:8080, 185.210.144.122:1234, 185.220.238.36:80, 185.220.238.36:8080, 190.104.162.189:22, 190.144.140.91:2222, 190.203.27.215:80, 190.203.27.215:8080, 197.186.252.115:2222, 202.90.131.39:1234, 218.194.117.17:22, 240.219.125.245:22, 242.72.225.113:80, 242.72.225.113:8080, 243.14.170.44:22, 245.170.21.213:22, 247.144.214.8:80, 247.144.214.8:8080, 252.70.147.153:80, 252.70.147.153:8080, 26.118.219.126:22, 26.216.116.3:80, 26.216.116.3:8080, 41.9.69.6:80, 41.9.69.6:8080, 42.226.86.208:80, 42.226.86.208:8080, 45.178.214.108:80, 45.178.214.108:8080, 47.195.130.105:80, 47.195.130.105:8080, 49.4.240.60:80, 49.4.240.60:8080, 5.123.176.83:80, 5.123.176.83:8080, 5.183.167.113:80, 5.183.167.113:8080, 51.116.159.143:80, 51.116.159.143:8080, 51.75.146.174:443, 6.240.222.77:80, 6.240.222.77:8080, 63.228.52.68:80, 63.228.52.68:8080, 64.65.63.107:22 and 66.175.154.238:22 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8088 and 8180 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: airtel.co.tz, az1am5.shop and srasia-great.com |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|