IP Address: 111.235.248.70Previously Malicious
IP Address: 111.235.248.70Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SCP |
|
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
|
Associated Attack Servers |
6.247.73.6 16.39.107.119 18.212.180.57 26.184.28.33 28.81.37.197 43.142.25.149 50.189.174.170 58.33.13.154 79.253.158.237 82.253.40.24 99.55.49.90 101.42.101.141 101.43.184.100 103.193.223.185 104.46.36.244 106.55.188.60 117.50.3.175 143.37.191.145 151.200.92.16 163.168.135.147 177.199.182.152 184.76.194.248 190.82.135.54 209.15.125.55 |
|
IP Address |
111.235.248.70 |
|
|
Domain |
- |
|
|
ISP |
Taiwan Intelligent Fiber Optic Network Co.,Ltd. |
|
|
Country |
Taiwan, Province of China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-04-23 |
|
Last seen in Akamai Guardicore Segmentation |
2022-04-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
/dev/shm/ifconfig was downloaded |
Download File |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 101.42.101.141:1234, 101.43.184.100:1234, 103.193.223.185:22, 106.55.188.60:1234, 108.152.150.47:80, 108.152.150.47:8080, 117.50.3.175:1234, 121.42.158.163:80, 121.42.158.163:8080, 134.161.31.7:80, 134.161.31.7:8080, 138.209.49.173:80, 138.209.49.173:8080, 143.37.191.145:2222, 146.123.37.203:80, 146.123.37.203:8080, 15.119.6.131:1234, 151.200.92.16:22, 152.235.17.206:80, 152.235.17.206:8080, 157.244.78.5:80, 157.244.78.5:8080, 16.39.107.119:22, 162.140.208.8:80, 162.140.208.8:8080, 162.178.67.53:80, 162.178.67.53:8080, 163.168.135.147:2222, 176.50.28.201:80, 176.50.28.201:8080, 177.15.44.251:80, 177.15.44.251:8080, 177.199.182.152:2222, 177.37.102.199:80, 177.37.102.199:8080, 18.212.180.57:1234, 184.76.194.248:2222, 190.82.135.54:2222, 195.230.91.226:80, 195.230.91.226:8080, 195.56.55.153:80, 195.56.55.153:8080, 208.188.34.106:80, 208.188.34.106:8080, 209.15.125.55:22, 211.113.30.11:80, 211.113.30.11:8080, 213.150.167.115:80, 213.150.167.115:8080, 248.137.68.67:80, 248.137.68.67:8080, 250.99.52.212:80, 250.99.52.212:8080, 26.184.28.33:2222, 28.81.37.197:22, 43.142.25.149:2222, 43.214.195.147:80, 43.214.195.147:8080, 44.14.227.196:80, 44.14.227.196:8080, 50.189.174.170:22, 58.125.227.209:80, 58.125.227.209:8080, 58.33.13.154:1234, 59.53.96.19:80, 59.53.96.19:8080, 6.247.73.6:22, 61.142.103.245:80, 61.142.103.245:8080, 61.81.147.146:80, 61.81.147.146:8080, 63.64.51.35:80, 63.64.51.35:8080, 65.203.168.107:80, 65.203.168.107:8080, 69.236.154.94:80, 69.236.154.94:8080, 77.48.19.238:80, 77.48.19.238:8080, 79.253.158.237:2222, 80.125.200.69:80, 80.125.200.69:8080, 82.253.40.24:22, 87.248.126.173:80, 87.248.126.173:8080, 90.54.216.215:80, 90.54.216.215:8080 and 99.55.49.90:2222 |
Outgoing Connection |
|
Process /dev/shm/ifconfig started listening on ports: 1234, 8084 and 8181 |
Listening |
|
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig attempted to access suspicious domains: proxad.net, t-ipconnect.de and vivozap.com.br |
Access Suspicious Domain Outgoing Connection |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies