IP Address: 115.254.63.51Previously Malicious
IP Address: 115.254.63.51Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
115.254.63.51 |
|
Domain |
- |
|
ISP |
Reliance Communications |
|
Country |
India |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2019-03-29 |
Last seen in Akamai Guardicore Segmentation |
2022-04-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 100.33.150.105:80, 100.33.150.105:8080, 104.21.25.86:443, 106.88.240.99:80, 106.88.240.99:8080, 115.254.63.51:1234, 12.36.221.184:22, 124.183.57.159:80, 124.183.57.159:8080, 136.57.66.218:80, 136.57.66.218:8080, 14.39.14.56:80, 14.39.14.56:8080, 140.103.145.226:80, 140.103.145.226:8080, 140.26.5.27:22, 147.119.70.166:22, 153.33.25.19:80, 153.33.25.19:8080, 155.238.153.126:80, 155.238.153.126:8080, 158.223.38.145:22, 160.91.117.220:80, 160.91.117.220:8080, 163.205.217.182:80, 163.205.217.182:8080, 172.67.133.228:443, 176.163.86.84:2222, 185.216.25.36:1234, 187.183.21.9:2222, 19.8.107.96:2222, 190.138.240.233:1234, 197.31.120.164:80, 197.31.120.164:8080, 199.46.6.133:80, 199.46.6.133:8080, 200.33.24.226:80, 200.33.24.226:8080, 200.77.129.18:80, 200.77.129.18:8080, 205.154.103.224:22, 208.185.77.217:80, 208.185.77.217:8080, 218.146.15.97:1234, 250.208.60.114:2222, 29.235.122.93:80, 29.235.122.93:8080, 31.127.172.84:80, 31.127.172.84:8080, 34.160.125.164:22, 38.212.140.109:80, 38.212.140.109:8080, 40.134.90.143:80, 40.134.90.143:8080, 41.119.71.97:80, 41.119.71.97:8080, 49.143.175.242:80, 49.143.175.242:8080, 5.221.89.230:80, 5.221.89.230:8080, 51.170.215.235:80, 51.170.215.235:8080, 51.75.146.174:443, 60.110.246.97:80, 60.110.246.97:8080, 64.227.132.175:1234, 66.78.184.19:80, 66.78.184.19:8080, 66.90.110.58:1234, 7.83.30.80:80, 7.83.30.80:8080, 70.199.44.56:22, 77.187.81.158:80, 77.187.81.158:8080, 77.229.20.229:80, 77.229.20.229:8080, 77.229.213.163:80, 77.229.213.163:8080, 8.128.71.45:22, 81.15.2.223:2222, 81.17.99.237:80, 81.17.99.237:8080, 87.233.120.228:80, 87.233.120.228:8080, 88.116.97.135:80, 88.116.97.135:8080 and 90.143.135.53:22 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8087 and 8180 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: bbox.fr and virtua.com.br |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|