IP Address: 182.112.254.243Previously Malicious
IP Address: 182.112.254.243Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
Associated Attack Servers |
cable.net.co openmobile.ne.jp sparkbb.co.nz 12.87.83.126 36.82.99.139 49.113.233.60 59.211.159.180 59.228.192.67 67.30.28.101 78.135.243.56 100.2.131.143 114.132.230.151 124.223.63.43 126.237.59.43 136.48.33.12 142.168.107.184 147.79.241.75 149.166.191.234 172.6.4.26 186.250.45.150 190.159.132.61 191.242.188.103 200.179.56.228 210.86.92.188 213.255.16.156 252.44.115.104 |
IP Address |
182.112.254.243 |
|
Domain |
- |
|
ISP |
China Unicom Liaoning |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
Last seen in Akamai Guardicore Segmentation |
2022-03-25 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 104.21.25.86:443, 114.132.230.151:1234, 119.88.197.73:80, 119.88.197.73:8080, 12.87.83.126:2222, 123.107.253.131:80, 123.107.253.131:8080, 124.223.63.43:1234, 126.237.59.43:2222, 13.53.50.88:80, 13.53.50.88:8080, 136.48.33.12:22, 141.103.178.6:80, 141.103.178.6:8080, 142.168.107.184:22, 147.79.241.75:22, 149.110.71.79:80, 149.110.71.79:8080, 149.166.191.234:22, 150.107.95.20:1234, 152.32.47.192:80, 152.32.47.192:8080, 172.6.4.26:1234, 172.67.133.228:443, 173.227.14.216:80, 173.227.14.216:8080, 186.250.45.150:1234, 187.214.3.62:80, 187.214.3.62:8080, 189.224.86.164:80, 189.224.86.164:8080, 190.159.132.61:22, 190.96.208.5:80, 190.96.208.5:8080, 191.242.188.103:1234, 193.105.11.217:80, 193.105.11.217:8080, 200.179.56.228:2222, 210.205.7.60:80, 210.205.7.60:8080, 210.86.92.188:2222, 213.255.16.156:1234, 214.168.95.145:80, 214.168.95.145:8080, 214.220.89.108:80, 214.220.89.108:8080, 241.104.172.119:80, 241.104.172.119:8080, 248.216.116.39:80, 248.216.116.39:8080, 252.44.115.104:2222, 27.193.237.241:80, 27.193.237.241:8080, 32.174.123.150:80, 32.174.123.150:8080, 32.79.57.174:80, 32.79.57.174:8080, 36.115.30.146:80, 36.115.30.146:8080, 4.105.148.20:80, 4.105.148.20:8080, 44.174.180.40:80, 44.174.180.40:8080, 48.34.45.196:80, 48.34.45.196:8080, 49.113.233.60:2222, 51.75.146.174:443, 52.150.147.128:80, 52.150.147.128:8080, 58.65.82.250:80, 58.65.82.250:8080, 59.102.1.43:80, 59.102.1.43:8080, 59.211.159.180:22, 59.228.192.67:22, 62.30.230.230:80, 62.30.230.230:8080, 67.30.28.101:22, 7.206.223.213:80, 7.206.223.213:8080, 78.135.243.56:2222, 82.224.142.130:80, 82.224.142.130:8080, 89.54.251.204:80, 89.54.251.204:8080, 92.31.103.32:80, 92.31.103.32:8080, 96.120.207.211:80 and 96.120.207.211:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig attempted to access suspicious domains: cable.net.co, conecttelecom.com.br, infinito.it, openmobile.ne.jp, sbcglobal.net and sparkbb.co.nz |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8088 and 8184 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|