IP Address: 211.219.145.180Previously Malicious
IP Address: 211.219.145.180Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Successful SSH Login 3 Shell Commands Access Suspicious Domain Port 80 Scan Outgoing Connection Port 8080 Scan Superuser Operation Listening SSH |
Associated Attack Servers |
23.17.71.30 33.69.97.202 41.26.108.221 49.154.48.114 58.4.153.121 58.222.107.253 62.221.68.145 101.42.109.172 103.52.147.126 103.56.113.37 103.111.211.61 120.224.34.31 133.18.200.30 141.147.52.70 168.74.132.109 185.113.130.134 197.111.167.92 198.236.244.10 211.144.195.238 246.85.215.220 |
IP Address |
211.219.145.180 |
|
Domain |
- |
|
ISP |
Korea Telecom |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-18 |
Last seen in Akamai Guardicore Segmentation |
2022-04-20 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 101.42.109.172:1234, 103.111.211.61:1234, 103.52.147.126:1234, 103.56.113.37:1234, 104.21.25.86:443, 11.176.135.1:80, 11.176.135.1:8080, 110.236.104.244:80, 110.236.104.244:8080, 113.108.214.85:80, 113.108.214.85:8080, 120.224.34.31:1234, 123.99.94.119:80, 123.99.94.119:8080, 133.18.200.30:1234, 133.199.58.50:80, 133.199.58.50:8080, 14.148.170.111:80, 14.148.170.111:8080, 141.127.189.104:80, 141.127.189.104:8080, 141.147.52.70:1234, 142.250.191.196:443, 145.201.173.242:80, 145.201.173.242:8080, 154.238.84.106:80, 154.238.84.106:8080, 154.45.2.23:80, 154.45.2.23:8080, 163.245.182.85:80, 163.245.182.85:8080, 168.74.132.109:2222, 178.124.217.169:80, 178.124.217.169:8080, 179.165.241.209:80, 179.165.241.209:8080, 185.113.130.134:2222, 197.111.167.92:2222, 197.132.176.241:80, 197.132.176.241:8080, 198.236.244.10:2222, 211.144.195.238:22, 22.185.118.84:80, 22.185.118.84:8080, 23.17.71.30:22, 241.118.99.189:80, 241.118.99.189:8080, 246.85.215.220:22, 248.166.150.176:80, 248.166.150.176:8080, 251.37.141.31:80, 251.37.141.31:8080, 253.19.204.101:80, 253.19.204.101:8080, 31.31.232.144:80, 31.31.232.144:8080, 33.69.97.202:22, 41.26.108.221:22, 41.84.9.56:80, 41.84.9.56:8080, 49.154.48.114:22, 51.13.28.138:80, 51.13.28.138:8080, 51.75.146.174:443, 58.4.153.121:80, 58.4.153.121:8080, 58.4.153.121:8090, 62.221.68.145:2222, 63.125.222.207:80, 63.125.222.207:8080, 68.198.203.36:80, 68.198.203.36:8080, 78.154.38.126:80, 78.154.38.126:8080, 8.8.4.4:443, 8.8.8.8:443, 86.97.12.87:80, 86.97.12.87:8080, 87.245.125.248:80, 87.245.125.248:8080, 91.146.92.113:80, 91.146.92.113:8080, 93.3.220.221:80, 93.3.220.221:8080, 95.202.233.175:80, 95.202.233.175:8080, 99.89.27.131:80 and 99.89.27.131:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8082 and 8183 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: dsnet and kagoya.net |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|