IP Address: 213.255.16.156Previously Malicious
IP Address: 213.255.16.156Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
213.255.16.156 |
|
Domain |
- |
|
ISP |
BT Italia S.p.A. |
|
Country |
Italy |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-02-25 |
Last seen in Akamai Guardicore Segmentation |
2022-10-30 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 101.173.11.38:80, 101.173.11.38:8080, 102.224.152.145:80, 102.224.152.145:8080, 103.77.94.5:80, 103.77.94.5:8080, 104.21.25.86:443, 104.248.36.230:1234, 105.14.24.30:80, 105.14.24.30:8080, 110.140.205.195:80, 110.140.205.195:8080, 118.129.175.103:80, 118.129.175.103:8080, 122.14.222.124:1234, 126.37.76.178:22, 13.50.20.132:2222, 135.181.104.81:1234, 141.147.52.70:1234, 143.152.42.246:80, 143.152.42.246:8080, 144.36.17.160:22, 15.189.130.209:80, 15.189.130.209:8080, 150.88.209.155:22, 157.21.87.8:80, 157.21.87.8:8080, 157.216.124.145:2222, 160.229.45.97:80, 160.229.45.97:8080, 163.105.225.247:80, 163.105.225.247:8080, 168.157.4.11:80, 168.157.4.11:8080, 171.173.69.201:80, 171.173.69.201:8080, 172.67.133.228:443, 175.210.233.86:22, 18.185.238.249:2222, 180.125.127.69:80, 180.125.127.69:8080, 181.242.38.37:80, 181.242.38.37:8080, 183.142.84.96:22, 185.54.3.90:80, 185.54.3.90:8080, 190.67.144.216:80, 190.67.144.216:8080, 201.32.118.184:80, 201.32.118.184:8080, 202.191.169.76:22, 213.255.16.156:1234, 220.243.148.8:1234, 240.104.245.98:80, 240.104.245.98:8080, 243.238.225.214:80, 243.238.225.214:8080, 246.98.232.213:80, 246.98.232.213:8080, 249.174.51.249:2222, 25.167.92.141:80, 25.167.92.141:8080, 250.140.49.10:22, 3.138.191.51:80, 3.138.191.51:8080, 40.175.205.148:80, 40.175.205.148:8080, 40.33.225.180:80, 40.33.225.180:8080, 47.21.38.88:22, 48.158.131.116:80, 48.158.131.116:8080, 5.68.102.153:80, 5.68.102.153:8080, 51.75.146.174:443, 52.150.92.14:80, 52.150.92.14:8080, 57.253.57.193:80, 57.253.57.193:8080, 7.87.223.50:2222, 74.24.56.9:80, 74.24.56.9:8080, 77.140.12.32:80, 77.140.12.32:8080, 81.70.92.205:1234, 83.91.128.197:2222, 88.174.244.194:22, 92.77.118.28:80 and 92.77.118.28:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8080 and 8184 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: infinito.it |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|