IP Address: 218.86.137.8Previously Malicious
IP Address: 218.86.137.8Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
aeza.network ertelecom.ru versatel.nl 16.40.237.73 35.53.189.115 45.142.122.215 50.94.2.23 57.54.17.249 81.70.58.68 82.173.4.191 101.196.29.188 103.60.137.111 107.194.36.223 109.194.35.103 110.147.67.185 119.37.149.217 120.236.74.234 124.203.107.132 143.125.159.127 150.158.136.116 158.163.86.251 161.70.98.32 200.98.155.10 220.203.207.105 240.204.168.168 |
IP Address |
218.86.137.8 |
|
Domain |
- |
|
ISP |
China Telecom |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2018-11-18 |
Last seen in Akamai Guardicore Segmentation |
2022-04-01 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 101.196.29.188:22, 104.21.25.86:443, 107.194.36.223:22, 109.194.35.103:2222, 109.21.22.190:80, 109.21.22.190:8080, 109.61.217.28:80, 109.61.217.28:8080, 110.129.68.83:80, 110.129.68.83:8080, 110.147.67.185:2222, 116.161.235.18:80, 116.161.235.18:8080, 117.74.182.75:80, 117.74.182.75:8080, 119.37.149.217:22, 120.236.74.234:1234, 124.203.107.132:2222, 125.218.246.62:80, 125.218.246.62:8080, 139.209.222.134:1234, 142.92.58.82:80, 142.92.58.82:8080, 143.125.159.127:2222, 149.161.48.204:80, 149.161.48.204:8080, 150.158.136.116:1234, 151.199.1.183:80, 151.199.1.183:8080, 158.163.86.251:22, 16.40.237.73:22, 161.70.98.32:1234, 164.74.179.184:80, 164.74.179.184:8080, 165.128.147.212:80, 165.128.147.212:8080, 172.67.133.228:443, 184.196.178.208:80, 184.196.178.208:8080, 189.19.97.69:80, 189.19.97.69:8080, 200.98.155.10:2222, 21.229.72.17:80, 21.229.72.17:8080, 214.181.206.44:80, 214.181.206.44:8080, 215.124.178.78:80, 215.124.178.78:8080, 218.212.37.186:80, 218.212.37.186:8080, 220.203.207.105:2222, 24.98.93.87:80, 24.98.93.87:8080, 240.204.168.168:2222, 242.40.195.9:80, 242.40.195.9:8080, 243.99.129.149:80, 243.99.129.149:8080, 244.229.183.153:80, 244.229.183.153:8080, 245.179.123.223:80, 245.179.123.223:8080, 245.248.244.16:80, 245.248.244.16:8080, 246.71.10.135:80, 246.71.10.135:8080, 33.1.253.215:80, 33.1.253.215:8080, 35.53.189.115:2222, 45.142.122.215:1234, 49.216.45.101:80, 49.216.45.101:8080, 5.26.122.24:80, 5.26.122.24:8080, 50.94.2.23:2222, 51.75.146.174:443, 57.54.17.249:22, 58.81.145.126:80, 58.81.145.126:8080, 79.195.187.228:80, 79.195.187.228:8080, 81.70.58.68:1234, 82.173.4.191:1234, 88.206.171.154:80, 88.206.171.154:8080, 96.56.194.201:80, 96.56.194.201:8080, 99.62.213.29:80 and 99.62.213.29:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8081 and 8189 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: aeza.network, bigpond.net.au, jlccptt.net.cn, sbcglobal.net, uolcloud.com.br and versatel.nl |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|