IP Address: 103.3.247.113Previously Malicious
IP Address: 103.3.247.113Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
14.236.84.23 24.101.57.13 26.160.93.155 29.111.233.130 41.228.22.107 47.243.68.74 50.7.86.202 53.228.39.234 54.199.218.205 59.222.70.232 74.215.50.145 82.157.50.152 101.35.138.55 103.96.41.245 109.71.74.83 109.124.116.164 143.35.47.130 151.20.135.81 159.149.118.213 162.26.98.18 176.80.160.6 183.78.61.116 183.100.28.159 184.84.173.7 185.216.25.36 191.249.236.85 204.173.150.251 212.91.227.250 217.195.22.230 |
IP Address |
103.3.247.113 |
|
Domain |
- |
|
ISP |
New Vision Trading Co.,Ltd |
|
Country |
Viet Nam |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-03 |
Last seen in Akamai Guardicore Segmentation |
2022-04-04 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 101.35.138.55:1234, 104.21.25.86:443, 105.46.110.236:80, 105.46.110.236:8080, 109.71.74.83:22, 111.157.218.187:80, 111.157.218.187:8080, 116.64.3.222:80, 116.64.3.222:8080, 131.163.92.241:80, 131.163.92.241:8080, 131.80.79.156:80, 131.80.79.156:8080, 138.202.95.253:80, 138.202.95.253:8080, 142.250.191.228:443, 143.35.47.130:2222, 146.66.210.80:80, 146.66.210.80:8080, 155.196.233.165:80, 155.196.233.165:8080, 159.149.118.213:1234, 162.26.98.18:2222, 163.57.185.124:80, 163.57.185.124:8080, 169.209.71.110:80, 169.209.71.110:8080, 169.39.54.212:80, 169.39.54.212:8080, 171.4.150.42:80, 171.4.150.42:8080, 177.198.17.193:80, 177.198.17.193:8080, 177.253.48.221:80, 177.253.48.221:8080, 184.84.173.7:2222, 185.216.25.36:1234, 185.216.25.36:22, 190.69.223.13:80, 190.69.223.13:8080, 191.249.236.85:1234, 198.64.115.74:80, 198.64.115.74:8080, 199.190.21.66:80, 199.190.21.66:8080, 204.173.150.251:2222, 204.241.125.38:80, 204.241.125.38:8080, 213.228.112.226:80, 213.228.112.226:8080, 216.39.6.126:80, 216.39.6.126:8080, 219.111.67.69:80, 219.111.67.69:8080, 222.165.136.99:1234, 222.166.161.165:80, 222.166.161.165:8080, 24.101.57.13:1234, 241.119.5.43:80, 241.119.5.43:8080, 50.181.233.170:80, 50.181.233.170:8080, 51.75.146.174:443, 54.199.218.205:22, 57.11.25.176:80, 57.11.25.176:8080, 64.76.202.135:80, 64.76.202.135:8080, 70.57.189.13:80, 70.57.189.13:8080, 74.215.50.145:22, 78.72.92.71:80, 78.72.92.71:8080, 8.8.8.8:443, 80.143.243.40:80, 80.143.243.40:8080, 82.157.50.152:1234, 93.187.160.73:80, 93.187.160.73:8080, 95.222.59.17:80, 95.222.59.17:8080, 97.115.105.150:80 and 97.115.105.150:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8084 and 8180 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: fuse.net, gvt.net.br and zoominternet.net |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|