IP Address: 110.42.236.48Previously Malicious
IP Address: 110.42.236.48Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
110.42.236.48 |
|
Domain |
- |
|
ISP |
Tencent cloud computing |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-13 |
Last seen in Akamai Guardicore Segmentation |
2022-04-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 103.105.145.89:2222, 103.36.218.219:22, 104.21.25.86:443, 110.42.236.48:1234, 111.13.64.234:80, 111.13.64.234:8080, 115.103.87.47:80, 115.103.87.47:8080, 123.148.12.69:80, 123.148.12.69:8080, 123.54.41.48:80, 123.54.41.48:8080, 124.115.231.214:1234, 132.161.37.3:80, 132.161.37.3:8080, 134.239.243.93:80, 134.239.243.93:8080, 135.168.54.177:80, 135.168.54.177:8080, 142.116.249.180:22, 148.116.191.100:80, 148.116.191.100:8080, 153.172.56.19:2222, 157.90.181.128:80, 157.90.181.128:8080, 16.138.222.55:80, 16.138.222.55:8080, 160.206.95.202:2222, 160.29.57.246:2222, 164.41.96.67:2222, 166.231.100.226:80, 166.231.100.226:8080, 170.228.91.70:2222, 172.67.133.228:443, 178.177.243.123:2222, 178.219.110.85:2222, 180.146.205.175:80, 180.146.205.175:8080, 182.181.123.19:22, 203.193.56.17:80, 203.193.56.17:8080, 205.54.13.203:80, 205.54.13.203:8080, 211.60.63.88:80, 211.60.63.88:8080, 213.186.104.52:80, 213.186.104.52:8080, 216.10.26.201:80, 216.10.26.201:8080, 216.121.66.85:80, 216.121.66.85:8080, 216.132.219.217:2222, 218.26.209.196:80, 218.26.209.196:8080, 221.161.122.82:1234, 222.60.123.86:80, 222.60.123.86:8080, 248.239.82.99:80, 248.239.82.99:8080, 249.170.81.195:80, 249.170.81.195:8080, 252.48.171.172:80, 252.48.171.172:8080, 26.168.51.171:80, 26.168.51.171:8080, 42.9.30.185:22, 45.130.147.8:1234, 48.18.79.22:80, 48.18.79.22:8080, 50.67.233.207:2222, 51.75.146.174:443, 54.179.35.193:2222, 54.235.239.38:1234, 57.239.104.16:80, 57.239.104.16:8080, 59.242.126.130:80, 59.242.126.130:8080, 6.187.104.238:80, 6.187.104.238:8080, 66.193.230.114:80, 66.193.230.114:8080, 73.173.204.19:80, 73.173.204.19:8080, 79.31.250.162:80, 79.31.250.162:8080, 81.70.21.147:1234, 90.191.135.108:80, 90.191.135.108:8080 and 93.176.229.145:1234 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8089 and 8182 |
Listening |
Process /dev/shm/ifconfig attempted to access suspicious domains: sileman.net.pl and zcrtyshop.club |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|