IP Address: 111.19.191.70Previously Malicious
IP Address: 111.19.191.70Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan SSH Listening SCP Port 80 Scan Port 8080 Scan Superuser Operation Outgoing Connection Successful SSH Login Download File 4 Shell Commands |
Associated Attack Servers |
IP Address |
111.19.191.70 |
|
Domain |
- |
|
ISP |
China Mobile Guangdong |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-05-12 |
Last seen in Akamai Guardicore Segmentation |
2022-10-13 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 1234 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses 2 times |
Port 1234 Scan |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 111.53.11.130:1234, 117.16.44.111:1234, 117.54.14.169:1234, 121.26.15.178:80, 121.26.15.178:8080, 126.124.195.128:80, 126.124.195.128:8080, 139.209.222.134:1234, 140.245.228.239:80, 142.250.190.36:443, 145.76.123.118:80, 145.76.123.118:8080, 147.182.233.56:1234, 148.218.34.180:80, 148.218.34.180:8080, 150.107.95.20:1234, 157.53.69.106:80, 157.53.69.106:8080, 161.35.79.199:1234, 162.243.236.113:80, 162.243.236.113:8080, 162.34.107.212:80, 162.34.107.212:8080, 172.64.110.32:443, 180.20.171.252:80, 180.20.171.252:8080, 187.155.53.117:80, 187.155.53.117:8080, 188.59.208.153:80, 188.59.208.153:8080, 189.186.224.58:80, 189.186.224.58:8080, 191.242.182.210:1234, 191.242.188.103:1234, 192.193.177.158:80, 192.193.177.158:8080, 203.73.216.236:80, 209.38.40.203:80, 212.57.36.20:1234, 216.178.54.181:80, 216.178.54.181:8080, 218.146.15.97:1234, 222.100.124.62:1234, 222.121.63.87:1234, 223.171.91.160:1234, 223.171.91.191:1234, 223.99.166.104:1234, 241.181.175.57:80, 242.181.27.211:80, 242.181.27.211:8080, 3.28.11.216:80, 3.28.11.216:8080, 30.211.62.154:80, 30.211.62.154:8080, 32.124.2.89:80, 32.124.2.89:8080, 34.73.235.128:80, 34.73.235.128:8080, 49.128.84.84:80, 49.128.84.84:8080, 49.233.159.222:1234, 51.75.146.174:443, 54.218.176.236:80, 54.218.176.236:8080, 55.116.61.111:80, 55.116.61.111:8080, 59.3.186.45:1234, 61.77.105.219:1234, 67.11.167.70:80, 67.11.167.70:8080, 71.86.250.144:80, 71.86.250.144:8080, 78.240.251.55:80, 8.8.4.4:443, 8.8.8.8:443, 80.147.162.151:1234, 82.149.112.170:1234, 82.66.5.84:1234, 86.133.233.66:1234, 89.114.14.108:80, 89.114.14.108:8080, 89.212.123.191:1234, 93.57.183.209:80, 93.57.183.209:8080, 98.179.169.43:80, 98.179.169.43:8080, 98.53.202.83:80 and 98.53.202.83:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8081 and 8184 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|