IP Address: 111.93.117.178Previously Malicious
IP Address: 111.93.117.178Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SMB SSH |
Tags |
Port 22 Scan 12 Shell Commands SSH Access Suspicious Domain Successful SSH Login Listening Port 2222 Scan Outgoing Connection |
Associated Attack Servers |
IP Address |
111.93.117.178 |
|
Domain |
- |
|
ISP |
Tata Teleservices Limited |
|
Country |
India |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-06-07 |
Last seen in Akamai Guardicore Segmentation |
2021-04-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 4 times |
Successful SSH Login |
Process /dev/shm/ifconfig scanned port 22 on 42 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 42 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 22 on 45 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig started listening on ports: 1234 |
Listening |
Process /dev/shm/ifconfig generated outgoing network traffic to: 102.113.173.211:22, 102.113.173.211:2222, 103.127.80.9:1234, 111.93.117.178:1234, 119.148.81.222:22, 119.148.81.222:2222, 121.201.157.185:2222, 123.227.67.5:2222, 128.179.74.112:22, 128.179.74.112:2222, 128.95.137.119:22, 128.95.137.119:2222, 129.199.121.213:22, 13.204.60.157:22, 130.153.9.164:2222, 133.178.95.195:22, 135.49.11.90:22, 136.111.224.247:22, 14.102.204.201:22, 153.49.54.128:22, 153.49.54.128:2222, 156.122.55.12:22, 156.122.55.12:2222, 157.67.243.119:2222, 16.4.221.96:22, 16.4.221.96:2222, 165.136.44.91:2222, 166.34.233.134:22, 173.56.241.44:22, 173.56.241.44:2222, 174.190.32.118:2222, 183.85.62.19:22, 183.85.62.19:2222, 186.182.22.4:2222, 186.252.209.139:22, 186.252.209.139:2222, 187.144.56.39:2222, 189.116.127.30:22, 217.53.99.121:22, 217.53.99.121:2222, 220.53.87.194:22, 220.53.87.194:2222, 220.77.145.80:1234, 24.219.207.51:22, 24.219.207.51:2222, 240.238.153.167:22, 247.121.140.120:22, 247.121.140.120:2222, 247.98.43.129:22, 247.98.43.129:2222, 26.177.169.247:2222, 3.117.244.102:22, 3.117.244.102:2222, 34.105.174.198:22, 34.105.174.198:2222, 34.197.59.51:22, 34.197.59.51:2222, 36.221.78.172:2222, 36.53.109.65:2222, 44.207.115.147:2222, 48.141.133.244:22, 55.242.48.139:22, 55.242.48.139:2222, 57.67.40.23:2222, 63.70.147.7:22, 63.70.147.7:2222, 64.132.158.151:2222, 65.135.74.194:22, 65.135.74.194:2222, 66.217.120.221:22, 7.180.253.57:22, 7.180.253.57:2222, 73.254.114.94:1234, 76.158.117.78:2222, 78.133.198.69:2222, 78.206.54.251:2222, 81.210.16.4:22, 82.105.20.88:22, 82.105.20.88:2222, 82.99.4.69:22, 82.99.4.69:2222, 85.232.137.27:22, 85.232.137.27:2222, 93.180.203.225:22, 93.180.203.225:2222, 93.68.136.230:22, 94.241.122.165:22, 95.116.240.149:22, 95.116.240.149:2222 and 97.29.221.29:2222 |
Outgoing Connection |
Process /dev/shm/ifconfig attempted to access suspicious domains: 111-tataidc.co.in |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 2222 on 45 IP Addresses |
Port 22 Scan Port 2222 Scan |
Connection was closed due to timeout |
|