IP Address: 113.56.134.2Previously Malicious
IP Address: 113.56.134.2Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 22 Scan Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
Associated Attack Servers |
Majordomo.ru versatel.nl vorboss.net 1.15.13.216 24.32.65.138 26.24.136.174 27.121.84.138 30.120.168.233 34.49.63.37 40.112.221.159 42.192.204.53 56.6.226.57 73.78.248.128 80.74.168.249 81.70.58.68 82.163.214.12 82.173.4.191 83.197.190.56 90.189.213.136 92.139.182.71 101.24.187.246 101.35.138.55 101.43.22.221 102.53.185.148 110.42.191.5 112.114.7.144 116.161.173.56 117.33.27.181 118.29.178.235 124.221.162.244 124.222.13.124 124.223.81.25 |
IP Address |
113.56.134.2 |
|
Domain |
- |
|
ISP |
China Unicom Liaoning |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
Last seen in Akamai Guardicore Segmentation |
2022-03-28 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 100.133.248.36:80, 100.133.248.36:8080, 101.24.187.246:2222, 101.35.138.55:1234, 104.21.25.86:443, 110.42.191.5:1234, 111.206.53.228:80, 111.206.53.228:8080, 112.114.7.144:2222, 117.181.205.182:80, 117.181.205.182:8080, 124.221.162.244:1234, 125.50.214.152:80, 125.50.214.152:8080, 132.194.117.171:80, 132.194.117.171:8080, 139.108.228.120:80, 139.108.228.120:8080, 146.81.106.171:80, 146.81.106.171:8080, 148.241.50.63:80, 148.241.50.63:8080, 150.213.28.210:80, 150.213.28.210:8080, 152.136.145.180:1234, 159.169.17.49:80, 159.169.17.49:8080, 159.50.156.38:80, 159.50.156.38:8080, 161.30.152.212:22, 164.15.230.162:22, 164.166.89.213:22, 17.222.203.222:22, 172.67.133.228:443, 177.225.241.29:80, 177.225.241.29:8080, 182.224.177.56:1234, 183.55.150.72:80, 183.55.150.72:8080, 184.82.155.77:80, 184.82.155.77:8080, 190.233.182.2:80, 190.233.182.2:8080, 191.14.233.156:80, 191.14.233.156:8080, 203.180.47.119:80, 203.180.47.119:8080, 203.54.9.8:2222, 209.3.155.236:80, 209.3.155.236:8080, 212.180.133.42:80, 212.180.133.42:8080, 212.221.46.184:80, 212.221.46.184:8080, 222.165.136.99:1234, 23.251.106.32:80, 23.251.106.32:8080, 244.232.235.135:80, 244.232.235.135:8080, 251.228.43.107:2222, 252.103.207.27:22, 252.90.202.112:80, 252.90.202.112:8080, 27.121.84.138:2222, 3.196.7.74:22, 30.51.58.227:80, 30.51.58.227:8080, 31.197.30.115:80, 31.197.30.115:8080, 34.49.63.37:2222, 36.73.55.131:22, 51.75.146.174:443, 53.73.74.176:80, 53.73.74.176:8080, 55.49.31.155:80, 55.49.31.155:8080, 65.241.26.146:80, 65.241.26.146:8080, 90.154.140.92:80, 90.154.140.92:8080, 90.63.174.230:22, 92.139.182.71:1234, 93.176.8.126:80, 93.176.8.126:8080, 95.145.232.165:80, 95.145.232.165:8080, 96.72.219.79:22, 97.16.6.230:80 and 97.16.6.230:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8087 and 8187 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: wanadoo.fr |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|