IP Address: 117.50.23.109Previously Malicious
IP Address: 117.50.23.109Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Successful SSH Login Port 8080 Scan 5 Shell Commands Listening SSH SCP Outgoing Connection Superuser Operation Port 80 Scan Download File Port 1234 Scan |
Associated Attack Servers |
IP Address |
117.50.23.109 |
|
Domain |
- |
|
ISP |
Shanghai UCloud Information Technology Company Lim |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-08-11 |
Last seen in Akamai Guardicore Segmentation |
2022-11-25 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /dev/shm/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.220.98.197:1234, 103.105.12.48:1234, 104.21.25.86:443, 108.4.15.210:80, 108.4.15.210:8080, 12.153.134.51:80, 12.153.134.51:8080, 120.224.34.31:1234, 123.132.238.210:1234, 124.115.231.214:1234, 124.223.14.100:1234, 128.42.180.235:80, 128.42.180.235:8080, 130.23.23.27:80, 130.23.23.27:8080, 132.33.205.128:80, 132.33.205.128:8080, 137.160.88.69:80, 137.160.88.69:8080, 149.157.80.89:80, 149.157.80.89:8080, 154.147.79.239:80, 158.34.110.99:80, 159.188.22.107:80, 159.188.22.107:8080, 161.107.113.27:1234, 161.70.98.32:1234, 165.208.48.198:80, 165.208.48.198:8080, 170.113.233.20:80, 170.113.233.20:8080, 171.43.3.124:80, 171.43.3.124:8080, 172.67.133.228:443, 189.121.172.49:80, 190.12.120.30:1234, 191.242.188.103:1234, 192.234.251.10:80, 192.234.251.10:8080, 199.66.148.10:80, 199.66.148.10:8080, 20.141.185.205:1234, 200.162.180.107:80, 200.162.180.107:8080, 202.61.203.229:1234, 206.130.36.197:80, 206.130.36.197:8080, 212.57.36.20:1234, 217.70.251.82:80, 218.146.15.97:1234, 220.243.148.80:1234, 220.249.17.203:80, 220.249.17.203:8080, 221.88.92.49:80, 221.88.92.49:8080, 222.100.124.62:1234, 222.134.240.92:1234, 223.171.91.127:1234, 241.136.197.85:80, 241.136.197.85:8080, 241.197.154.123:80, 241.197.154.123:8080, 247.80.40.51:80, 247.80.40.51:8080, 248.143.68.187:80, 248.143.68.187:8080, 25.220.49.79:80, 25.220.49.79:8080, 26.32.64.40:80, 26.32.64.40:8080, 28.202.21.183:80, 28.202.21.183:8080, 39.175.68.100:1234, 51.159.19.47:1234, 51.75.146.174:443, 52.33.69.42:80, 52.33.69.42:8080, 58.229.125.66:1234, 61.84.162.66:1234, 62.12.106.5:1234, 62.168.55.225:80, 62.168.55.225:8080, 88.133.207.130:80, 88.133.207.130:8080, 89.104.188.199:80, 89.104.188.199:8080 and 93.176.229.145:1234 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8080 and 8188 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|