IP Address: 117.80.212.33Previously Malicious
IP Address: 117.80.212.33Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
IP Address |
117.80.212.33 |
|
|
Domain |
- |
|
|
ISP |
China Telecom jiangsu |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2021-12-27 |
|
Last seen in Akamai Guardicore Segmentation |
2022-10-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
Process /bin/nc.openbsd scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
|
Process /dev/shm/ifconfig scanned port 1234 on 33 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
Process /dev/shm/ifconfig scanned port 80 on 33 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
Process /dev/shm/ifconfig scanned port 1234 on 40 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
Process /bin/nc.openbsd scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
|
Process /root/ifconfig scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
|
Process /var/tmp/ifconfig scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
|
Process /tmp/ifconfig scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
|
Process /root/apache2 scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
|
/dev/shm/ifconfig was downloaded |
Download File |
|
A possibly malicious Superuser Operation was detected 20 times |
Superuser Operation |
|
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 1.220.98.197:1234, 103.105.12.48:1234, 103.152.118.20:1234, 103.90.177.102:1234, 103.90.177.102:22, 108.6.207.1:80, 109.132.240.198:80, 116.204.47.190:80, 117.16.44.111:1234, 118.41.204.72:1234, 120.224.34.31:1234, 120.236.78.194:1234, 123.132.238.210:1234, 124.115.231.214:1234, 124.115.231.214:22, 125.214.142.155:80, 142.250.191.228:443, 143.64.248.207:80, 147.182.233.56:1234, 149.53.154.99:80, 15.86.147.76:80, 162.128.115.205:80, 17.241.64.13:80, 172.123.244.125:80, 172.64.200.11:443, 173.18.35.41:1234, 175.31.119.241:80, 176.36.34.99:80, 178.44.22.96:80, 179.197.137.3:80, 182.224.177.56:1234, 19.248.156.160:80, 191.172.131.169:80, 191.242.182.210:1234, 191.242.188.103:1234, 191.242.188.103:22, 198.233.110.215:80, 199.78.158.131:80, 20.37.109.195:80, 200.52.90.8:80, 201.185.188.193:80, 202.61.203.229:1234, 210.99.20.194:1234, 221.136.133.228:80, 222.100.124.62:1234, 222.121.63.87:1234, 222.134.240.92:1234, 222.165.136.99:1234, 223.171.91.191:1234, 24.177.226.31:80, 249.232.118.179:80, 249.62.5.187:80, 25.68.146.56:80, 251.168.236.220:80, 253.112.12.115:80, 28.118.206.209:80, 28.236.63.94:80, 28.6.201.228:80, 39.175.68.100:1234, 40.183.170.128:80, 51.159.19.47:1234, 51.75.146.174:443, 52.26.180.67:80, 54.74.213.249:80, 55.238.236.186:80, 61.84.162.66:1234, 62.12.106.5:1234, 8.66.110.73:80, 8.66.140.242:80, 8.8.4.4:443, 8.8.8.8:443, 82.149.112.170:1234, 83.4.158.240:80, 84.204.148.99:1234, 89.212.123.191:1234, 94.153.165.43:1234, 95.154.21.210:1234, 95.238.137.158:80 and 97.24.164.37:80 |
Outgoing Connection |
|
./ifconfig was downloaded 2 times |
Download File |
|
Process /dev/shm/ifconfig started listening on ports: 1234, 8081 and 8182 |
Listening |
|
Process /dev/shm/ifconfig attempted to access suspicious domains: conecttelecom.com.br |
Access Suspicious Domain Outgoing Connection |
|
The file /root/ifconfig was downloaded and executed 2 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 34 times |
Download and Execute |
|
Process /root/ifconfig generated outgoing network traffic to: 172.64.200.11:443 |
Outgoing Connection |
|
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /tmp/apache2 was downloaded and executed 12 times |
Download and Execute |
|
Process /tmp/ifconfig generated outgoing network traffic to: 172.64.200.11:443 |
Outgoing Connection |
|
The file /var/tmp/ifconfig was downloaded and executed 12 times |
Download and Execute |
|
The file /var/tmp/apache2 was downloaded and executed 28 times |
Download and Execute |
|
Process /var/tmp/ifconfig generated outgoing network traffic to: 172.64.201.11:443 |
Outgoing Connection |
|
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 3 times |
Download and Execute |
|
Process /dev/shm/ifconfig scanned port 80 on 40 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /etc/apache2 was downloaded and executed 35 times |
Download and Execute |
|
The file /root/ifconfig was downloaded and executed 4 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 16 times |
Download and Execute |
|
The file /etc/ifconfig was downloaded and executed 3 times |
Download and Execute |
|
Connection was closed due to timeout |
|
|
/var/tmp/ifconfig |
SHA256: fb6a5675b73aac01d91810ac511251778c4fe50ce51470a0cf5e8f909472b474 |
327680 bytes |
|
/etc/ifconfig |
SHA256: 1baed6e01f9715569e8d4aca39d13b7d8b92cb7c60e5099ed8998434287c985e |
2651328 bytes |
|
/etc/ifconfig |
SHA256: 003fc3b1c6259d744b011cde32a47e8cb0b00708ebec1465839b9c14279bc70b |
262144 bytes |
|
/root/ifconfig |
SHA256: f28c1becc58c6ae5d449da0b0f68f4def9db80ba792ab4486a7177e0ecd62b74 |
851968 bytes |
|
/tmp/ifconfig |
SHA256: bc4c4c39f98753ec5421a21b33179c026cae4f44f6ce47de8355c24546601af4 |
196608 bytes |
|
/tmp/ifconfig |
SHA256: fd3e94ee9b2ea054ed39b97f94f6542e9ce2c2bfbaf1be0c7a8412303ed15e39 |
2293760 bytes |
|
/tmp/ifconfig |
SHA256: 915f410de5799b81704f3695d8aa38d5da78b01b60cea17d3e0c3f162f9b0e9b |
1802240 bytes |
|
/tmp/ifconfig |
SHA256: 93b5387c1ad89b1bba7a1c7ad722d5406dd174e58cd0a1de5a0684e02a83fd33 |
1474560 bytes |
|
/etc/ifconfig |
SHA256: 63ce5e408bc30df5efb4e48cb2e893e84b58da0ea31d834ce11db915f0dfaba2 |
32768 bytes |
|
/etc/ifconfig |
SHA256: 331f1ead3df8fed58ccf68da781f34b2f228a5c37f3bb245b836a4b49b1cf269 |
557056 bytes |
|
/etc/ifconfig |
SHA256: 861921d16b4f8870dda3d79aecaa828b713b8e41b29ec977aca10c236356144e |
1507328 bytes |
|
/var/tmp/ifconfig |
SHA256: 1b40245f21f1cb845b7fdf2428315166a8b1d8d5e1e42cd290cd8e479ed61ad7 |
2129920 bytes |
|
/root/ifconfig |
SHA256: c04b32a7c24533bc14fdd18b6cff3756d284640b23569d19c8e268ece7666b43 |
1540096 bytes |
|
/tmp/ifconfig |
SHA256: b3b7551f344bdc4021e89ae74961531531a7dedf23e7b2d0364e21d052271ae2 |
1114112 bytes |
|
/var/tmp/ifconfig |
SHA256: 550307921085269ac7b53b3492fbffd8dc7bb9deaee1b26d433b3ebb40282384 |
2195456 bytes |
|
/root/ifconfig |
SHA256: b68a8713bece3c5ce9b0e366dd929b6664fb1d7d569f2bc6fafe9a1bded50019 |
1671168 bytes |
|
/tmp/ifconfig |
SHA256: 6ee5b0eadb32669e495a5d4157119d3a8248235f0b3e21084070fb6bb45ca89e |
950272 bytes |
© 2023 Akamai Technologies