IP Address: 162.216.142.26Malicious
IP Address: 162.216.142.26Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SMB |
Tags |
Superuser Operation Listening SCP 2 Shell Commands Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File |
Associated Attack Servers |
IP Address |
162.216.142.26 |
|
Domain |
- |
|
ISP |
K Net Solutions Pvt |
|
Country |
India |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-10-03 |
Last seen in Akamai Guardicore Segmentation |
2023-06-22 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 45 IP Addresses 2 times |
Port 2222 Scan Port 22 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 45 IP Addresses 2 times |
Port 2222 Scan Port 22 Scan |
Process /dev/shm/ifconfig started listening on ports: 1234 and 8089 |
Listening |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.130.146.139:22, 100.118.177.110:2222, 100.212.131.185:22, 105.94.55.217:22, 11.188.20.12:22, 11.71.251.35:2222, 111.153.106.77:22, 111.237.168.223:2222, 112.200.206.116:2222, 119.120.143.205:22, 121.99.59.200:2222, 123.21.8.5:22, 124.219.98.252:22, 125.193.225.225:22, 126.122.106.32:22, 129.221.34.120:2222, 133.104.111.201:22, 141.244.88.153:2222, 143.238.93.108:22, 143.238.93.108:2222, 143.93.4.199:2222, 146.108.149.199:2222, 147.167.2.221:2222, 148.20.132.85:22, 150.168.16.13:22, 155.169.189.217:2222, 157.131.149.68:2222, 157.38.90.247:2222, 158.38.57.9:2222, 16.127.182.230:22, 161.242.68.14:22, 166.203.91.246:22, 173.40.21.149:2222, 174.71.164.214:22, 178.200.197.171:2222, 18.96.47.200:22, 180.5.234.106:22, 188.154.105.88:2222, 189.101.188.161:22, 190.85.251.219:2222, 191.86.194.155:2222, 193.198.5.236:2222, 198.133.239.198:2222, 199.212.211.251:2222, 201.79.120.158:2222, 202.184.91.179:2222, 210.84.158.87:22, 211.203.124.54:22, 212.221.73.33:2222, 213.149.117.132:22, 220.145.160.236:2222, 223.155.111.85:22, 223.46.54.16:2222, 23.84.122.125:22, 240.53.102.208:2222, 243.194.223.12:2222, 244.249.94.83:22, 248.9.219.156:2222, 249.1.251.107:2222, 26.253.243.85:2222, 30.17.130.179:2222, 31.10.165.152:22, 33.6.183.152:2222, 34.13.5.228:2222, 35.107.54.162:22, 4.102.65.172:22, 4.66.110.198:22, 41.215.87.152:2222, 43.240.33.253:22, 44.125.158.55:2222, 44.33.154.97:2222, 45.124.63.184:2222, 48.165.190.75:22, 53.177.175.22:22, 59.148.26.80:22, 6.172.150.218:22, 68.124.193.216:22, 72.229.15.119:22, 73.127.102.242:22, 77.246.52.73:22, 79.178.8.88:2222, 80.25.126.230:22, 82.183.165.210:2222, 85.190.87.53:2222, 9.150.31.199:22, 90.137.228.102:2222, 90.74.188.154:2222, 93.209.232.118:22 and 97.222.203.22:22 |
|
Connection was closed due to timeout |
|