IP Address: 163.177.220.12Previously Malicious
IP Address: 163.177.220.12Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
2.130.47.60 28.128.151.105 36.188.33.187 47.93.228.251 72.205.143.172 79.59.222.111 81.70.246.81 114.132.242.231 125.109.154.143 126.120.232.96 133.13.69.248 152.136.145.180 166.42.86.241 181.245.42.237 182.224.177.56 183.108.199.88 195.139.196.243 223.171.91.191 249.174.73.137 253.6.77.62 253.8.127.171 |
IP Address |
163.177.220.12 |
|
Domain |
- |
|
ISP |
China Unicom Guangdong province |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-08 |
Last seen in Akamai Guardicore Segmentation |
2022-04-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 104.21.25.86:443, 105.240.23.137:80, 105.240.23.137:8080, 108.58.117.73:80, 108.58.117.73:8080, 110.1.198.201:80, 110.1.198.201:8080, 112.221.67.140:80, 112.221.67.140:8080, 114.132.242.231:1234, 118.45.172.232:80, 118.45.172.232:8080, 119.189.21.111:80, 119.189.21.111:8080, 125.109.154.143:2222, 125.191.4.15:80, 125.191.4.15:8080, 126.120.232.96:2222, 131.7.20.87:80, 131.7.20.87:8080, 132.191.223.58:80, 132.191.223.58:8080, 133.13.69.248:2222, 137.197.19.187:80, 137.197.19.187:8080, 138.170.167.113:80, 138.170.167.113:8080, 14.117.34.200:80, 14.117.34.200:8080, 14.163.4.91:80, 14.163.4.91:8080, 142.251.32.4:443, 152.136.145.180:1234, 154.242.7.53:80, 154.242.7.53:8080, 163.224.131.154:80, 163.224.131.154:8080, 166.2.16.210:80, 166.2.16.210:8080, 166.42.86.241:2222, 172.67.133.228:443, 181.245.42.237:22, 182.224.177.56:1234, 183.108.199.88:1234, 184.209.20.146:80, 184.209.20.146:8080, 187.163.96.12:80, 187.163.96.12:8080, 191.115.225.185:80, 191.115.225.185:8080, 195.139.196.243:2222, 196.226.36.160:80, 196.226.36.160:8080, 2.130.47.60:22, 202.154.13.135:80, 202.154.13.135:8080, 208.54.12.19:80, 208.54.12.19:8080, 209.148.55.216:80, 209.148.55.216:8080, 216.169.23.114:80, 216.169.23.114:8080, 222.198.164.108:80, 222.198.164.108:8080, 223.171.91.191:1234, 245.129.74.207:80, 245.129.74.207:8080, 249.174.73.137:2222, 252.78.114.140:80, 252.78.114.140:8080, 253.6.77.62:22, 253.8.127.171:2222, 28.128.151.105:22, 29.71.253.164:80, 29.71.253.164:8080, 36.188.33.187:22, 47.93.228.251:1234, 51.75.146.174:443, 56.173.210.63:80, 56.173.210.63:8080, 59.208.138.72:80, 59.208.138.72:8080, 72.205.143.172:22, 79.59.222.111:22, 81.70.246.81:1234, 9.200.100.118:80, 9.200.100.118:8080, 94.163.207.5:80 and 94.163.207.5:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8084 and 8180 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: as2116.net, bbtec.net and telenor.dk |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|