IP Address: 182.112.248.60Previously Malicious
IP Address: 182.112.248.60Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Successful SSH Login Port 22 Scan 3 Shell Commands Access Suspicious Domain Port 80 Scan Outgoing Connection Port 8080 Scan Superuser Operation Listening SSH |
|
Associated Attack Servers |
61.in-addr.arpa ovh.ca spd-mgts.ru 37.190.57.217 52.53.125.53 61.182.227.248 81.68.166.127 89.108.119.250 96.148.43.161 103.152.37.54 144.217.5.204 185.153.198.230 194.207.165.50 203.152.84.158 249.133.98.167 |
|
IP Address |
182.112.248.60 |
|
|
Domain |
- |
|
|
ISP |
China Unicom Liaoning |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-04-17 |
|
Last seen in Akamai Guardicore Segmentation |
2022-04-17 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
Process /dev/shm/ifconfig scanned port 22 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig scanned port 80 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig scanned port 8080 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig started listening on ports: 1234, 8083 and 8187 |
Listening |
|
Process /dev/shm/ifconfig generated outgoing network traffic to: 102.139.219.129:80, 102.139.219.129:8080, 103.152.37.54:1234, 104.21.25.86:443, 105.85.170.161:80, 105.85.170.161:8080, 110.241.157.50:80, 110.241.157.50:8080, 113.149.107.157:80, 113.149.107.157:8080, 114.81.116.213:22, 119.32.44.44:80, 119.32.44.44:8080, 122.4.153.238:80, 122.4.153.238:8080, 132.48.198.80:22, 134.18.135.170:22, 144.217.5.204:1234, 149.153.189.242:22, 150.38.207.122:80, 150.38.207.122:8080, 151.1.244.9:80, 151.1.244.9:8080, 160.66.159.115:80, 160.66.159.115:8080, 161.204.48.4:80, 161.204.48.4:8080, 17.235.67.182:80, 17.235.67.182:8080, 172.67.133.228:443, 186.230.190.158:80, 186.230.190.158:8080, 194.207.165.50:2222, 202.19.103.3:80, 202.19.103.3:8080, 202.217.23.69:80, 202.217.23.69:8080, 203.152.84.158:1234, 208.9.211.171:80, 208.9.211.171:8080, 22.106.196.175:22, 221.123.49.172:80, 221.123.49.172:8080, 244.233.205.19:80, 244.233.205.19:8080, 249.133.98.167:2222, 249.241.225.110:80, 249.241.225.110:8080, 250.37.31.173:80, 250.37.31.173:8080, 32.177.235.10:22, 36.82.141.207:80, 36.82.141.207:8080, 37.190.57.217:2222, 43.250.124.28:80, 43.250.124.28:8080, 48.240.87.73:80, 48.240.87.73:8080, 48.82.137.44:22, 5.136.18.87:80, 5.136.18.87:8080, 5.93.44.136:80, 5.93.44.136:8080, 51.75.146.174:443, 52.53.125.53:1234, 53.6.104.215:80, 53.6.104.215:8080, 56.26.90.87:80, 56.26.90.87:8080, 61.182.227.248:2222, 64.29.130.103:80, 64.29.130.103:8080, 67.253.164.245:80, 67.253.164.245:8080, 69.12.137.49:22, 74.212.4.63:80, 74.212.4.63:8080, 81.68.166.127:1234, 84.176.203.164:22, 85.177.122.205:22, 87.76.164.145:80, 87.76.164.145:8080, 88.50.120.4:80, 88.50.120.4:8080, 89.108.119.250:1234, 89.23.98.161:80, 89.23.98.161:8080, 91.163.115.47:22 and 96.148.43.161:2222 |
Outgoing Connection |
|
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig attempted to access suspicious domains: 61.in-addr.arpa, kc.net.uk, railcommerce.com and spd-mgts.ru |
Access Suspicious Domain Outgoing Connection |
|
Connection was closed due to user inactivity |
|
© 2023 Akamai Technologies