IP Address: 182.112.250.6Previously Malicious
IP Address: 182.112.250.6Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
Associated Attack Servers |
cloudfront.net kj4l3yh8.cn ono.com 13.32.149.214 15.152.107.81 20.58.184.140 59.235.92.124 80.232.8.76 82.95.166.228 84.124.4.188 101.41.192.30 101.43.115.47 103.233.122.94 112.196.31.218 114.132.230.151 117.50.179.58 124.176.112.138 195.122.164.220 200.94.27.107 211.219.119.13 218.176.140.166 253.97.6.217 |
IP Address |
182.112.250.6 |
|
Domain |
- |
|
ISP |
China Unicom Liaoning |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-11 |
Last seen in Akamai Guardicore Segmentation |
2022-04-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 101.41.192.30:22, 101.43.115.47:1234, 104.21.25.86:443, 109.42.103.7:80, 109.42.103.7:8080, 112.196.31.218:1234, 114.132.230.151:1234, 117.50.179.58:1234, 12.63.170.142:80, 12.63.170.142:8080, 124.176.112.138:22, 126.240.120.222:80, 126.240.120.222:8080, 13.32.149.214:80, 13.32.149.214:8080, 13.32.149.214:8090, 144.97.87.194:80, 144.97.87.194:8080, 149.185.75.206:80, 149.185.75.206:8080, 15.152.107.81:80, 15.152.107.81:8080, 15.152.107.81:8090, 158.245.164.70:80, 158.245.164.70:8080, 172.135.247.31:80, 172.135.247.31:8080, 172.159.212.158:80, 172.159.212.158:8080, 172.217.2.36:443, 172.67.133.228:443, 178.115.50.42:80, 178.115.50.42:8080, 183.153.151.106:80, 183.153.151.106:8080, 184.20.94.206:80, 184.20.94.206:8080, 186.126.88.56:80, 186.126.88.56:8080, 188.100.42.170:80, 188.100.42.170:8080, 190.212.171.55:80, 190.212.171.55:8080, 192.30.68.146:80, 192.30.68.146:8080, 194.52.111.72:80, 194.52.111.72:8080, 195.122.164.220:2222, 20.58.184.140:1234, 200.94.27.107:2222, 202.117.95.104:80, 202.117.95.104:8080, 205.182.170.231:80, 205.182.170.231:8080, 205.22.95.52:80, 205.22.95.52:8080, 211.219.119.13:1234, 214.238.173.178:80, 214.238.173.178:8080, 218.176.140.166:2222, 222.50.210.97:80, 222.50.210.97:8080, 243.210.135.253:80, 243.210.135.253:8080, 243.88.144.141:80, 243.88.144.141:8080, 246.116.142.210:80, 246.116.142.210:8080, 253.97.6.217:2222, 44.88.28.156:80, 44.88.28.156:8080, 51.75.146.174:443, 59.235.92.124:22, 6.113.31.53:80, 6.113.31.53:8080, 71.88.150.182:80, 71.88.150.182:8080, 8.8.8.8:443, 80.232.8.76:1234, 82.95.166.228:2222, 84.124.4.188:22, 88.150.66.123:80, 88.150.66.123:8080, 9.208.237.186:80, 9.208.237.186:8080, 91.112.75.166:80 and 91.112.75.166:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8084 and 8184 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: alestra.net.mx, bbtec.net, kj4l3yh8.cn, ono.com and telstra.net |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|