IP Address: 191.242.182.210Malicious
IP Address: 191.242.182.210Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
191.242.182.210 |
|
Domain |
- |
|
ISP |
Conect Telecom |
|
Country |
Brazil |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-01-30 |
Last seen in Akamai Guardicore Segmentation |
2023-06-16 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
The file /tmp/ifconfig was downloaded and granted execution privileges |
Download and Allow Execution |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 9 times |
Successful SSH Login |
./ifconfig was downloaded |
Download File |
/var/tmp/ifconfig was downloaded |
Download File |
/root/ifconfig was downloaded |
Download File |
System file /etc/ifconfig was modified 16 times |
System File Modification |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /etc/apache2 was downloaded and executed 100 times |
Download and Execute |
Process /etc/ifconfig scanned port 1234 on 25 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
Process /etc/ifconfig scanned port 80 on 25 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
Process /etc/ifconfig scanned port 8080 on 25 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
Process /etc/ifconfig scanned port 1234 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
Process /etc/ifconfig scanned port 1234 on 20 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 25 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 25 IP Addresses |
Port 1234 Scan |
Process /etc/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 101.18.123.216:80, 101.18.123.216:8080, 101.42.90.177:1234, 103.105.12.48:1234, 103.185.63.56:80, 103.185.63.56:8080, 104.21.25.86:443, 108.138.100.115:80, 108.138.100.115:8080, 118.41.204.72:1234, 120.116.133.20:80, 120.116.133.20:8080, 120.224.34.31:1234, 121.244.202.176:80, 121.244.202.176:8080, 121.37.244.238:80, 121.37.244.238:8080, 123.243.134.146:80, 123.243.134.146:8080, 142.177.99.115:80, 142.177.99.115:8080, 147.182.233.56:1234, 154.169.155.170:80, 154.169.155.170:8080, 160.121.151.19:80, 160.121.151.19:8080, 161.35.79.199:1234, 163.128.32.87:80, 165.92.181.79:80, 165.92.181.79:8080, 171.1.198.21:80, 171.1.198.21:8080, 172.217.2.36:443, 173.157.110.111:80, 176.100.63.86:80, 183.213.26.13:1234, 184.83.112.246:1234, 191.242.182.210:1234, 191.242.182.210:22, 20.141.185.205:1234, 200.109.48.227:80, 201.200.181.113:80, 201.200.181.113:8080, 202.229.207.210:80, 206.189.25.255:1234, 206.189.25.255:22, 209.234.237.235:80, 215.151.235.136:80, 222.121.63.87:1234, 222.134.240.92:1234, 223.171.91.149:1234, 223.171.91.160:1234, 223.99.166.104:1234, 249.129.14.216:80, 39.175.68.100:1234, 41.42.152.180:80, 41.42.152.180:8080, 43.242.247.139:1234, 45.120.216.114:1234, 45.121.63.134:80, 46.13.164.29:1234, 46.86.231.146:80, 49.233.159.222:1234, 50.170.75.113:80, 50.170.75.113:8080, 51.75.146.174:443, 54.151.248.79:80, 57.18.156.25:80, 57.18.156.25:8080, 58.221.91.82:80, 58.221.91.82:8080, 70.67.197.201:80, 70.67.197.201:8080, 77.167.79.180:80, 77.167.79.180:8080, 8.8.8.8:443, 82.52.149.251:80, 82.66.5.84:1234, 89.212.123.191:1234, 97.87.39.93:80 and 97.87.39.93:8080 |
Outgoing Connection |
Process /etc/ifconfig started listening on ports: 1234, 8081 and 8182 |
Listening |
Process /etc/ifconfig attempted to access suspicious domains: conecttelecom.com.br |
Outgoing Connection Access Suspicious Domain |
Process /etc/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
Process /etc/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
Process /etc/ifconfig scanned port 80 on 20 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
Process /etc/ifconfig scanned port 8080 on 20 IP Addresses |
Port 80 Scan Port 8080 Scan Port 1234 Scan |
Connection was closed due to timeout |
|
/var/tmp/apache2 |
SHA256: 10aaadaf66ae0b4f687aa7239e1b0b6959973c5d0c973a7a34db0ac78f070078 |
2875664 bytes |