IP Address: 193.123.106.215Previously Malicious
IP Address: 193.123.106.215Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 22 Scan Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
Associated Attack Servers |
airtel.net anid.com.br btcentralplus.com canl.nc ibtic.com mdx.ac.uk poneytelecom.eu schuenemann-verlag.de sileman.net.pl tele2.se telenet.be tenet.odessa.ua 1.15.13.216 1.156.124.38 2.16.127.160 2.112.213.200 5.57.102.125 6.199.92.177 7.115.244.137 8.167.219.121 12.9.185.101 14.35.205.157 14.229.215.132 15.58.21.36 16.166.168.92 16.173.119.109 22.8.112.189 22.194.85.53 24.62.23.19 26.247.194.126 28.51.226.235 30.213.127.24 31.19.237.170 33.8.12.121 33.118.243.124 34.105.39.173 34.127.172.207 34.238.40.77 36.77.94.79 39.56.86.3 42.8.236.66 42.231.29.38 |
IP Address |
193.123.106.215 |
|
Domain |
- |
|
ISP |
Oracle Corporation |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-05 |
Last seen in Akamai Guardicore Segmentation |
2022-04-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.158.231.96:80, 1.158.231.96:8080, 104.21.25.86:443, 110.42.236.48:1234, 113.99.78.220:80, 113.99.78.220:8080, 115.254.63.51:1234, 122.85.65.116:80, 122.85.65.116:8080, 124.221.162.244:1234, 126.110.249.221:22, 138.66.236.141:80, 138.66.236.141:8080, 139.40.64.31:80, 139.40.64.31:8080, 143.229.121.62:22, 148.116.192.195:2222, 148.241.235.217:2222, 152.136.255.57:1234, 154.162.168.190:80, 154.162.168.190:8080, 16.183.74.26:80, 16.183.74.26:8080, 160.190.223.122:2222, 163.129.30.172:80, 163.129.30.172:8080, 166.69.10.162:22, 167.201.198.172:80, 167.201.198.172:8080, 17.196.141.152:80, 17.196.141.152:8080, 172.67.133.228:443, 179.41.84.55:22, 18.49.57.196:80, 18.49.57.196:8080, 189.249.158.244:80, 189.249.158.244:8080, 193.123.106.215:1234, 195.138.76.59:80, 195.138.76.59:8080, 196.32.202.66:2222, 2.243.45.52:22, 201.196.63.34:22, 204.4.157.198:80, 204.4.157.198:8080, 207.87.75.227:80, 207.87.75.227:8080, 21.8.40.93:80, 21.8.40.93:8080, 211.100.214.4:80, 211.100.214.4:8080, 214.60.157.97:80, 214.60.157.97:8080, 24.92.236.129:80, 24.92.236.129:8080, 240.224.132.94:80, 240.224.132.94:8080, 240.62.181.47:80, 240.62.181.47:8080, 242.219.2.21:80, 242.219.2.21:8080, 247.37.31.134:80, 247.37.31.134:8080, 33.60.209.253:22, 35.154.27.64:80, 35.154.27.64:8080, 35.191.185.32:80, 35.191.185.32:8080, 38.44.146.115:80, 38.44.146.115:8080, 51.75.146.174:443, 55.82.30.85:80, 55.82.30.85:8080, 63.188.103.88:80, 63.188.103.88:8080, 66.185.164.103:80, 66.185.164.103:8080, 73.81.253.163:2222, 85.198.254.49:1234, 86.224.198.36:22, 89.4.176.128:2222, 9.173.44.154:80, 9.173.44.154:8080, 91.205.14.236:80, 91.205.14.236:8080, 92.1.143.125:22, 92.229.148.157:80, 92.229.148.157:8080 and 99.247.243.86:1234 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8085 and 8183 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: sileman.net.pl and ztomy.com |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|