IP Address: 211.75.205.200Previously Malicious
IP Address: 211.75.205.200Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
211.75.205.200 |
|
Domain |
- |
|
ISP |
HiNet |
|
Country |
Taiwan, Province of China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-08 |
Last seen in Akamai Guardicore Segmentation |
2022-09-27 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 102.177.252.190:80, 102.177.252.190:8080, 104.21.25.86:443, 109.223.109.214:2222, 113.195.222.225:2222, 114.131.105.134:80, 114.131.105.134:8080, 116.182.1.106:80, 116.182.1.106:8080, 118.137.30.35:80, 118.137.30.35:8080, 125.236.183.161:80, 125.236.183.161:8080, 141.57.100.31:80, 141.57.100.31:8080, 142.106.62.226:80, 142.106.62.226:8080, 146.50.188.224:80, 146.50.188.224:8080, 149.239.193.193:80, 149.239.193.193:8080, 161.174.121.5:2222, 161.4.35.252:22, 168.167.70.128:2222, 172.67.133.228:443, 173.5.72.172:22, 179.250.64.210:2222, 182.32.139.233:80, 182.32.139.233:8080, 183.147.242.26:80, 183.147.242.26:8080, 195.197.46.242:80, 195.197.46.242:8080, 198.69.169.218:80, 198.69.169.218:8080, 20.195.231.146:1234, 206.242.50.104:80, 206.242.50.104:8080, 209.69.36.71:22, 211.217.12.211:80, 211.217.12.211:8080, 211.75.205.200:1234, 223.171.79.70:1234, 25.166.159.120:80, 25.166.159.120:8080, 252.242.174.14:80, 252.242.174.14:8080, 29.75.167.74:80, 29.75.167.74:8080, 3.70.51.169:80, 3.70.51.169:8080, 30.188.2.235:2222, 32.159.135.178:80, 32.159.135.178:8080, 37.110.149.238:80, 37.110.149.238:8080, 38.78.134.232:2222, 39.22.111.80:2222, 44.88.218.112:80, 44.88.218.112:8080, 45.120.216.114:1234, 45.142.122.215:1234, 45.21.105.159:2222, 51.75.146.174:443, 58.219.58.145:2222, 59.111.228.147:80, 59.111.228.147:8080, 62.234.9.182:80, 62.234.9.182:8080, 71.219.105.23:80, 71.219.105.23:8080, 72.193.70.71:80, 72.193.70.71:8080, 75.189.145.133:80, 75.189.145.133:8080, 82.69.47.12:80, 82.69.47.12:8080, 83.134.200.77:2222, 83.47.44.84:80, 83.47.44.84:8080, 85.199.212.43:22, 87.27.128.132:22, 88.217.96.177:80, 88.217.96.177:8080, 92.142.32.114:1234, 94.44.96.8:80, 94.44.96.8:8080, 96.128.217.73:80 and 96.128.217.73:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8081 and 8182 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: aeza.network, spcsdns.net and wanadoo.fr |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|