IP Address: 218.29.167.162Previously Malicious
IP Address: 218.29.167.162Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
Associated Attack Servers |
38.40.53.77 38.215.235.21 45.130.147.8 46.101.138.44 58.240.64.214 81.70.94.80 82.55.176.114 83.224.155.27 114.132.230.151 117.179.215.141 117.247.104.19 124.124.198.246 126.209.214.93 159.149.118.213 161.130.18.242 175.24.120.21 194.122.251.172 215.13.202.208 251.180.210.155 |
IP Address |
218.29.167.162 |
|
Domain |
- |
|
ISP |
China Unicom Liaoning |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-01-19 |
Last seen in Akamai Guardicore Segmentation |
2022-04-17 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 104.21.25.86:443, 110.101.15.85:80, 110.101.15.85:8080, 110.129.219.201:80, 110.129.219.201:8080, 114.132.230.151:1234, 115.173.14.110:80, 115.173.14.110:8080, 117.179.215.141:2222, 117.247.104.19:80, 117.247.104.19:8080, 117.247.104.19:8090, 124.115.231.214:1234, 124.124.198.246:22, 126.209.214.93:2222, 130.79.175.122:80, 130.79.175.122:8080, 14.31.65.165:80, 14.31.65.165:8080, 142.251.32.4:443, 159.149.118.213:1234, 161.130.18.242:22, 172.128.236.154:80, 172.128.236.154:8080, 174.168.31.11:80, 174.168.31.11:8080, 175.24.120.21:1234, 182.42.113.30:80, 182.42.113.30:8080, 194.122.251.172:22, 197.41.82.240:80, 197.41.82.240:8080, 199.160.194.235:80, 199.160.194.235:8080, 206.106.22.23:80, 206.106.22.23:8080, 206.211.223.103:80, 206.211.223.103:8080, 209.45.245.56:80, 209.45.245.56:8080, 214.83.142.45:80, 214.83.142.45:8080, 215.13.202.208:2222, 220.53.65.127:80, 220.53.65.127:8080, 223.111.250.94:80, 223.111.250.94:8080, 23.91.33.43:80, 23.91.33.43:8080, 245.169.143.15:80, 245.169.143.15:8080, 248.7.109.86:80, 248.7.109.86:8080, 250.155.69.106:80, 250.155.69.106:8080, 251.180.210.155:22, 253.8.199.161:80, 253.8.199.161:8080, 38.215.235.21:22, 38.40.53.77:22, 45.130.147.8:1234, 46.101.138.44:80, 46.101.138.44:8080, 46.101.138.44:8090, 46.106.249.28:80, 46.106.249.28:8080, 46.221.156.134:80, 46.221.156.134:8080, 5.132.235.84:80, 5.132.235.84:8080, 51.75.146.174:443, 55.188.10.107:80, 55.188.10.107:8080, 58.240.64.214:2222, 67.134.202.80:80, 67.134.202.80:8080, 70.73.110.226:80, 70.73.110.226:8080, 8.8.4.4:443, 8.8.8.8:443, 81.221.216.153:80, 81.221.216.153:8080, 81.70.94.80:1234, 82.55.176.114:2222, 83.224.155.27:1234, 88.74.235.236:80, 88.74.235.236:8080, 94.245.253.23:80 and 94.245.253.23:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig attempted to access suspicious domains: as286.net, bbtec.net, umh.edu and zcrtyshop.club |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8081 and 8183 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|