IP Address: 42.194.138.246Malicious
IP Address: 42.194.138.246Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
42.194.138.246 |
|
Domain |
- |
|
ISP |
Tencent cloud computing |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-02-24 |
Last seen in Akamai Guardicore Segmentation |
2023-04-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 100.115.230.228:22, 105.51.122.112:80, 105.51.122.112:8080, 108.34.185.30:80, 108.34.185.30:8080, 110.195.169.106:80, 110.195.169.106:8080, 110.93.91.112:80, 110.93.91.112:8080, 112.64.230.253:22, 124.180.226.4:80, 124.180.226.4:8080, 13.80.135.35:80, 13.80.135.35:8080, 132.241.206.237:22, 133.73.113.169:2222, 134.209.32.120:1234, 142.191.249.246:80, 142.191.249.246:8080, 147.110.62.141:2222, 154.243.97.95:80, 154.243.97.95:8080, 159.155.152.61:80, 159.155.152.61:8080, 160.12.240.2:22, 162.137.49.164:22, 163.29.89.118:80, 163.29.89.118:8080, 170.95.46.127:80, 170.95.46.127:8080, 173.212.121.206:22, 185.79.35.152:80, 185.79.35.152:8080, 199.27.7.95:80, 199.27.7.95:8080, 2.6.152.121:2222, 200.59.220.98:22, 202.45.84.239:80, 202.45.84.239:8080, 202.90.131.38:1234, 207.132.139.115:80, 207.132.139.115:8080, 21.77.6.130:80, 21.77.6.130:8080, 212.38.231.58:80, 212.38.231.58:8080, 213.63.69.33:80, 213.63.69.33:8080, 214.32.103.117:80, 214.32.103.117:8080, 217.234.237.250:80, 217.234.237.250:8080, 218.53.213.167:22, 221.219.79.53:1234, 246.138.241.218:80, 246.138.241.218:8080, 25.88.141.249:80, 25.88.141.249:8080, 252.142.20.43:80, 252.142.20.43:8080, 27.247.21.182:80, 27.247.21.182:8080, 31.169.25.190:1234, 35.35.193.126:80, 35.35.193.126:8080, 42.194.138.246:1234, 43.38.202.209:22, 47.127.239.49:80, 47.127.239.49:8080, 47.14.38.166:80, 47.14.38.166:8080, 49.233.159.222:1234, 53.189.106.99:2222, 6.27.37.103:22, 61.41.62.7:80, 61.41.62.7:8080, 65.97.6.13:80, 65.97.6.13:8080, 68.52.17.26:22, 74.241.88.51:80, 74.241.88.51:8080, 77.69.28.95:80, 77.69.28.95:8080, 78.154.62.79:80, 78.154.62.79:8080, 82.157.131.41:1234, 82.79.35.13:2222 and 86.139.120.130:2222 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8082 and 8189 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: btcentralplus.com and wanadoo.fr |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|
/var/tmp/ifconfig |
SHA256: 64cdfd97a3e22fde4245d682910b8c7b130ce93adda909f9cdd90f8c68d92fc1 |
2862704 bytes |