IP Address: 49.232.192.93Previously Malicious
IP Address: 49.232.192.93Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
18.184.159.145 20.213.160.64 23.127.5.137 30.213.84.108 39.99.60.12 65.200.252.158 75.204.116.194 80.74.168.249 84.50.2.22 84.175.173.58 85.190.254.31 91.134.185.80 95.41.173.115 110.42.198.77 124.222.181.218 132.140.221.85 163.68.62.156 168.148.215.202 188.146.213.110 245.216.16.250 |
IP Address |
49.232.192.93 |
|
Domain |
- |
|
ISP |
Tencent cloud computing |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-05 |
Last seen in Akamai Guardicore Segmentation |
2022-04-16 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig started listening on ports: 1234, 8081 and 8187 |
Listening |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 110.42.198.77:1234, 111.11.89.52:80, 111.11.89.52:8080, 117.188.120.92:80, 117.188.120.92:8080, 123.84.9.155:80, 123.84.9.155:8080, 124.222.181.218:1234, 125.124.131.145:80, 125.124.131.145:8080, 132.140.221.85:22, 142.172.33.61:80, 142.172.33.61:8080, 142.251.32.4:443, 144.139.183.157:80, 144.139.183.157:8080, 155.72.48.253:80, 155.72.48.253:8080, 163.68.62.156:2222, 168.148.215.202:22, 172.67.133.228:443, 174.137.192.61:80, 174.137.192.61:8080, 174.230.245.20:80, 174.230.245.20:8080, 179.186.86.243:80, 179.186.86.243:8080, 18.184.159.145:2222, 188.146.213.110:22, 197.218.152.172:80, 197.218.152.172:8080, 2.222.107.194:80, 2.222.107.194:8080, 20.213.160.64:1234, 201.31.167.47:80, 201.31.167.47:8080, 204.215.170.5:80, 204.215.170.5:8080, 205.118.68.224:80, 205.118.68.224:8080, 208.134.228.153:80, 208.134.228.153:8080, 219.39.27.240:80, 219.39.27.240:8080, 23.127.5.137:2222, 245.124.162.208:80, 245.124.162.208:8080, 245.216.16.250:22, 248.210.104.141:80, 248.210.104.141:8080, 25.223.208.49:80, 25.223.208.49:8080, 253.125.128.166:80, 253.125.128.166:8080, 28.219.76.105:80, 28.219.76.105:8080, 30.213.84.108:22, 39.99.60.12:1234, 4.16.137.16:80, 4.16.137.16:8080, 42.89.17.253:80, 42.89.17.253:8080, 46.17.172.116:80, 46.17.172.116:8080, 51.75.146.174:443, 54.152.33.204:80, 54.152.33.204:8080, 57.139.176.106:80, 57.139.176.106:8080, 58.47.72.142:80, 58.47.72.142:8080, 65.200.252.158:2222, 65.34.36.48:80, 65.34.36.48:8080, 75.204.116.194:22, 8.8.8.8:443, 80.74.168.249:1234, 82.113.50.165:80, 82.113.50.165:8080, 84.102.223.132:80, 84.102.223.132:8080, 84.175.173.58:22, 84.50.2.22:2222, 85.190.254.31:1234, 88.127.163.154:80, 88.127.163.154:8080 and 95.41.173.115:2222 |
Outgoing Connection |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: myvzw.com, neobee.net, sbcglobal.net and t-ipconnect.de |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|