IP Address: 101.35.148.171Previously Malicious
IP Address: 101.35.148.171Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 3 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
39.39.7.16 41.231.127.5 47.242.209.63 49.236.192.106 58.221.116.178 60.108.12.232 63.57.187.212 68.85.148.60 85.133.8.94 85.228.105.82 92.230.13.144 113.22.182.72 117.54.14.169 120.211.227.11 122.198.244.90 130.39.55.62 136.50.25.185 153.233.140.224 170.161.226.96 180.109.164.131 184.127.1.221 211.161.90.158 |
IP Address |
101.35.148.171 |
|
Domain |
- |
|
ISP |
Beijing CNISP Technology Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-02-24 |
Last seen in Akamai Guardicore Segmentation |
2022-04-20 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 113.22.182.72:2222, 117.54.14.169:1234, 12.62.221.146:80, 12.62.221.146:8080, 120.211.227.11:1234, 122.198.244.90:2222, 130.39.55.62:22, 134.167.223.158:80, 134.167.223.158:8080, 136.50.25.185:22, 141.177.152.236:80, 141.177.152.236:8080, 147.13.247.33:80, 147.13.247.33:8080, 147.244.196.171:80, 147.244.196.171:8080, 153.186.82.35:80, 153.186.82.35:8080, 153.233.140.224:2222, 157.10.58.107:80, 157.10.58.107:8080, 170.161.226.96:2222, 177.233.226.61:80, 177.233.226.61:8080, 180.109.164.131:1234, 183.156.133.114:80, 183.156.133.114:8080, 184.127.1.221:22, 191.33.215.91:80, 191.33.215.91:8080, 192.130.212.26:80, 192.130.212.26:8080, 192.87.230.51:80, 192.87.230.51:8080, 198.231.40.93:80, 198.231.40.93:8080, 200.140.104.56:80, 200.140.104.56:8080, 201.16.34.240:80, 201.16.34.240:8080, 205.76.71.150:80, 205.76.71.150:8080, 211.161.90.158:1234, 219.54.4.148:80, 219.54.4.148:8080, 240.116.42.168:80, 240.116.42.168:8080, 242.1.172.201:80, 242.1.172.201:8080, 249.15.123.115:80, 249.15.123.115:8080, 27.106.72.29:80, 27.106.72.29:8080, 28.78.8.151:80, 28.78.8.151:8080, 39.39.7.16:2222, 40.185.246.63:80, 40.185.246.63:8080, 40.187.8.244:80, 40.187.8.244:8080, 41.130.109.116:80, 41.130.109.116:8080, 41.134.88.185:80, 41.134.88.185:8080, 41.231.127.5:1234, 47.242.209.63:22, 49.236.192.106:1234, 54.217.23.1:80, 54.217.23.1:8080, 58.221.116.178:1234, 59.106.27.81:80, 59.106.27.81:8080, 60.108.12.232:2222, 63.57.187.212:22, 68.85.148.60:2222, 7.19.28.194:80, 7.19.28.194:8080, 82.73.246.201:80, 82.73.246.201:8080, 83.141.5.27:80, 83.141.5.27:8080, 85.133.8.94:2222, 85.228.105.82:22, 92.230.13.144:22, 98.83.121.90:80 and 98.83.121.90:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8088 and 8185 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: bbtec.net and telenor.se |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|