IP Address: 101.35.180.72Previously Malicious
IP Address: 101.35.180.72Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
System File Modification Port 1234 Scan SSH Listening SCP Port 80 Scan Port 8080 Scan Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Download File 4 Shell Commands Outgoing Connection |
Associated Attack Servers |
IP Address |
101.35.180.72 |
|
Domain |
- |
|
ISP |
Beijing CNISP Technology Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-21 |
Last seen in Akamai Guardicore Segmentation |
2022-09-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
System file /etc/ifconfig was modified 9 times |
System File Modification |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
System file /etc/apache2 was modified 4 times |
System File Modification |
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /etc/apache2 was downloaded and executed 103 times |
Download and Execute |
Process /etc/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses 2 times |
Port 1234 Scan |
Process /etc/ifconfig generated outgoing network traffic to: 100.232.213.232:80, 100.232.213.232:8080, 101.42.90.177:1234, 103.90.177.102:1234, 106.42.126.132:80, 106.42.126.132:8080, 107.35.46.157:80, 107.35.46.157:8080, 111.53.11.130:1234, 118.41.204.72:1234, 119.211.131.226:80, 119.211.131.226:8080, 124.115.231.214:1234, 129.197.64.210:80, 129.197.64.210:8080, 136.249.138.213:80, 136.249.138.213:8080, 137.251.252.76:80, 137.251.252.76:8080, 138.136.195.75:80, 138.136.195.75:8080, 141.187.112.8:80, 141.187.112.8:8080, 15.117.193.46:80, 15.117.193.46:8080, 157.51.190.65:80, 157.51.190.65:8080, 161.107.113.34:1234, 163.53.148.27:80, 163.53.148.27:8080, 163.73.222.110:80, 163.73.222.110:8080, 164.209.48.227:80, 164.209.48.227:8080, 172.30.55.125:80, 172.30.55.125:8080, 172.46.39.253:80, 172.46.39.253:8080, 172.64.130.4:443, 172.64.131.4:443, 173.18.35.41:1234, 180.176.137.59:80, 180.176.137.59:8080, 185.210.144.122:1234, 190.60.239.44:1234, 195.218.93.67:80, 195.218.93.67:8080, 20.141.185.205:1234, 208.197.250.239:80, 208.197.250.239:8080, 209.216.177.158:1234, 209.216.177.238:1234, 211.162.184.120:1234, 212.57.36.20:1234, 214.135.68.102:80, 214.135.68.102:8080, 215.82.115.244:80, 215.82.115.244:8080, 217.182.27.121:80, 217.182.27.121:8080, 221.46.76.77:80, 222.121.63.87:1234, 223.171.91.149:1234, 23.203.214.214:80, 243.137.182.217:80, 243.137.182.217:8080, 253.170.50.192:80, 253.170.50.192:8080, 37.100.60.96:80, 37.100.60.96:8080, 39.175.68.100:1234, 43.242.247.139:1234, 48.112.11.74:80, 48.112.11.74:8080, 51.75.146.174:443, 52.131.32.110:1234, 52.240.249.143:80, 52.240.249.143:8080, 58.229.125.66:1234, 59.50.39.166:80, 59.50.39.166:8080, 61.77.105.219:1234, 80.147.162.151:1234, 82.66.5.84:1234, 89.192.210.152:80, 89.192.210.152:8080, 91.37.59.60:80, 91.37.59.60:8080 and 95.154.21.210:1234 |
Outgoing Connection |
Process /etc/ifconfig started listening on ports: 1234, 8086 and 8189 |
Listening |
Process /etc/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to user inactivity |
|