IP Address: 101.42.171.38Previously Malicious
IP Address: 101.42.171.38Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
System File Modification Port 1234 Scan SSH SCP Port 80 Scan Port 8080 Scan Superuser Operation Successful SSH Login Download and Execute Download File |
Associated Attack Servers |
31.25.241.248 63.250.40.205 95.154.21.210 123.132.238.210 161.70.98.32 172.64.110.32 172.64.111.32 |
IP Address |
101.42.171.38 |
|
Domain |
- |
|
ISP |
Beijing CNISP Technology Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-06-07 |
Last seen in Akamai Guardicore Segmentation |
2022-09-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
System file /etc/apache2 was modified 4 times |
System File Modification |
The file /etc/apache2 was downloaded and executed 173 times |
Download and Execute |
Process /etc/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /etc/ifconfig generated outgoing network traffic to: 100.130.27.252:80, 100.130.27.252:8080, 101.253.152.227:80, 101.253.152.227:8080, 101.42.90.177:1234, 103.152.118.20:1234, 11.129.119.175:80, 11.129.119.175:8080, 118.218.209.149:1234, 120.224.34.31:1234, 120.236.79.182:1234, 121.52.202.151:80, 121.52.202.151:8080, 124.115.231.214:1234, 139.209.222.134:1234, 15.223.170.62:80, 15.223.170.62:8080, 161.107.113.34:1234, 161.174.196.136:80, 161.174.196.136:8080, 166.7.60.232:80, 166.7.60.232:8080, 169.133.101.148:80, 169.133.101.148:8080, 17.109.37.171:80, 17.109.37.171:8080, 172.64.130.4:443, 172.64.131.4:443, 173.146.165.146:80, 173.146.165.146:8080, 173.18.35.41:1234, 185.210.144.122:1234, 190.138.240.233:1234, 209.216.177.158:1234, 209.64.39.43:80, 209.64.39.43:8080, 210.99.20.194:1234, 212.57.36.20:1234, 223.171.91.191:1234, 23.244.197.133:80, 23.244.197.133:8080, 241.240.22.157:80, 245.249.104.198:80, 245.249.104.198:8080, 250.5.14.100:80, 250.5.14.100:8080, 251.170.174.63:80, 251.170.174.63:8080, 29.108.17.83:80, 29.108.17.83:8080, 31.19.237.170:1234, 39.162.107.74:80, 39.162.107.74:8080, 39.175.68.100:1234, 45.169.68.245:80, 45.169.68.245:8080, 46.13.164.29:1234, 49.7.146.238:80, 51.75.146.174:443, 54.46.175.175:80, 54.46.175.175:8080, 56.78.249.13:80, 56.78.249.13:8080, 58.229.125.66:1234, 59.21.114.114:80, 59.21.114.114:8080, 6.59.80.218:80, 6.59.80.218:8080, 61.84.162.66:1234, 64.132.111.204:80, 64.132.111.204:8080, 64.227.132.175:1234, 66.118.149.198:80, 66.118.149.198:8080, 67.85.204.32:80, 67.85.204.32:8080, 75.52.177.116:80, 75.52.177.116:8080, 84.9.8.136:80, 84.9.8.136:8080, 85.33.55.130:80, 85.33.55.130:8080, 86.133.233.66:1234, 89.162.9.131:80, 89.162.9.131:8080, 89.212.123.191:1234, 94.153.165.43:1234, 97.132.238.247:80 and 97.132.238.247:8080 |
Outgoing Connection |
Process /etc/ifconfig started listening on ports: 1234, 8089 and 8181 |
Listening |
Process /etc/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/ifconfig scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|
/var/tmp/ifconfig |
SHA256: 3b9707d2b3c510499a866fe655f57f05eba1eb55566b03979602e5b9d6616a05 |
655360 bytes |
/var/tmp/ifconfig |
SHA256: 6ee5b0eadb32669e495a5d4157119d3a8248235f0b3e21084070fb6bb45ca89e |
950272 bytes |
/var/tmp/ifconfig |
SHA256: 9f26c9e5240ac92baa25aadfd4f23dcb35723982204e00da5cbfb5cb88bf56af |
1867776 bytes |
/var/tmp/ifconfig |
SHA256: bf9553be0290bc2603b057d3daa41cbcc7f761941ff5519b7d441abe836ec046 |
2457600 bytes |
/var/tmp/ifconfig |
SHA256: d514a074f44f23b6eff388b3d18ee6f9091455ffe69af46398d8d92420c39fe0 |
491520 bytes |
/var/tmp/ifconfig |
SHA256: e1dadd87aa59540122cfd42148c70236d72b8cccf5845aa3a341f38e80c3fc67 |
294912 bytes |
/var/tmp/ifconfig |
SHA256: e4a5d99932cb3a0a12fc29c3cc6d9cbb5c501f5095517401b32eb23c9442c3fe |
1015808 bytes |