IP Address: 101.42.90.177Previously Malicious
IP Address: 101.42.90.177Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
101.42.90.177 |
|
Domain |
- |
|
ISP |
Beijing CNISP Technology Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-18 |
Last seen in Akamai Guardicore Segmentation |
2022-09-30 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /tmp/ifconfig scanned port 1234 on 25 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 80 on 25 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 25 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 1234 on 19 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /usr/sbin/sshd scanned port 1234 on 25 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 25 IP Addresses |
Port 1234 Scan |
The file /tmp/apache2 was downloaded and executed 173 times |
Download and Execute |
Process /tmp/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 101.42.90.177:1234, 101.42.90.177:22, 103.90.177.102:1234, 106.228.137.230:80, 106.228.137.230:8080, 106.248.104.121:80, 109.246.38.165:80, 11.25.63.2:80, 11.25.63.2:8080, 112.229.18.168:80, 112.229.18.168:8080, 117.16.44.111:1234, 118.218.209.149:1234, 142.250.191.196:443, 143.95.37.167:80, 143.95.37.167:8080, 147.228.68.57:80, 147.228.68.57:8080, 150.107.95.20:1234, 156.3.169.22:80, 156.3.169.22:8080, 159.189.139.131:80, 159.189.139.131:8080, 161.35.79.199:1234, 161.35.79.199:22, 161.70.98.32:1234, 172.67.133.228:443, 173.18.35.41:1234, 174.133.148.141:80, 174.133.148.141:8080, 180.243.119.34:80, 180.243.119.34:8080, 184.83.112.246:1234, 186.136.13.79:80, 188.40.248.251:80, 188.40.248.251:8080, 189.145.148.144:80, 191.242.188.103:1234, 209.216.177.158:1234, 213.166.103.94:80, 213.166.103.94:8080, 213.199.37.35:80, 222.121.63.87:1234, 222.134.240.91:1234, 222.134.240.92:1234, 23.208.200.99:80, 23.208.200.99:8080, 240.135.32.175:80, 26.202.165.29:80, 3.46.108.244:80, 3.46.108.244:8080, 39.175.68.100:1234, 42.221.58.109:80, 43.105.117.220:80, 44.76.38.127:80, 44.76.38.127:8080, 48.169.20.61:80, 48.169.20.61:8080, 49.233.159.222:1234, 51.75.146.174:443, 59.3.186.45:1234, 59.90.219.170:80, 62.12.106.5:1234, 64.227.132.175:1234, 66.131.165.7:80, 70.85.208.193:80, 73.229.222.173:80, 73.229.222.173:8080, 77.197.19.160:80, 77.197.19.160:8080, 8.8.8.8:443, 80.137.43.147:80, 80.137.43.147:8080, 82.66.5.84:1234, 84.204.148.99:1234, 87.21.10.51:80, 87.21.10.51:8080, 89.212.123.191:1234, 94.153.165.43:1234 and 98.131.229.107:80 |
Outgoing Connection |
Process /tmp/ifconfig started listening on ports: 1234, 8084 and 8189 |
Listening |
Process /tmp/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 80 on 19 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/ifconfig scanned port 8080 on 19 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|