IP Address: 101.43.224.103Previously Malicious
IP Address: 101.43.224.103Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 1234 Scan SSH Listening 5 Shell Commands Port 80 Scan Port 8080 Scan Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Outgoing Connection |
Associated Attack Servers |
IP Address |
101.43.224.103 |
|
Domain |
- |
|
ISP |
Beijing CNISP Technology Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-07-31 |
Last seen in Akamai Guardicore Segmentation |
2022-10-25 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /root/ifconfig scanned port 1234 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 27 IP Addresses |
Port 1234 Scan |
The file /root/apache2 was downloaded and executed 114 times |
Download and Execute |
Process /root/ifconfig generated outgoing network traffic to: 1.220.98.197:1234, 103.90.177.102:1234, 104.21.25.86:443, 117.16.44.111:1234, 120.224.34.31:1234, 120.236.79.182:1234, 123.132.238.210:1234, 124.115.231.214:1234, 124.223.14.100:1234, 129.174.129.139:80, 129.174.129.139:8080, 131.60.10.7:80, 131.60.10.7:8080, 135.214.69.187:80, 135.214.69.187:8080, 136.6.131.49:80, 136.6.131.49:8080, 139.244.221.161:80, 139.244.221.161:8080, 143.199.180.43:80, 143.199.180.43:8080, 172.67.133.228:443, 182.41.190.19:80, 182.41.190.19:8080, 190.60.239.44:1234, 191.242.188.103:1234, 199.109.119.243:80, 199.109.119.243:8080, 199.30.128.2:80, 200.88.52.139:80, 200.88.52.139:8080, 206.189.25.255:1234, 209.205.99.42:80, 209.216.177.158:1234, 210.144.118.167:80, 210.144.118.167:8080, 212.57.36.20:1234, 216.192.103.167:80, 216.192.103.167:8080, 222.134.240.91:1234, 222.165.136.99:1234, 223.171.91.160:1234, 223.171.91.191:1234, 223.189.229.149:80, 223.99.166.104:1234, 240.77.170.116:80, 240.77.170.116:8080, 246.28.3.74:80, 246.28.3.74:8080, 27.156.133.86:80, 27.156.133.86:8080, 31.118.127.150:80, 31.118.127.150:8080, 31.19.237.170:1234, 34.15.219.183:80, 34.15.219.183:8080, 34.176.126.53:80, 34.176.126.53:8080, 39.175.68.100:1234, 46.13.164.29:1234, 47.21.100.201:80, 47.21.100.201:8080, 50.174.227.235:80, 50.174.227.235:8080, 51.159.19.47:1234, 51.75.146.174:443, 53.97.215.94:80, 53.97.215.94:8080, 56.248.60.229:80, 56.248.60.229:8080, 7.246.160.65:80, 7.246.160.65:8080, 71.73.81.62:80, 71.73.81.62:8080, 78.79.229.84:80, 78.79.229.84:8080, 81.130.103.38:80, 81.130.103.38:8080, 82.66.5.84:1234, 84.204.148.99:1234, 84.67.23.223:80, 84.67.23.223:8080, 89.188.9.43:80, 89.188.9.43:8080, 89.42.183.199:80, 89.42.183.199:8080, 89.80.153.11:80, 89.80.153.11:8080 and 94.153.165.43:1234 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8085 and 8187 |
Listening |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 29 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to user inactivity |
|