IP Address: 101.43.45.122Previously Malicious
IP Address: 101.43.45.122Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
Associated Attack Servers |
18.129.118.169 37.25.54.162 55.118.39.236 74.123.124.202 116.115.251.198 118.109.31.34 124.221.122.219 133.89.243.23 159.149.118.213 183.108.199.88 220.243.148.8 223.171.91.127 |
IP Address |
101.43.45.122 |
|
Domain |
- |
|
ISP |
Beijing CNISP Technology Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-04 |
Last seen in Akamai Guardicore Segmentation |
2022-04-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 102.230.53.26:80, 102.230.53.26:8080, 104.21.25.86:443, 107.221.28.54:80, 107.221.28.54:8080, 112.207.235.138:80, 112.207.235.138:8080, 116.115.251.198:2222, 118.109.31.34:2222, 118.94.114.102:22, 119.14.106.112:80, 119.14.106.112:8080, 122.126.116.2:22, 123.176.222.246:22, 124.221.122.219:1234, 128.154.133.184:80, 128.154.133.184:8080, 128.167.236.36:80, 128.167.236.36:8080, 129.145.182.10:80, 129.145.182.10:8080, 131.27.97.186:80, 131.27.97.186:8080, 133.89.243.23:2222, 134.116.162.233:80, 134.116.162.233:8080, 137.146.29.44:80, 137.146.29.44:8080, 152.67.163.6:80, 152.67.163.6:8080, 158.124.193.211:80, 158.124.193.211:8080, 159.149.118.213:1234, 159.21.210.108:22, 169.96.114.164:80, 169.96.114.164:8080, 172.67.133.228:443, 18.129.118.169:2222, 181.149.108.38:22, 183.108.199.88:1234, 2.117.229.25:80, 2.117.229.25:8080, 202.53.139.80:80, 202.53.139.80:8080, 209.27.211.4:80, 209.27.211.4:8080, 209.72.86.146:80, 209.72.86.146:8080, 210.100.81.90:22, 215.159.148.169:80, 215.159.148.169:8080, 220.243.148.8:1234, 223.171.91.127:1234, 241.172.50.60:80, 241.172.50.60:8080, 245.186.65.1:80, 245.186.65.1:8080, 246.14.160.240:22, 247.45.173.203:22, 247.57.155.241:80, 247.57.155.241:8080, 26.182.174.39:80, 26.182.174.39:8080, 37.25.54.162:1234, 4.79.176.28:80, 4.79.176.28:8080, 40.128.41.49:80, 40.128.41.49:8080, 45.177.150.213:80, 45.177.150.213:8080, 47.187.128.31:80, 47.187.128.31:8080, 49.244.193.70:80, 49.244.193.70:8080, 51.75.146.174:443, 55.118.39.236:2222, 58.39.189.103:80, 58.39.189.103:8080, 59.61.52.74:80, 59.61.52.74:8080, 73.138.142.32:80, 73.138.142.32:8080, 74.123.124.202:2222, 75.97.44.172:1234, 82.111.124.83:80, 82.111.124.83:8080, 94.131.163.75:22, 97.164.218.32:80 and 97.164.218.32:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8088 and 8180 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: mesh.ad.jp, osakac.ac.jp and ptd.net |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|