IP Address: 103.96.41.245Previously Malicious
IP Address: 103.96.41.245Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
103.96.41.245 |
|
Domain |
- |
|
ISP |
Shree Balaji Infotech Solutions |
|
Country |
India |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-02-23 |
Last seen in Akamai Guardicore Segmentation |
2022-10-12 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
System file /etc/apache2 was modified 4 times |
System File Modification |
The file /etc/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /etc/apache2 scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
The file /etc/apache2 was downloaded and executed 174 times |
Download and Execute |
Process /etc/apache2 generated outgoing network traffic to: 101.42.90.177:1234, 104.98.12.27:80, 104.98.12.27:8080, 110.127.110.119:80, 110.127.110.119:8080, 111.53.11.130:1234, 114.14.95.199:80, 114.14.95.199:8080, 114.94.181.235:80, 114.94.181.235:8080, 117.110.42.118:80, 117.110.42.118:8080, 117.16.44.111:1234, 117.54.14.169:1234, 120.224.34.31:1234, 135.180.229.246:80, 135.180.229.246:8080, 140.103.193.40:80, 140.103.193.40:8080, 141.134.26.93:80, 141.134.26.93:8080, 143.144.121.196:80, 143.144.121.196:8080, 147.120.136.37:80, 147.120.136.37:8080, 148.94.226.6:80, 148.94.226.6:8080, 150.107.95.20:1234, 151.193.212.158:80, 151.193.212.158:8080, 161.107.113.27:1234, 161.35.79.199:1234, 161.70.98.32:1234, 172.64.162.15:443, 172.64.163.15:443, 173.18.35.41:1234, 179.139.16.185:80, 179.139.16.185:8080, 18.77.1.206:80, 18.77.1.206:8080, 180.33.108.152:80, 180.33.108.152:8080, 182.224.177.56:1234, 183.149.40.168:80, 183.149.40.168:8080, 185.210.144.122:1234, 187.162.124.62:80, 187.162.124.62:8080, 193.5.223.232:80, 2.218.92.155:80, 2.218.92.155:8080, 201.116.35.110:80, 201.116.35.110:8080, 209.216.177.238:1234, 214.164.143.146:80, 214.164.143.146:8080, 222.100.124.62:1234, 222.121.63.87:1234, 222.134.240.92:1234, 223.171.91.149:1234, 223.171.91.191:1234, 240.171.188.113:80, 240.171.188.113:8080, 245.63.111.158:80, 245.63.111.158:8080, 246.195.64.107:80, 246.195.64.107:8080, 25.77.161.223:80, 25.77.161.223:8080, 28.66.93.166:80, 28.66.93.166:8080, 31.222.150.116:80, 31.222.150.116:8080, 33.31.249.161:80, 33.31.249.161:8080, 4.194.110.219:80, 4.194.110.219:8080, 43.242.247.139:1234, 44.91.98.157:80, 49.233.159.222:1234, 51.75.146.174:443, 52.131.32.110:1234, 62.12.106.5:1234, 64.227.132.175:1234, 93.251.195.175:80, 93.251.195.175:8080, 94.153.165.43:1234, 96.5.215.10:80 and 96.5.215.10:8080 |
Outgoing Connection |
Process /etc/apache2 started listening on ports: 1234, 8083 and 8181 |
Listening |
Process /etc/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /etc/apache2 scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|