IP Address: 115.45.64.175Previously Malicious
IP Address: 115.45.64.175Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Successful SSH Login SCP Download File SSH Download and Execute Download and Allow Execution Superuser Operation |
Associated Attack Servers |
3.91.21.110 6.72.128.194 8.94.11.219 44.88.130.179 54.54.55.102 58.229.125.66 61.77.105.219 81.70.21.147 101.35.168.159 111.131.112.68 117.50.179.58 126.70.24.227 173.225.44.109 185.179.51.96 197.70.162.2 240.104.119.79 244.4.101.154 |
IP Address |
115.45.64.175 |
|
Domain |
- |
|
ISP |
ShenZhen Topway Video Communication Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-29 |
Last seen in Akamai Guardicore Segmentation |
2022-07-30 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 185 times |
Download and Execute |
Process /root/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig generated outgoing network traffic to: 1.220.98.197:1234, 103.105.12.48:1234, 104.21.25.86:443, 111.53.11.130:1234, 113.169.49.92:80, 113.169.49.92:8080, 117.80.212.33:1234, 118.41.204.72:1234, 120.224.34.31:1234, 120.31.133.162:1234, 125.95.216.248:80, 125.95.216.248:8080, 131.59.5.130:80, 131.59.5.130:8080, 133.46.4.85:80, 133.46.4.85:8080, 134.93.97.73:80, 139.209.222.134:1234, 142.136.128.173:80, 142.136.128.173:8080, 142.176.72.172:80, 142.176.72.172:8080, 15.103.213.245:80, 15.103.213.245:8080, 155.91.140.4:80, 155.91.140.4:8080, 159.202.236.45:80, 159.202.236.45:8080, 166.196.46.242:80, 166.196.46.242:8080, 172.67.133.228:443, 173.18.35.41:1234, 191.242.182.210:1234, 191.242.188.103:1234, 193.162.189.165:80, 196.88.125.177:80, 196.88.125.177:8080, 198.44.82.152:80, 198.44.82.152:8080, 206.189.25.255:1234, 210.130.88.46:80, 210.130.88.46:8080, 220.243.148.80:1234, 222.100.124.62:1234, 222.121.63.87:1234, 222.134.240.92:1234, 222.165.136.99:1234, 223.171.91.149:1234, 223.99.166.104:1234, 23.104.201.25:80, 23.104.201.25:8080, 248.50.2.29:80, 248.50.2.29:8080, 26.200.233.18:80, 26.200.233.18:8080, 3.115.190.239:80, 3.115.190.239:8080, 31.207.139.50:80, 31.207.139.50:8080, 33.128.219.193:80, 33.128.219.193:8080, 37.147.169.197:80, 37.147.169.197:8080, 4.230.59.253:80, 4.230.59.253:8080, 49.233.159.222:1234, 51.75.146.174:443, 59.198.37.143:80, 59.198.37.143:8080, 59.3.186.45:1234, 6.21.245.206:80, 6.21.245.206:8080, 62.185.112.186:80, 62.185.112.186:8080, 63.147.202.109:80, 63.147.202.109:8080, 64.227.132.175:1234, 66.183.169.224:80, 66.183.169.224:8080, 71.106.204.100:80, 71.106.204.100:8080, 71.42.8.199:80, 71.42.8.199:8080, 78.226.157.34:80, 78.226.157.34:8080, 82.149.112.170:1234, 9.102.16.49:80, 9.102.16.49:8080 and 93.176.229.145:1234 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8081 and 8188 |
Listening |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 30 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Process /usr/local/mysql/bin/mysqld started listening on ports: 3306 3 times |
Listening |
Connection was closed due to timeout |
|