IP Address: 42.192.147.106Previously Malicious
IP Address: 42.192.147.106Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
SSH Superuser Operation Successful SSH Login Download and Execute Download and Allow Execution |
Associated Attack Servers |
11.28.142.94 11.55.214.183 13.124.116.69 33.173.113.192 49.49.114.138 66.235.53.72 81.70.94.80 101.102.22.116 111.247.42.202 113.176.83.159 117.18.76.68 129.185.53.46 138.2.83.98 139.28.146.27 144.70.182.221 155.223.68.229 161.35.79.199 183.105.175.141 201.73.42.250 206.189.25.255 222.166.250.61 253.246.57.148 |
IP Address |
42.192.147.106 |
|
Domain |
- |
|
ISP |
Tencent cloud computing |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
Last seen in Akamai Guardicore Segmentation |
2022-04-05 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 204 times |
Download and Execute |
Process /root/apache2 scanned port 22 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 generated outgoing network traffic to: 104.181.242.120:80, 104.181.242.120:8080, 104.21.25.86:443, 114.132.230.151:1234, 115.5.98.248:2222, 120.205.235.164:22, 120.69.103.246:80, 120.69.103.246:8080, 125.109.209.46:80, 125.109.209.46:8080, 129.234.137.243:22, 136.222.152.153:2222, 136.84.55.47:80, 136.84.55.47:8080, 139.32.111.243:2222, 140.252.150.84:80, 140.252.150.84:8080, 147.99.13.221:80, 147.99.13.221:8080, 157.162.117.86:80, 157.162.117.86:8080, 159.249.97.10:2222, 163.151.147.102:80, 163.151.147.102:8080, 17.139.91.83:80, 17.139.91.83:8080, 17.228.243.121:80, 17.228.243.121:8080, 171.58.20.55:80, 171.58.20.55:8080, 172.67.133.228:443, 18.179.170.179:80, 18.179.170.179:8080, 182.224.177.56:1234, 184.83.112.246:1234, 187.3.134.140:80, 187.3.134.140:8080, 191.144.87.146:80, 191.144.87.146:8080, 193.197.76.210:80, 193.197.76.210:8080, 196.93.209.90:80, 196.93.209.90:8080, 199.233.145.253:22, 199.246.102.181:22, 200.137.199.202:80, 200.137.199.202:8080, 205.101.155.62:22, 210.204.11.192:80, 210.204.11.192:8080, 210.244.68.98:80, 210.244.68.98:8080, 211.162.184.120:1234, 215.2.110.103:80, 215.2.110.103:8080, 218.4.113.117:80, 218.4.113.117:8080, 221.161.107.251:80, 221.161.107.251:8080, 247.144.98.6:80, 247.144.98.6:8080, 247.79.164.104:80, 247.79.164.104:8080, 26.112.44.183:80, 26.112.44.183:8080, 38.240.20.244:80, 38.240.20.244:8080, 40.45.121.130:22, 41.233.108.147:22, 45.199.252.231:22, 49.234.105.58:1234, 51.75.146.174:443, 56.29.106.150:80, 56.29.106.150:8080, 67.176.104.242:80, 67.176.104.242:8080, 67.57.211.24:80, 67.57.211.24:8080, 75.239.25.158:22, 81.244.110.65:80, 81.244.110.65:8080, 81.35.82.38:22, 81.70.208.164:1234, 81.70.246.81:1234, 85.67.244.152:80, 85.67.244.152:8080, 86.25.189.93:2222, 89.143.171.21:80 and 89.143.171.21:8080 |
Outgoing Connection |
Process /root/apache2 started listening on ports: 1234, 8087 and 8181 |
Listening |
Process /root/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 attempted to access suspicious domains: virginm.net |
Access Suspicious Domain Outgoing Connection |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
The file /root/php-fpm was downloaded and executed 29 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 31 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 20 times |
Download and Execute |
Connection was closed due to timeout |
|