IP Address: 42.231.31.244Previously Malicious
IP Address: 42.231.31.244Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 22 Scan Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
37.142.52.6 50.7.86.202 52.196.228.26 80.85.84.75 99.247.243.86 116.86.89.227 124.221.119.17 124.221.162.244 125.17.115.94 133.133.4.40 140.222.185.200 184.83.112.246 218.39.227.61 223.171.91.127 |
IP Address |
42.231.31.244 |
|
Domain |
- |
|
ISP |
China Unicom Liaoning |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2018-06-10 |
Last seen in Akamai Guardicore Segmentation |
2022-03-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 104.21.25.86:443, 108.48.67.241:80, 108.48.67.241:8080, 115.221.15.73:80, 115.221.15.73:8080, 116.86.89.227:2222, 124.221.119.17:1234, 124.221.162.244:1234, 125.17.115.94:1234, 133.133.4.40:2222, 134.242.237.108:80, 134.242.237.108:8080, 138.160.51.102:22, 138.175.30.91:80, 138.175.30.91:8080, 140.119.109.232:80, 140.119.109.232:8080, 140.222.185.200:2222, 142.52.103.230:80, 142.52.103.230:8080, 147.212.77.235:80, 147.212.77.235:8080, 147.34.192.167:22, 152.13.96.252:80, 152.13.96.252:8080, 156.143.228.80:22, 157.31.154.180:80, 157.31.154.180:8080, 160.154.101.53:80, 160.154.101.53:8080, 17.190.167.124:80, 17.190.167.124:8080, 172.67.133.228:443, 184.83.112.246:1234, 19.172.200.104:80, 19.172.200.104:8080, 191.190.233.248:22, 192.76.50.75:80, 192.76.50.75:8080, 193.84.145.222:22, 194.104.60.82:80, 194.104.60.82:8080, 202.36.187.88:80, 202.36.187.88:8080, 209.117.207.231:80, 209.117.207.231:8080, 210.95.189.247:80, 210.95.189.247:8080, 216.194.1.240:80, 216.194.1.240:8080, 217.185.77.231:80, 217.185.77.231:8080, 218.39.227.61:2222, 223.171.91.127:1234, 23.248.65.245:80, 23.248.65.245:8080, 244.122.114.59:80, 244.122.114.59:8080, 246.200.51.87:80, 246.200.51.87:8080, 252.250.197.195:22, 29.34.217.159:22, 3.60.207.13:80, 3.60.207.13:8080, 33.171.34.203:80, 33.171.34.203:8080, 37.142.52.6:2222, 40.150.138.223:80, 40.150.138.223:8080, 49.141.166.47:80, 49.141.166.47:8080, 5.157.96.219:22, 50.7.86.202:1234, 51.75.146.174:443, 52.196.228.26:2222, 57.211.218.80:80, 57.211.218.80:8080, 62.252.82.94:22, 69.222.104.213:80, 69.222.104.213:8080, 80.117.198.137:80, 80.117.198.137:8080, 82.40.214.213:80, 82.40.214.213:8080, 88.62.179.167:80, 88.62.179.167:8080, 99.247.243.86:1234, 99.40.233.244:80 and 99.40.233.244:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8081 and 8184 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: hotnet.net.il and starhub.net.sg |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|