IP Address: 42.231.61.107Previously Malicious
IP Address: 42.231.61.107Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
4.97.216.87 4.151.207.20 5.161.42.72 34.194.66.197 75.232.166.43 88.67.131.152 101.43.63.42 103.141.246.254 106.24.250.22 106.52.252.228 112.157.16.234 119.91.23.235 120.247.202.100 124.171.97.41 136.124.16.194 140.115.173.248 159.75.135.54 159.142.149.227 168.233.201.220 201.88.101.126 215.21.122.232 242.119.200.60 |
IP Address |
42.231.61.107 |
|
Domain |
- |
|
ISP |
China Unicom Liaoning |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2018-09-30 |
Last seen in Akamai Guardicore Segmentation |
2022-04-05 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 101.43.63.42:1234, 102.16.87.210:80, 102.16.87.210:8080, 103.141.246.254:1234, 103.247.21.207:80, 103.247.21.207:8080, 104.21.25.86:443, 106.24.250.22:22, 106.52.252.228:1234, 111.130.225.37:80, 111.130.225.37:8080, 112.157.16.234:22, 117.214.250.222:80, 117.214.250.222:8080, 119.91.23.235:1234, 120.247.202.100:2222, 124.171.97.41:2222, 125.65.41.186:80, 125.65.41.186:8080, 125.87.92.196:80, 125.87.92.196:8080, 126.68.168.248:80, 126.68.168.248:8080, 128.8.212.163:80, 128.8.212.163:8080, 13.36.32.157:80, 13.36.32.157:8080, 136.124.16.194:2222, 140.115.173.248:22, 144.148.5.131:80, 144.148.5.131:8080, 158.63.156.122:80, 158.63.156.122:8080, 159.142.149.227:2222, 159.75.135.54:1234, 162.74.206.1:80, 162.74.206.1:8080, 168.233.201.220:2222, 169.165.82.109:80, 169.165.82.109:8080, 171.40.100.161:80, 171.40.100.161:8080, 172.67.133.228:443, 176.95.246.80:80, 176.95.246.80:8080, 184.59.156.20:80, 184.59.156.20:8080, 193.102.238.56:80, 193.102.238.56:8080, 196.21.152.172:80, 196.21.152.172:8080, 197.211.24.147:80, 197.211.24.147:8080, 201.88.101.126:22, 21.115.42.25:80, 21.115.42.25:8080, 21.12.166.29:80, 21.12.166.29:8080, 215.21.122.232:2222, 23.24.82.65:80, 23.24.82.65:8080, 241.166.47.161:80, 241.166.47.161:8080, 242.119.200.60:2222, 242.81.11.98:80, 242.81.11.98:8080, 247.138.49.46:80, 247.138.49.46:8080, 250.2.124.64:80, 250.2.124.64:8080, 34.194.66.197:22, 4.151.207.20:22, 4.97.216.87:22, 48.82.151.84:80, 48.82.151.84:8080, 5.161.42.72:1234, 51.75.146.174:443, 54.97.201.107:80, 54.97.201.107:8080, 6.86.217.155:80, 6.86.217.155:8080, 61.108.49.103:80, 61.108.49.103:8080, 62.44.206.176:80, 62.44.206.176:8080, 75.232.166.43:2222, 88.67.131.152:1234, 89.165.100.139:80 and 89.165.100.139:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig attempted to access suspicious domains: brasiltelecom.net.br, myvzw.com and vodafone-ip.de |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8088 and 8184 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|