IP Address: 42.231.62.174Previously Malicious
IP Address: 42.231.62.174Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
5.219.245.218 12.159.112.3 12.226.54.143 39.148.26.198 55.217.137.48 76.217.154.62 96.245.114.20 106.55.199.241 106.75.118.205 117.50.179.6 139.148.26.70 171.38.169.183 180.134.31.66 218.86.139.209 219.252.127.48 223.171.91.147 |
IP Address |
42.231.62.174 |
|
Domain |
- |
|
ISP |
China Unicom Liaoning |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-03 |
Last seen in Akamai Guardicore Segmentation |
2022-04-04 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 100.189.142.181:80, 100.189.142.181:8080, 106.239.168.88:80, 106.239.168.88:8080, 106.55.199.241:1234, 106.55.199.241:22, 106.75.118.205:1234, 11.44.102.56:80, 11.44.102.56:8080, 113.118.24.168:1234, 115.133.226.31:80, 115.133.226.31:8080, 116.173.192.214:80, 116.173.192.214:8080, 117.50.179.6:1234, 12.159.112.3:2222, 12.226.54.143:22, 136.4.27.38:80, 136.4.27.38:8080, 139.148.26.70:1234, 142.251.32.4:443, 15.71.46.165:80, 15.71.46.165:8080, 162.136.149.126:80, 162.136.149.126:8080, 162.231.137.113:80, 162.231.137.113:8080, 167.60.19.61:80, 167.60.19.61:8080, 168.94.44.129:80, 168.94.44.129:8080, 171.38.169.183:2222, 172.67.133.228:443, 174.56.19.127:80, 174.56.19.127:8080, 180.134.31.66:2222, 183.196.131.15:80, 183.196.131.15:8080, 190.238.140.166:80, 190.238.140.166:8080, 191.213.162.43:80, 191.213.162.43:8080, 203.53.120.182:80, 203.53.120.182:8080, 21.45.207.71:80, 21.45.207.71:8080, 218.86.139.209:1234, 219.252.127.48:2222, 220.174.209.193:80, 220.174.209.193:8080, 220.206.222.172:80, 220.206.222.172:8080, 223.171.91.147:1234, 245.127.36.147:80, 245.127.36.147:8080, 245.48.142.155:80, 245.48.142.155:8080, 28.178.51.224:80, 28.178.51.224:8080, 34.109.142.15:80, 34.109.142.15:8080, 39.148.26.198:22, 42.219.168.35:80, 42.219.168.35:8080, 44.162.134.183:80, 44.162.134.183:8080, 5.219.245.218:22, 51.75.146.174:443, 55.217.137.48:2222, 55.42.191.100:80, 55.42.191.100:8080, 58.27.4.121:80, 58.27.4.121:8080, 65.149.157.90:80, 65.149.157.90:8080, 74.240.97.37:80, 74.240.97.37:8080, 76.217.154.62:22, 8.8.8.8:443, 86.108.233.166:80, 86.108.233.166:8080, 87.132.161.203:80, 87.132.161.203:8080, 95.13.102.194:80, 95.13.102.194:8080 and 96.245.114.20:2222 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8086 and 8185 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: sbcglobal.net |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|