IP Address: 101.42.108.123Previously Malicious
IP Address: 101.42.108.123Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
101.42.108.123 |
|
Domain |
- |
|
ISP |
Beijing CNISP Technology Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-06 |
Last seen in Akamai Guardicore Segmentation |
2022-04-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 15 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 15 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 15 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 101.42.108.123:1234, 101.81.77.77:22, 104.248.36.230:1234, 105.91.228.225:80, 105.91.228.225:8080, 106.216.97.245:22, 106.250.122.191:22, 111.147.63.21:80, 111.147.63.21:8080, 119.91.157.192:1234, 120.87.178.117:80, 120.87.178.117:8080, 122.14.222.124:1234, 13.87.67.199:1234, 133.107.28.92:22, 136.187.95.37:80, 136.187.95.37:8080, 137.173.229.239:80, 137.173.229.239:8080, 149.236.67.107:80, 149.236.67.107:8080, 15.216.10.242:80, 15.216.10.242:8080, 154.153.155.249:80, 154.153.155.249:8080, 158.134.245.105:80, 158.134.245.105:8080, 158.246.42.18:80, 158.246.42.18:8080, 161.240.150.202:80, 161.240.150.202:8080, 165.141.14.38:80, 165.141.14.38:8080, 168.50.25.155:22, 178.226.221.18:22, 191.206.149.108:80, 191.206.149.108:8080, 191.82.53.35:2222, 195.29.30.227:22, 200.108.145.226:80, 200.108.145.226:8080, 203.146.166.113:22, 208.236.136.211:80, 208.236.136.211:8080, 213.139.63.24:80, 213.139.63.24:8080, 22.144.212.29:80, 22.144.212.29:8080, 220.243.148.80:1234, 247.106.190.1:22, 250.116.245.64:22, 250.94.160.86:22, 251.187.95.90:80, 251.187.95.90:8080, 31.169.25.190:1234, 4.252.253.193:80, 4.252.253.193:8080, 43.239.133.27:80, 43.239.133.27:8080, 5.84.66.66:80, 5.84.66.66:8080, 56.55.206.204:2222, 61.34.210.87:80, 61.34.210.87:8080, 64.5.199.177:80, 64.5.199.177:8080, 65.125.144.147:22, 67.111.41.203:80, 67.111.41.203:8080, 67.191.4.117:22, 73.198.229.116:80, 73.198.229.116:8080, 76.106.139.135:80, 76.106.139.135:8080, 76.141.225.38:2222, 80.134.148.9:80, 80.134.148.9:8080, 82.143.4.170:80, 82.143.4.170:8080, 82.177.122.175:80, 82.177.122.175:8080, 85.184.64.188:22, 89.246.156.197:80, 89.246.156.197:8080, 91.127.27.58:80, 91.127.27.58:8080, 94.148.77.199:80 and 94.148.77.199:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8088 and 8182 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: speedy.com.ar |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|