IP Address: 42.229.47.251Malicious
IP Address: 42.229.47.251Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
SSH Listening Port 80 Scan Port 8080 Scan Outgoing Connection Successful SSH Login 3 Shell Commands Superuser Operation Download File Access Suspicious Domain Port 22 Scan SCP |
Associated Attack Servers |
1.1.1.1 1.119.152.110 18.52.78.37 26.149.169.130 46.24.102.196 77.81.181.231 82.156.217.40 103.152.119.126 106.55.188.60 111.53.11.130 137.184.162.140 155.60.111.12 159.89.155.149 193.214.163.135 214.196.149.129 245.20.132.78 |
IP Address |
42.229.47.251 |
|
Domain |
- |
|
ISP |
- |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2023-03-29 |
Last seen in Akamai Guardicore Segmentation |
2023-03-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 scanned port 22 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 22 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 103.152.119.126:1234, 106.55.188.60:1234, 108.27.54.54:80, 108.27.54.54:8080, 111.53.11.130:1234, 119.14.163.81:80, 119.14.163.81:8080, 130.34.212.181:80, 130.34.212.181:8080, 136.192.24.97:80, 136.192.24.97:8080, 137.184.162.140:1234, 139.142.196.68:80, 139.142.196.68:8080, 141.33.123.122:22, 15.84.186.34:80, 15.84.186.34:8080, 155.101.61.226:80, 155.101.61.226:8080, 155.60.111.12:2222, 159.89.155.149:1234, 167.78.252.194:80, 167.78.252.194:8080, 174.108.60.14:80, 174.108.60.14:8080, 18.52.78.37:2222, 180.209.162.37:80, 180.209.162.37:8080, 180.51.251.145:80, 180.51.251.145:8080, 192.246.191.89:80, 192.246.191.89:8080, 193.214.163.135:2222, 2.96.225.192:80, 2.96.225.192:8080, 202.54.208.237:80, 202.54.208.237:8080, 214.196.149.129:2222, 215.13.38.108:22, 218.157.230.178:22, 241.42.123.251:22, 244.11.215.78:22, 245.20.132.78:2222, 249.184.181.23:80, 249.184.181.23:8080, 26.149.169.130:2222, 28.5.70.126:22, 29.87.166.28:80, 29.87.166.28:8080, 3.73.65.115:80, 3.73.65.115:8080, 33.142.217.50:80, 33.142.217.50:8080, 37.7.172.129:80, 37.7.172.129:8080, 43.48.155.138:80, 43.48.155.138:8080, 43.57.240.17:80, 43.57.240.17:8080, 44.50.54.62:80, 44.50.54.62:8080, 46.24.102.196:2222, 51.150.44.144:80, 51.150.44.144:8080, 54.154.250.82:80, 54.154.250.82:8080, 54.22.86.189:80, 54.22.86.189:8080, 56.146.190.122:22, 56.98.108.109:80, 56.98.108.109:8080, 60.162.76.154:80, 60.162.76.154:8080, 63.23.33.237:22, 73.157.24.28:22, 76.210.243.79:22, 77.124.176.220:80, 77.124.176.220:8080, 77.81.181.231:1234, 82.156.217.40:1234, 87.231.153.18:80, 87.231.153.18:8080, 9.164.64.71:80, 9.164.64.71:8080, 94.118.105.113:80, 94.118.105.113:8080, 98.210.127.247:80 and 98.210.127.247:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8082 and 8188 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: comunitel.net |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|