IP Address: 42.231.31.16Previously Malicious
IP Address: 42.231.31.16Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
9.147.112.226 12.23.46.220 39.57.163.251 42.38.244.64 42.231.30.8 66.187.155.171 72.146.103.157 73.33.155.50 78.62.230.55 89.172.1.176 114.132.242.231 117.54.14.169 152.136.145.180 152.136.255.57 193.61.116.250 194.224.212.222 223.135.91.78 223.171.91.149 |
IP Address |
42.231.31.16 |
|
Domain |
- |
|
ISP |
China Unicom Liaoning |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-25 |
Last seen in Akamai Guardicore Segmentation |
2022-03-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 104.21.25.86:443, 107.145.249.225:80, 107.145.249.225:8080, 114.132.242.231:1234, 117.54.14.169:1234, 12.23.46.220:1234, 123.35.177.232:80, 123.35.177.232:8080, 124.239.69.26:80, 124.239.69.26:8080, 128.129.150.211:80, 128.129.150.211:8080, 142.251.32.4:443, 150.3.112.184:80, 150.3.112.184:8080, 151.50.132.65:80, 151.50.132.65:8080, 152.136.145.180:1234, 152.136.255.57:1234, 159.181.109.16:80, 159.181.109.16:8080, 161.36.13.169:80, 161.36.13.169:8080, 164.221.123.158:80, 164.221.123.158:8080, 164.245.85.175:80, 164.245.85.175:8080, 166.6.52.146:80, 166.6.52.146:8080, 168.165.18.131:80, 168.165.18.131:8080, 17.133.60.96:80, 17.133.60.96:8080, 178.169.27.103:80, 178.169.27.103:8080, 193.61.116.250:22, 194.224.212.222:2222, 199.72.130.15:80, 199.72.130.15:8080, 218.38.130.82:80, 218.38.130.82:8080, 223.135.91.78:2222, 223.171.91.149:1234, 243.226.40.244:80, 243.226.40.244:8080, 248.86.159.177:80, 248.86.159.177:8080, 39.171.32.153:80, 39.171.32.153:8080, 39.57.163.251:2222, 42.231.30.8:1234, 42.38.244.64:22, 43.18.103.58:80, 43.18.103.58:8080, 46.62.147.11:80, 46.62.147.11:8080, 5.97.37.156:80, 5.97.37.156:8080, 51.75.146.174:443, 53.76.207.106:80, 53.76.207.106:8080, 57.175.104.143:80, 57.175.104.143:8080, 57.203.230.225:80, 57.203.230.225:8080, 6.63.7.78:80, 6.63.7.78:8080, 66.187.155.171:22, 66.217.171.62:80, 66.217.171.62:8080, 68.224.229.222:80, 68.224.229.222:8080, 68.232.95.166:80, 68.232.95.166:8080, 72.146.103.157:22, 73.33.155.50:2222, 75.183.152.122:80, 75.183.152.122:8080, 78.62.230.55:22, 8.8.4.4:443, 8.8.8.8:443, 89.12.38.20:80, 89.12.38.20:8080, 89.172.1.176:22, 9.147.112.226:2222, 92.13.121.199:80 and 92.13.121.199:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8081 and 8185 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: adsl, t-com.hr and zebra.lt |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|