IP Address: 42.231.61.225Previously Malicious
IP Address: 42.231.61.225Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SCP |
|
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
|
Associated Attack Servers |
1.51.86.192 15.98.69.118 62.12.106.6 70.184.70.19 81.184.236.60 87.101.69.211 91.80.135.179 101.42.238.68 101.43.154.209 102.139.21.210 103.233.122.94 118.244.22.39 131.240.143.1 134.174.118.120 136.239.112.167 175.98.45.240 211.75.205.200 214.42.217.26 222.120.227.181 244.50.53.14 |
|
IP Address |
42.231.61.225 |
|
|
Domain |
- |
|
|
ISP |
China Unicom Liaoning |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
|
Last seen in Akamai Guardicore Segmentation |
2022-03-25 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
/dev/shm/ifconfig was downloaded |
Download File |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 1.51.86.192:2222, 101.42.238.68:1234, 101.43.154.209:1234, 102.139.21.210:2222, 104.21.25.86:443, 114.169.227.164:80, 114.169.227.164:8080, 118.244.22.39:22, 125.49.141.69:80, 125.49.141.69:8080, 131.240.143.1:2222, 133.207.37.155:80, 133.207.37.155:8080, 134.174.118.120:22, 136.239.112.167:22, 138.121.220.54:80, 138.121.220.54:8080, 142.22.145.60:80, 142.22.145.60:8080, 142.251.32.4:443, 143.89.102.75:80, 143.89.102.75:8080, 148.91.63.91:80, 148.91.63.91:8080, 15.98.69.118:2222, 155.67.69.122:80, 155.67.69.122:8080, 167.3.228.76:80, 167.3.228.76:8080, 169.19.51.119:80, 169.19.51.119:8080, 175.38.84.90:80, 175.38.84.90:8080, 175.98.45.240:1234, 176.66.73.223:80, 176.66.73.223:8080, 177.139.61.9:80, 177.139.61.9:8080, 183.243.194.110:80, 183.243.194.110:8080, 184.77.118.62:80, 184.77.118.62:8080, 188.137.251.111:80, 188.137.251.111:8080, 199.213.197.61:80, 199.213.197.61:8080, 199.240.34.4:80, 199.240.34.4:8080, 2.231.134.125:80, 2.231.134.125:8080, 200.95.142.174:80, 200.95.142.174:8080, 211.75.205.200:1234, 214.42.217.26:2222, 222.120.227.181:80, 222.120.227.181:8080, 222.120.227.181:8090, 244.50.53.14:22, 245.7.81.37:80, 245.7.81.37:8080, 247.174.169.45:80, 247.174.169.45:8080, 29.171.17.120:80, 29.171.17.120:8080, 38.235.232.145:80, 38.235.232.145:8080, 42.36.7.4:80, 42.36.7.4:8080, 51.75.146.174:443, 60.122.13.247:80, 60.122.13.247:8080, 62.12.106.6:1234, 67.8.71.30:80, 67.8.71.30:8080, 70.184.70.19:80, 70.184.70.19:8080, 70.184.70.19:8090, 78.58.132.158:80, 78.58.132.158:8080, 8.49.167.93:80, 8.49.167.93:8080, 8.8.4.4:443, 8.8.8.8:443, 81.184.236.60:22, 87.101.69.211:1234, 91.80.135.179:1234, 93.143.141.161:80 and 93.143.141.161:8080 |
Outgoing Connection |
|
Process /dev/shm/apache2 started listening on ports: 1234, 8086 and 8187 |
Listening |
|
Process /dev/shm/apache2 attempted to access suspicious domains: leon.com.pl, ono.com and tfn.net.tw |
Access Suspicious Domain Outgoing Connection |
|
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies