IP Address: 43.142.85.46Previously Malicious
IP Address: 43.142.85.46Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Successful SSH Login Port 8080 Scan Outgoing Connection 8 Shell Commands Listening SSH SCP Download and Allow Execution Download and Execute Superuser Operation Port 80 Scan Download File Port 1234 Scan |
Associated Attack Servers |
16.170.93.82 59.3.186.45 95.154.21.210 124.223.14.100 147.182.233.56 185.25.204.35 206.189.25.255 209.216.177.238 218.146.15.97 |
IP Address |
43.142.85.46 |
|
Domain |
- |
|
ISP |
- |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-07-10 |
Last seen in Akamai Guardicore Segmentation |
2022-08-18 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /root/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 7 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
/tmp/ifconfig was downloaded |
Download File |
./ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 119 times |
Download and Execute |
Process /root/ifconfig generated outgoing network traffic to: 103.105.12.48:1234, 103.90.177.102:1234, 104.21.25.86:443, 108.185.10.164:80, 108.185.10.164:8080, 110.9.95.228:80, 110.9.95.228:8080, 111.22.153.53:80, 111.22.153.53:8080, 117.80.212.33:1234, 118.218.209.149:1234, 120.31.133.162:1234, 133.27.226.95:80, 133.27.226.95:8080, 140.251.210.182:80, 140.251.210.182:8080, 144.130.108.55:80, 144.130.108.55:8080, 146.252.78.179:80, 146.252.78.179:8080, 150.107.95.20:1234, 155.90.216.140:80, 155.90.216.140:8080, 157.59.30.37:80, 157.59.30.37:8080, 161.107.113.34:1234, 161.35.79.199:1234, 172.67.133.228:443, 173.198.18.20:80, 182.224.177.56:1234, 183.212.47.4:80, 183.212.47.4:8080, 187.200.135.216:80, 187.200.135.216:8080, 191.242.182.210:1234, 198.131.226.12:80, 198.131.226.12:8080, 198.16.173.142:80, 198.16.173.142:8080, 210.40.42.14:80, 210.40.42.14:8080, 212.57.36.20:1234, 220.88.85.20:80, 222.100.124.62:1234, 222.103.98.58:1234, 222.165.136.99:1234, 222.56.210.86:80, 222.56.210.86:8080, 223.171.91.127:1234, 223.171.91.160:1234, 241.75.121.225:80, 241.75.121.225:8080, 247.42.147.202:80, 247.42.147.202:8080, 25.246.243.122:80, 25.246.243.122:8080, 251.244.248.32:80, 31.19.237.170:1234, 34.55.6.138:80, 34.55.6.138:8080, 4.181.117.81:80, 4.181.117.81:8080, 49.194.73.104:80, 49.194.73.104:8080, 50.112.218.73:80, 50.112.218.73:8080, 51.159.19.47:1234, 51.75.146.174:443, 52.131.32.110:1234, 57.163.45.246:80, 57.163.45.246:8080, 58.229.125.66:1234, 59.3.186.45:1234, 67.21.170.217:80, 67.21.170.217:8080, 69.3.177.115:80, 69.3.177.115:8080, 7.100.179.168:80, 7.100.179.168:8080, 72.240.211.12:80, 72.240.211.12:8080, 76.139.25.36:80, 84.204.148.99:1234, 86.133.233.66:1234, 89.68.36.175:80, 89.68.36.175:8080 and 95.154.21.210:1234 |
Outgoing Connection |
Process /root/ifconfig started listening on ports: 1234, 8086 and 8182 |
Listening |
Process /root/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 80 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/ifconfig scanned port 8080 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|
/var/tmp/ifconfig |
SHA256: 1a44fca7624fff41bb0115d35ece06c6b145c23503b4e50eddc373c148b94a1d |
720896 bytes |