IP Address: 46.101.105.5Previously Malicious
IP Address: 46.101.105.5Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
22.220.43.103 27.116.28.211 34.158.202.118 42.127.85.131 61.77.105.219 85.100.97.112 90.23.240.185 95.66.71.144 101.43.201.124 117.173.3.93 119.91.23.235 153.69.150.102 159.75.19.149 171.27.238.69 178.136.183.188 179.2.28.42 207.207.41.13 217.23.158.174 223.159.129.43 251.218.228.76 |
IP Address |
46.101.105.5 |
|
Domain |
- |
|
ISP |
DigitalOcean |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-23 |
Last seen in Akamai Guardicore Segmentation |
2022-03-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 101.43.201.124:1234, 102.49.127.147:80, 102.49.127.147:8080, 103.105.12.48:1234, 103.196.184.152:80, 103.196.184.152:8080, 104.21.25.86:443, 110.14.139.84:80, 110.14.139.84:8080, 117.173.3.93:2222, 119.91.23.235:1234, 140.67.171.129:80, 140.67.171.129:8080, 141.26.110.157:80, 141.26.110.157:8080, 151.15.8.173:80, 151.15.8.173:8080, 152.52.143.56:80, 152.52.143.56:8080, 153.229.204.135:80, 153.229.204.135:8080, 153.69.150.102:22, 154.170.65.2:80, 154.170.65.2:8080, 159.75.19.149:1234, 163.49.230.140:80, 163.49.230.140:8080, 168.3.148.50:80, 168.3.148.50:8080, 17.206.11.251:80, 17.206.11.251:8080, 17.38.37.4:80, 17.38.37.4:8080, 171.27.238.69:22, 172.67.133.228:443, 176.193.70.134:80, 176.193.70.134:8080, 178.135.215.64:80, 178.135.215.64:8080, 178.136.183.188:22, 179.2.28.42:2222, 190.154.218.53:80, 190.154.218.53:8080, 198.177.235.76:80, 198.177.235.76:8080, 199.196.9.63:80, 199.196.9.63:8080, 20.179.164.23:80, 20.179.164.23:8080, 200.226.16.199:80, 200.226.16.199:8080, 204.234.69.33:80, 204.234.69.33:8080, 207.207.41.13:22, 213.32.105.172:80, 213.32.105.172:8080, 216.157.141.228:80, 216.157.141.228:8080, 217.23.158.174:1234, 22.220.43.103:2222, 223.159.129.43:2222, 243.46.107.118:80, 243.46.107.118:8080, 245.180.44.179:80, 245.180.44.179:8080, 251.218.228.76:22, 253.81.40.80:80, 253.81.40.80:8080, 27.116.28.211:2222, 34.158.202.118:22, 42.127.85.131:2222, 51.75.146.174:443, 61.77.105.219:1234, 63.36.35.114:80, 63.36.35.114:8080, 64.35.221.162:80, 64.35.221.162:8080, 65.141.134.88:80, 65.141.134.88:8080, 75.54.18.216:80, 75.54.18.216:8080, 85.100.97.112:22, 86.162.40.95:80, 86.162.40.95:8080, 90.23.240.185:1234, 95.66.71.144:22, 95.66.71.144:2222, 96.42.139.147:80 and 96.42.139.147:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8082 and 8180 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: datafoundry.com, tokai.or.jp, vega-ua.net and wanadoo.fr |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|