IP Address: 120.48.120.83Malicious
IP Address: 120.48.120.83Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Outgoing Connection Download Operation SSH SSH Brute Force 19 Shell Commands Superuser Operation Port 22 Scan Successful SSH Login System File Modification Kill Process |
Associated Attack Servers |
109.206.241.112 131.153.56.98 131.153.142.106 142.202.242.43 171.22.30.31 199.247.19.116 |
IP Address |
120.48.120.83 |
|
Domain |
- |
|
ISP |
CITIC Networks Management Co.,Ltd. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-03 |
Last seen in Akamai Guardicore Segmentation |
2023-03-27 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
A possibly malicious Superuser Operation was detected 8 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Kill Process was detected 4 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Download Operation was detected 11 times |
Download Operation Kill Process Superuser Operation |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /usr/bin/wget generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /dev/shm/ksmdr generated outgoing network traffic to: 142.202.242.43:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 2 times |
Outgoing Connection |
Process /usr/bin/wget generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /usr/bin/nohup generated outgoing network traffic to: 171.22.30.31:57388 |
Outgoing Connection |
Process /usr/bin/wget generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /dev/shm/ksmdx generated outgoing network traffic to: 1.132.221.83:22, 100.140.190.22:22, 106.157.146.156:22, 108.45.207.176:22, 108.47.149.114:22, 11.104.142.203:22, 113.225.5.107:22, 115.14.71.219:22, 12.85.178.176:22, 122.190.72.82:22, 123.86.93.229:22, 124.141.125.166:22, 124.57.242.128:22, 13.134.169.35:22, 13.39.90.247:22, 131.193.230.215:22, 132.195.16.98:22, 135.137.246.8:22, 135.38.97.69:22, 137.214.211.152:22, 138.115.195.31:22, 146.90.0.105:22, 149.202.199.39:22, 15.179.2.53:22, 151.13.49.249:22, 155.114.234.238:22, 155.148.116.169:22, 156.207.35.239:22, 157.38.1.158:22, 171.22.30.31:45833, 171.22.30.31:80, 171.72.239.137:22, 172.217.1.110:80, 175.204.29.152:22, 179.49.198.103:22, 179.61.89.133:22, 180.197.171.194:22, 182.197.57.9:22, 184.231.161.108:22, 184.38.90.254:22, 185.0.142.223:22, 19.36.166.5:22, 190.10.217.229:22, 191.136.96.104:22, 191.171.139.164:22, 196.247.200.162:22, 198.118.79.135:22, 199.148.182.242:22, 199.188.33.116:22, 2.166.153.199:22, 2.47.67.76:22, 20.92.75.160:22, 203.196.245.226:22, 206.212.3.164:22, 209.83.116.155:22, 21.80.21.209:22, 210.204.251.185:22, 217.170.133.107:22, 217.200.45.131:22, 22.116.243.133:22, 23.198.170.170:22, 25.202.15.236:22, 25.231.99.50:22, 250.3.145.70:22, 254.232.57.202:22, 26.8.246.28:22, 31.104.116.243:22, 33.114.138.24:22, 39.89.153.47:22, 43.192.58.214:22, 43.44.66.205:22, 48.202.176.109:22, 48.90.136.96:22, 49.210.131.66:22, 52.235.235.117:22, 52.5.238.55:22, 52.51.94.65:22, 62.192.129.102:22, 62.242.154.116:22, 7.122.209.23:22, 7.71.117.137:22, 73.58.152.78:22, 75.47.43.26:22, 84.9.238.243:22, 87.59.118.89:22, 9.172.156.54:22, 9.197.204.120:22, 90.98.156.171:22, 91.179.49.13:22, 92.244.121.47:22, 94.4.6.64:22 and 98.106.10.130:22 |
Outgoing Connection |
System file /etc/sysctl.conf was modified 9 times |
System File Modification |
Process /dev/shm/ksmdx scanned port 22 on 89 IP Addresses |
Port 22 Scan |
Connection was closed due to timeout |
|