IP Address: 123.12.186.75Previously Malicious
IP Address: 123.12.186.75Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 22 Scan Port 8080 Scan 7 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
Associated Attack Servers |
13.234.23.13 24.101.57.13 53.136.42.77 59.3.186.45 68.165.87.108 101.33.203.161 101.42.108.123 111.53.11.130 117.190.110.118 130.85.57.72 133.100.216.5 152.136.255.57 171.17.204.242 |
IP Address |
123.12.186.75 |
|
Domain |
- |
|
ISP |
China Unicom Liaoning |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
Last seen in Akamai Guardicore Segmentation |
2022-03-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 101.33.203.161:1234, 101.42.108.123:1234, 104.21.25.86:443, 108.137.182.178:80, 108.137.182.178:8080, 111.53.11.130:1234, 117.190.110.118:1234, 125.205.193.29:80, 125.205.193.29:8080, 13.234.23.13:2222, 130.85.57.72:2222, 133.100.216.5:2222, 137.1.91.26:22, 137.103.158.65:80, 137.103.158.65:8080, 137.149.197.32:80, 137.149.197.32:8080, 15.233.60.166:80, 15.233.60.166:8080, 152.136.255.57:1234, 152.99.22.40:80, 152.99.22.40:8080, 171.17.204.242:2222, 171.23.225.203:80, 171.23.225.203:8080, 172.67.133.228:443, 175.37.87.153:80, 175.37.87.153:8080, 178.122.209.167:80, 178.122.209.167:8080, 187.127.161.116:80, 187.127.161.116:8080, 19.174.176.14:80, 19.174.176.14:8080, 205.120.57.241:80, 205.120.57.241:8080, 212.156.71.132:22, 213.136.226.103:22, 221.207.31.132:80, 221.207.31.132:8080, 24.101.57.13:1234, 24.244.239.210:80, 24.244.239.210:8080, 243.14.168.74:80, 243.14.168.74:8080, 246.137.226.3:80, 246.137.226.3:8080, 249.221.222.6:80, 249.221.222.6:8080, 26.188.17.191:80, 26.188.17.191:8080, 28.211.19.208:80, 28.211.19.208:8080, 3.224.12.15:80, 3.224.12.15:8080, 38.107.208.144:22, 38.121.164.105:80, 38.121.164.105:8080, 43.87.224.102:80, 43.87.224.102:8080, 47.163.193.180:80, 47.163.193.180:8080, 53.136.42.77:2222, 53.59.192.74:22, 55.248.71.223:80, 55.248.71.223:8080, 59.3.186.45:1234, 60.112.177.69:80, 60.112.177.69:8080, 60.241.134.64:22, 63.225.9.154:22, 68.165.87.108:2222, 71.166.231.163:22, 73.166.4.112:80, 73.166.4.112:8080, 80.18.91.81:22, 81.60.111.84:80, 81.60.111.84:8080, 92.250.209.177:80, 92.250.209.177:8080, 94.15.140.45:80, 94.15.140.45:8080, 95.92.169.232:80, 95.92.169.232:8080, 96.55.47.81:80, 96.55.47.81:8080, 97.168.134.123:80 and 97.168.134.123:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8089 and 8186 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: globalcapacity.com and zoominternet.net |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|