IP Address: 123.13.155.222Previously Malicious
IP Address: 123.13.155.222Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
4.154.48.42 6.31.110.246 25.82.224.143 30.237.107.156 38.17.44.81 48.24.94.191 66.228.28.18 71.43.22.191 83.114.53.190 90.23.240.185 101.35.121.8 107.18.9.232 107.35.186.104 172.42.193.35 175.103.103.180 179.24.182.151 184.135.96.202 210.99.20.194 216.197.36.62 219.117.224.154 246.81.36.184 249.115.92.114 |
IP Address |
123.13.155.222 |
|
Domain |
- |
|
ISP |
China Unicom Liaoning |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-01 |
Last seen in Akamai Guardicore Segmentation |
2022-04-07 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 101.35.121.8:1234, 104.21.25.86:443, 105.69.156.55:80, 105.69.156.55:8080, 107.18.9.232:2222, 107.35.186.104:22, 119.1.39.100:80, 119.1.39.100:8080, 120.179.62.94:80, 120.179.62.94:8080, 122.128.109.57:80, 122.128.109.57:8080, 125.246.113.174:80, 125.246.113.174:8080, 130.196.196.128:80, 130.196.196.128:8080, 131.22.107.171:80, 131.22.107.171:8080, 134.9.215.253:80, 134.9.215.253:8080, 141.163.194.71:80, 141.163.194.71:8080, 141.39.231.99:80, 141.39.231.99:8080, 146.65.99.82:80, 146.65.99.82:8080, 151.101.214.221:80, 151.101.214.221:8080, 154.169.122.141:80, 154.169.122.141:8080, 158.177.80.210:80, 158.177.80.210:8080, 172.42.193.35:2222, 172.67.133.228:443, 175.103.103.180:22, 179.24.182.151:2222, 181.238.97.6:80, 181.238.97.6:8080, 184.135.96.202:2222, 202.241.207.156:80, 202.241.207.156:8080, 21.223.212.79:80, 21.223.212.79:8080, 210.99.20.194:1234, 213.51.10.188:80, 213.51.10.188:8080, 216.197.36.62:22, 219.117.224.154:1234, 221.171.53.180:80, 221.171.53.180:8080, 223.204.9.94:80, 223.204.9.94:8080, 24.83.161.201:80, 24.83.161.201:8080, 243.199.181.27:80, 243.199.181.27:8080, 244.232.214.210:80, 244.232.214.210:8080, 245.29.169.190:80, 245.29.169.190:8080, 246.81.36.184:22, 249.115.92.114:22, 25.82.224.143:22, 3.124.48.186:80, 3.124.48.186:8080, 30.126.252.78:80, 30.126.252.78:8080, 30.237.107.156:2222, 32.195.189.92:80, 32.195.189.92:8080, 34.222.223.107:80, 34.222.223.107:8080, 38.17.44.81:2222, 4.154.48.42:2222, 43.186.81.64:80, 43.186.81.64:8080, 48.24.94.191:2222, 51.75.146.174:443, 55.120.163.91:80, 55.120.163.91:8080, 6.31.110.246:22, 66.228.28.18:1234, 71.43.22.191:2222, 73.192.127.152:80, 73.192.127.152:8080, 83.114.53.190:1234, 9.233.238.123:80, 9.233.238.123:8080 and 90.23.240.185:1234 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8088 and 8188 |
Listening |
Process /dev/shm/ifconfig attempted to access suspicious domains: anteldata.net.uy, localnet.com, wanadoo.fr and zoot.jp |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|