IP Address: 124.220.16.248Previously Malicious
IP Address: 124.220.16.248Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Port 1234 Scan Port 80 Scan 5 Shell Commands Successful SSH Login SCP Download File SSH Listening Outgoing Connection Port 8080 Scan Superuser Operation |
Associated Attack Servers |
3.110.236.209 4.55.1.180 31.169.25.190 38.16.103.85 44.41.107.213 47.172.43.158 58.19.175.189 110.42.209.158 119.91.140.230 124.222.238.185 151.188.103.247 165.129.237.96 176.151.207.253 197.68.205.136 207.39.192.200 212.57.36.20 244.206.222.153 247.216.71.206 248.159.28.66 |
IP Address |
124.220.16.248 |
|
Domain |
- |
|
ISP |
Development & Research Center of State Council Net |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-20 |
Last seen in Akamai Guardicore Segmentation |
2022-05-14 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /dev/shm/apache2 scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.220.98.197:1234, 101.42.90.177:1234, 103.40.187.133:80, 103.40.187.133:8080, 104.21.25.86:443, 11.126.106.220:80, 110.5.163.111:80, 110.5.163.111:8080, 115.123.94.161:80, 117.80.212.33:1234, 120.31.133.162:1234, 121.126.94.75:80, 121.126.94.75:8080, 122.125.38.115:80, 122.125.38.115:8080, 124.115.231.214:1234, 131.134.194.225:80, 131.134.194.225:8080, 131.91.171.138:80, 131.91.171.138:8080, 154.56.186.118:80, 154.56.186.118:8080, 158.90.140.119:80, 161.107.113.27:1234, 161.107.113.34:1234, 162.175.148.176:80, 162.175.148.176:8080, 172.67.133.228:443, 173.18.35.41:1234, 181.34.180.16:80, 181.34.180.16:8080, 182.224.177.56:1234, 199.71.25.78:80, 199.71.25.78:8080, 20.141.185.205:1234, 202.61.203.229:1234, 206.189.25.255:1234, 208.115.46.86:80, 208.115.46.86:8080, 210.193.215.239:80, 210.193.215.239:8080, 217.43.10.8:80, 218.130.61.15:80, 218.130.61.15:8080, 222.100.124.62:1234, 222.134.240.92:1234, 223.171.91.149:1234, 223.99.166.104:1234, 24.158.46.196:80, 24.158.46.196:8080, 244.182.90.198:80, 244.182.90.198:8080, 251.232.44.8:80, 251.232.44.8:8080, 30.48.92.153:80, 30.48.92.153:8080, 42.155.153.235:80, 42.155.153.235:8080, 42.40.219.209:80, 42.40.219.209:8080, 43.242.247.139:1234, 50.161.159.210:80, 50.161.159.210:8080, 51.159.19.47:1234, 51.75.146.174:443, 52.131.32.110:1234, 52.212.199.167:80, 52.212.199.167:8080, 61.77.105.219:1234, 62.12.106.5:1234, 68.151.81.90:80, 68.151.81.90:8080, 7.83.16.53:80, 7.83.16.53:8080, 81.127.240.30:80, 81.127.240.30:8080, 82.61.230.219:80, 82.61.230.219:8080, 85.105.82.39:1234, 90.160.134.82:80, 90.160.134.82:8080, 93.176.229.145:1234, 95.154.21.210:1234, 96.183.39.223:80, 96.183.39.223:8080, 98.57.159.24:80 and 98.57.159.24:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8080 and 8180 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|