IP Address: 124.221.153.180Previously Malicious
IP Address: 124.221.153.180Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Port 2222 Scan Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
11.94.67.230 25.85.148.181 47.16.155.222 52.131.32.110 98.35.32.145 117.198.84.11 151.108.191.198 175.98.45.240 186.250.45.150 190.60.239.44 |
IP Address |
124.221.153.180 |
|
Domain |
- |
|
ISP |
Development & Research Center of State Council Net |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-25 |
Last seen in Akamai Guardicore Segmentation |
2022-04-01 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 100.132.233.77:80, 100.132.233.77:8080, 104.21.25.86:443, 106.32.128.43:80, 106.32.128.43:8080, 108.13.235.99:80, 108.13.235.99:8080, 11.94.67.230:22, 113.222.209.204:80, 113.222.209.204:8080, 114.197.180.121:80, 114.197.180.121:8080, 117.198.84.11:22, 124.117.230.139:2222, 126.134.213.170:80, 126.134.213.170:8080, 131.212.227.129:80, 131.212.227.129:8080, 132.89.51.24:80, 132.89.51.24:8080, 133.41.28.251:80, 133.41.28.251:8080, 136.142.97.176:2222, 144.163.147.100:80, 144.163.147.100:8080, 15.120.209.13:80, 15.120.209.13:8080, 150.217.46.58:80, 150.217.46.58:8080, 151.108.191.198:22, 155.196.85.115:2222, 170.36.209.138:80, 170.36.209.138:8080, 172.67.133.228:443, 175.164.150.171:80, 175.164.150.171:8080, 175.98.45.240:1234, 186.250.45.150:1234, 186.44.4.106:2222, 187.119.153.223:80, 187.119.153.223:8080, 190.60.239.44:1234, 195.23.128.204:2222, 205.105.230.214:80, 205.105.230.214:8080, 209.230.232.224:80, 209.230.232.224:8080, 216.43.145.72:80, 216.43.145.72:8080, 218.240.14.159:80, 218.240.14.159:8080, 24.4.193.36:2222, 24.57.86.24:80, 24.57.86.24:8080, 243.84.91.20:2222, 25.23.16.239:80, 25.23.16.239:8080, 25.85.148.181:22, 32.243.132.253:80, 32.243.132.253:8080, 33.5.26.207:80, 33.5.26.207:8080, 34.237.252.162:80, 34.237.252.162:8080, 36.92.125.163:1234, 44.2.251.66:2222, 47.106.245.51:2222, 47.16.155.222:1234, 47.218.78.190:80, 47.218.78.190:8080, 47.34.239.132:2222, 49.159.219.158:80, 49.159.219.158:8080, 5.188.151.112:80, 5.188.151.112:8080, 51.75.146.174:443, 52.131.32.110:1234, 62.35.195.81:80, 62.35.195.81:8080, 88.109.218.165:2222, 89.163.125.45:80, 89.163.125.45:8080, 93.125.191.11:80, 93.125.191.11:8080, 95.197.203.100:80, 95.197.203.100:8080, 96.230.160.206:80, 96.230.160.206:8080 and 98.35.32.145:1234 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8084 and 8188 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 32 IP Addresses 2 times |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: melexa.com, optonline.net and tfn.net.tw |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 8080 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|