IP Address: 124.221.59.233Previously Malicious
IP Address: 124.221.59.233Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
1.235.69.230 3.104.143.93 9.169.136.10 17.220.8.149 20.32.246.95 25.203.141.59 29.146.162.195 42.194.138.246 45.33.34.250 60.223.12.10 63.11.231.2 63.116.71.17 69.105.11.224 74.143.248.76 74.232.78.186 78.92.170.193 80.6.125.11 81.70.21.147 82.157.131.41 87.238.224.41 101.35.138.55 101.35.250.231 117.50.179.6 117.50.179.58 138.193.57.195 169.24.8.160 175.232.83.151 185.166.220.94 186.143.100.144 |
IP Address |
124.221.59.233 |
|
Domain |
- |
|
ISP |
Development & Research Center of State Council Net |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-02 |
Last seen in Akamai Guardicore Segmentation |
2022-04-05 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 101.35.138.55:1234, 11.91.155.246:80, 11.91.155.246:8080, 116.232.39.244:80, 116.232.39.244:8080, 117.103.117.188:80, 117.103.117.188:8080, 119.40.213.19:80, 119.40.213.19:8080, 132.59.187.18:80, 132.59.187.18:8080, 142.251.32.4:443, 152.117.206.154:80, 152.117.206.154:8080, 152.166.210.14:80, 152.166.210.14:8080, 155.66.215.219:80, 155.66.215.219:8080, 169.24.8.160:22, 172.67.133.228:443, 175.232.83.151:2222, 18.43.12.77:80, 18.43.12.77:8080, 185.166.220.94:1234, 186.143.100.144:22, 189.205.217.180:2222, 198.224.244.150:80, 198.224.244.150:8080, 2.22.236.84:80, 2.22.236.84:8080, 206.189.25.255:1234, 212.251.144.235:80, 212.251.144.235:8080, 213.245.179.101:80, 213.245.179.101:8080, 220.222.43.13:80, 220.222.43.13:8080, 221.35.192.29:2222, 223.171.91.160:1234, 24.223.91.61:80, 24.223.91.61:8080, 240.253.187.165:80, 240.253.187.165:8080, 243.140.103.210:80, 243.140.103.210:8080, 243.217.173.4:80, 243.217.173.4:8080, 244.250.120.237:80, 244.250.120.237:8080, 245.85.77.209:80, 245.85.77.209:8080, 25.203.141.59:2222, 252.44.49.131:80, 252.44.49.131:8080, 29.146.162.195:22, 33.94.3.107:80, 33.94.3.107:8080, 40.87.79.234:80, 40.87.79.234:8080, 42.194.138.246:1234, 47.126.184.111:80, 47.126.184.111:8080, 49.153.251.69:80, 49.153.251.69:8080, 51.75.146.174:443, 54.32.148.28:80, 54.32.148.28:8080, 54.7.188.19:80, 54.7.188.19:8080, 60.223.12.10:2222, 63.96.41.176:80, 63.96.41.176:8080, 69.105.11.224:22, 7.182.211.155:80, 7.182.211.155:8080, 73.36.175.150:80, 73.36.175.150:8080, 74.143.248.76:2222, 78.248.45.19:80, 78.248.45.19:8080, 78.92.170.193:1234, 8.8.8.8:443, 80.152.115.58:80, 80.152.115.58:8080, 82.157.131.41:1234, 87.238.224.41:22 and 9.169.136.10:22 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8084 and 8185 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: adsl-pool.sx.cn, allrelay.com, axtel.net, bbtec.net and tenet.odessa.ua |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|