IP Address: 124.222.50.138Previously Malicious
IP Address: 124.222.50.138Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP |
Tags |
5 Shell Commands Superuser Operation Listening Outgoing Connection SCP Access Suspicious Domain Port 2222 Scan Successful SSH Login Port 22 Scan SSH Download File |
Associated Attack Servers |
23.252.83.122 95.154.21.210 110.42.173.235 167.99.63.88 220.243.148.80 |
IP Address |
124.222.50.138 |
|
Domain |
- |
|
ISP |
Development & Research Center of State Council Net |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-02-23 |
Last seen in Akamai Guardicore Segmentation |
2022-03-05 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 scanned port 22 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/apache2 scanned port 22 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/apache2 scanned port 2222 on 43 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /dev/shm/apache2 started listening on ports: 1234 and 8080 |
Listening |
Process /dev/shm/apache2 generated outgoing network traffic to: 109.213.157.167:22, 110.42.173.235:1234, 115.49.21.22:2222, 116.119.191.156:2222, 117.210.64.1:2222, 119.81.220.174:22, 124.222.50.138:1234, 129.83.87.236:2222, 132.131.160.139:22, 132.131.160.139:2222, 139.44.245.206:22, 144.169.49.230:22, 15.166.37.94:22, 150.64.176.152:2222, 155.82.58.147:2222, 157.141.218.196:2222, 158.181.218.220:22, 159.103.35.189:22, 161.49.119.84:22, 164.174.96.212:22, 166.147.67.236:2222, 167.97.241.46:2222, 169.116.123.70:22, 172.183.215.134:2222, 180.240.233.38:2222, 181.227.20.183:2222, 182.103.237.118:2222, 185.46.117.154:22, 187.161.162.225:2222, 187.164.207.67:2222, 190.156.210.243:22, 190.94.185.57:22, 192.137.111.136:2222, 195.85.203.152:22, 198.220.145.124:2222, 199.11.244.223:2222, 2.16.235.80:22, 201.29.175.222:2222, 21.187.111.38:22, 211.37.147.170:22, 212.100.74.69:22, 220.243.148.80:1234, 23.252.83.122:1234, 23.58.136.191:22, 246.168.30.33:2222, 247.11.180.50:2222, 247.76.104.56:22, 247.76.104.56:2222, 249.145.62.241:22, 25.162.211.238:22, 250.48.83.151:22, 252.55.167.6:2222, 253.188.178.2:22, 27.67.246.104:22, 31.39.2.229:2222, 32.16.6.232:22, 37.60.135.128:2222, 41.168.105.252:2222, 44.130.158.174:22, 47.7.60.131:22, 47.7.60.131:2222, 54.197.85.163:22, 56.183.125.100:22, 58.107.14.20:22, 60.52.100.216:22, 62.156.98.202:2222, 62.225.119.104:22, 63.230.80.131:2222, 64.52.117.50:2222, 65.200.13.198:1234, 68.74.39.214:22, 70.21.243.85:2222, 73.25.134.127:22, 76.70.114.106:22, 77.212.127.95:22, 78.57.95.67:2222, 8.203.226.192:2222, 83.100.49.43:2222, 85.158.147.88:22, 86.187.68.108:2222, 86.235.173.205:22, 88.82.96.63:22, 92.38.218.38:2222, 95.154.21.210:1234, 97.80.120.95:22 and 99.74.239.188:2222 |
Outgoing Connection |
Process /dev/shm/apache2 attempted to access suspicious domains: sefiber.dk and zetabroadband.com |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/apache2 scanned port 2222 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
Connection was closed due to timeout |
|