IP Address: 124.222.52.197Previously Malicious
IP Address: 124.222.52.197Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Port 1234 Scan Port 80 Scan Superuser Operation Outgoing Connection Successful SSH Login Port 8080 Scan 5 Shell Commands SSH SCP Download File Listening |
Associated Attack Servers |
1.1.1.1 8.8.8.8 51.75.146.174 104.21.25.86 124.115.231.214 190.138.240.233 |
IP Address |
124.222.52.197 |
|
Domain |
- |
|
ISP |
Development & Research Center of State Council Net |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-06-29 |
Last seen in Akamai Guardicore Segmentation |
2022-07-25 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
Process /bin/nc.openbsd scanned port 1234 on 25 IP Addresses |
Port 1234 Scan |
Process /dev/shm/apache2 scanned port 1234 on 25 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 25 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 25 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 1234 on 17 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 25 IP Addresses |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 25 IP Addresses |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 1.102.63.73:80, 103.90.177.102:1234, 104.21.25.86:443, 117.16.44.111:1234, 117.54.14.169:1234, 117.80.212.33:1234, 118.155.47.117:80, 118.218.209.149:1234, 12.90.215.227:80, 12.90.215.227:8080, 123.132.238.210:1234, 124.115.231.214:1234, 124.115.231.214:22, 131.48.115.21:80, 140.39.209.207:80, 140.39.209.207:8080, 142.250.191.228:443, 152.80.18.166:80, 162.227.54.68:80, 164.184.79.127:80, 17.54.32.209:80, 178.194.117.208:80, 178.194.117.208:8080, 180.54.90.85:80, 180.54.90.85:8080, 190.138.240.233:1234, 190.138.240.233:22, 192.148.209.211:80, 192.148.209.211:8080, 195.106.95.203:80, 195.106.95.203:8080, 20.141.185.205:1234, 206.15.200.251:80, 206.15.200.251:8080, 206.99.18.82:80, 206.99.18.82:8080, 209.216.177.158:1234, 210.99.20.194:1234, 211.202.138.203:80, 212.57.36.20:1234, 219.53.236.136:80, 219.98.109.144:80, 219.98.109.144:8080, 220.243.148.80:1234, 222.121.63.87:1234, 222.134.240.92:1234, 223.163.241.161:80, 223.171.91.127:1234, 223.171.91.149:1234, 23.157.180.23:80, 23.157.180.23:8080, 24.125.144.108:80, 24.59.246.148:80, 24.59.246.148:8080, 37.240.119.239:80, 49.167.242.124:80, 49.167.242.124:8080, 5.62.206.152:80, 5.62.206.152:8080, 51.75.146.174:443, 53.113.214.36:80, 53.113.214.36:8080, 58.126.252.242:80, 58.126.252.242:8080, 61.84.162.66:1234, 62.12.106.5:1234, 64.33.52.208:80, 67.223.197.29:80, 67.223.197.29:8080, 77.217.41.100:80, 79.137.76.195:80, 79.137.76.195:8080, 8.8.8.8:443, 82.66.5.84:1234, 85.105.82.39:1234, 89.212.123.191:1234, 94.153.165.43:1234 and 97.187.36.94:80 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8089 and 8189 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 17 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 17 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|