IP Address: 124.222.72.76Previously Malicious
IP Address: 124.222.72.76Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
15.222.136.249 28.236.15.181 45.32.89.249 55.173.46.148 66.212.167.22 81.70.147.119 101.42.101.141 101.43.173.48 106.149.224.137 121.5.146.101 122.14.209.181 141.68.82.56 149.131.100.235 157.75.8.246 186.72.247.61 199.147.9.172 212.220.239.108 213.131.47.90 240.158.25.11 |
IP Address |
124.222.72.76 |
|
Domain |
- |
|
ISP |
Development & Research Center of State Council Net |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-07 |
Last seen in Akamai Guardicore Segmentation |
2022-04-16 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 started listening on ports: 1234, 8084 and 8182 |
Listening |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 101.122.89.193:80, 101.122.89.193:8080, 101.42.101.141:1234, 101.43.173.48:1234, 104.242.196.208:80, 104.242.196.208:8080, 106.149.224.137:22, 11.217.150.83:80, 11.217.150.83:8080, 111.83.146.25:80, 111.83.146.25:8080, 112.191.59.253:80, 112.191.59.253:8080, 116.35.125.19:80, 116.35.125.19:8080, 121.5.146.101:1234, 122.14.209.181:1234, 123.131.190.99:80, 123.131.190.99:8080, 132.233.253.44:80, 132.233.253.44:8080, 141.68.82.56:80, 141.68.82.56:8080, 141.68.82.56:8090, 142.250.191.196:443, 144.37.110.234:80, 144.37.110.234:8080, 147.155.72.150:80, 147.155.72.150:8080, 149.131.100.235:22, 15.222.136.249:2222, 157.75.8.246:22, 160.146.44.240:80, 160.146.44.240:8080, 162.230.164.112:80, 162.230.164.112:8080, 172.67.133.228:443, 183.96.179.91:80, 183.96.179.91:8080, 186.72.247.61:80, 186.72.247.61:8080, 186.72.247.61:8090, 196.59.136.17:80, 196.59.136.17:8080, 199.147.9.172:2222, 21.51.74.174:80, 21.51.74.174:8080, 212.220.239.108:22, 213.131.47.90:80, 213.131.47.90:8080, 213.131.47.90:8090, 213.81.237.40:80, 213.81.237.40:8080, 216.17.117.3:80, 216.17.117.3:8080, 223.171.147.125:80, 223.171.147.125:8080, 223.46.51.236:80, 223.46.51.236:8080, 240.158.25.11:22, 249.156.154.80:80, 249.156.154.80:8080, 28.236.15.181:2222, 33.166.64.210:80, 33.166.64.210:8080, 39.183.5.165:80, 39.183.5.165:8080, 40.209.52.245:80, 40.209.52.245:8080, 45.161.220.248:80, 45.161.220.248:8080, 45.32.89.249:1234, 49.169.81.64:80, 49.169.81.64:8080, 49.90.217.47:80, 49.90.217.47:8080, 51.75.146.174:443, 55.173.46.148:22, 66.212.167.22:22, 7.31.224.148:80, 7.31.224.148:8080, 8.8.4.4:443, 8.8.8.8:443, 81.70.147.119:1234, 83.20.4.168:80, 83.20.4.168:8080, 87.170.219.75:80 and 87.170.219.75:8080 |
Outgoing Connection |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: vultrusercontent.com and wanex.net |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|