IP Address: 153.35.125.23Previously Malicious
IP Address: 153.35.125.23Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SCP SSH |
|
Tags |
Successful SSH Login Port 8080 Scan 15 Shell Commands Listening SSH SCP Outgoing Connection Download and Execute Superuser Operation Port 80 Scan Download File Port 1234 Scan |
|
Associated Attack Servers |
|
IP Address |
153.35.125.23 |
|
|
Domain |
- |
|
|
ISP |
China Unicom Liaoning |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2018-06-24 |
|
Last seen in Akamai Guardicore Segmentation |
2022-07-17 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
/dev/shm/ifconfig was downloaded |
Download File |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 6 times |
Superuser Operation |
|
Process /dev/shm/apache2 scanned port 1234 on 31 IP Addresses |
Port 1234 Scan |
|
Process /bin/nc.openbsd scanned port 1234 on 31 IP Addresses |
Port 1234 Scan |
|
Process /usr/sbin/sshd scanned port 1234 on 31 IP Addresses |
Port 1234 Scan |
|
Process /tmp/apache2 scanned port 1234 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /tmp/apache2 scanned port 80 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /tmp/apache2 scanned port 8080 on 31 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /tmp/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /tmp/apache2 scanned port 1234 on 12 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /usr/sbin/sshd scanned port 1234 on 31 IP Addresses |
Port 1234 Scan |
|
Process /bin/bash scanned port 1234 on 31 IP Addresses 3 times |
Port 1234 Scan |
|
Process /dev/shm/apache2 generated outgoing network traffic to: 103.105.12.48:1234, 117.54.14.169:1234, 150.107.95.20:1234, 161.35.79.199:1234, 172.67.133.228:443, 184.83.112.246:1234, 223.171.91.160:1234, 46.13.164.29:1234 and 82.66.5.84:1234 |
Outgoing Connection |
|
Process /dev/shm/apache2 started listening on ports: 1234, 8088 and 8183 |
Listening |
|
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /tmp/apache2 was downloaded and executed 93 times |
Download and Execute |
|
Process /tmp/apache2 generated outgoing network traffic to: 101.145.202.17:80, 101.145.202.17:8080, 104.21.25.86:443, 104.36.176.182:80, 112.132.146.231:80, 112.132.146.231:8080, 113.224.224.129:80, 118.218.209.149:1234, 120.14.95.188:80, 120.224.34.31:1234, 140.234.137.207:80, 140.234.137.207:8080, 145.239.161.248:80, 145.239.161.248:8080, 150.156.45.248:80, 150.41.143.68:80, 155.162.231.34:80, 155.94.110.77:80, 161.107.113.27:1234, 161.35.79.199:1234, 172.67.133.228:443, 177.1.215.101:80, 18.217.79.246:80, 182.49.250.158:1234, 183.213.26.13:1234, 190.12.120.30:1234, 196.33.108.54:80, 209.216.177.158:1234, 209.216.177.238:1234, 22.40.29.226:80, 222.103.98.58:1234, 222.121.63.87:1234, 222.134.240.92:1234, 222.20.94.50:80, 223.171.91.127:1234, 223.171.91.149:1234, 223.171.91.160:1234, 223.171.91.191:1234, 240.146.8.148:80, 240.146.8.148:8080, 243.23.206.182:80, 249.4.149.37:80, 249.48.107.51:80, 3.184.94.203:80, 3.184.94.203:8080, 34.31.149.37:80, 39.78.169.107:80, 39.78.169.107:8080, 44.118.170.176:80, 44.47.196.241:80, 44.47.196.241:8080, 45.120.216.114:1234, 51.75.146.174:443, 59.3.186.45:1234, 62.12.106.5:1234, 64.24.234.90:80, 67.180.207.49:80, 67.180.207.49:8080, 7.89.195.30:80, 7.89.195.30:8080, 74.166.8.151:80, 81.5.132.100:80, 84.204.148.99:1234, 85.105.82.39:1234, 87.172.145.50:80, 87.172.145.50:8080, 90.186.36.91:80, 90.186.36.91:8080, 94.153.165.43:1234 and 95.154.21.210:1234 |
Outgoing Connection |
|
Process /tmp/apache2 started listening on ports: 1234, 8083, 8088 and 8180 |
Listening |
|
Process /tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /tmp/apache2 scanned port 80 on 12 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /tmp/apache2 scanned port 8080 on 12 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Connection was closed due to user inactivity |
|
© 2023 Akamai Technologies