IP Address: 88.120.198.193Malicious
IP Address: 88.120.198.193Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 1234 Scan 8 Shell Commands SSH Listening SCP Port 80 Scan Port 8080 Scan Superuser Operation Outgoing Connection Successful SSH Login Download File |
Associated Attack Servers |
8.213.128.6 13.50.16.84 35.165.157.76 45.168.133.250 64.19.144.228 103.158.58.2 123.132.238.210 124.70.55.29 124.223.14.100 166.193.42.34 166.193.42.177 172.64.110.32 172.64.111.32 172.64.200.11 212.235.185.14 219.140.162.82 222.117.95.174 |
IP Address |
88.120.198.193 |
|
Domain |
- |
|
ISP |
Free SAS |
|
Country |
France |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-09-22 |
Last seen in Akamai Guardicore Segmentation |
2023-03-12 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
Process /dev/shm/ifconfig scanned port 1234 on 25 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 25 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 25 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 1234 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/bash scanned port 1234 on 25 IP Addresses 2 times |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 25 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 25 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 25 IP Addresses 2 times |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 111.53.11.130:1234, 117.54.14.169:1234, 117.80.212.33:1234, 118.173.223.78:80, 118.173.223.78:8080, 125.63.68.13:1234, 137.83.241.129:80, 138.202.103.142:80, 138.202.103.142:8080, 142.250.190.4:443, 150.107.95.20:1234, 155.231.11.75:80, 155.231.11.75:8080, 161.107.113.27:1234, 161.2.168.164:80, 161.2.168.164:8080, 163.189.188.75:80, 163.189.188.75:8080, 167.19.160.62:80, 167.19.160.62:8080, 167.215.104.192:80, 168.197.21.80:80, 168.197.21.80:8080, 172.116.86.145:80, 172.116.86.145:8080, 182.224.177.56:1234, 183.213.26.13:1234, 185.210.144.122:1234, 190.138.240.233:1234, 190.60.239.44:1234, 197.152.193.174:80, 197.152.193.174:8080, 197.41.137.72:80, 197.41.137.72:8080, 197.43.4.73:80, 197.43.4.73:8080, 197.99.24.35:80, 197.99.24.35:8080, 202.38.88.80:80, 207.36.63.225:80, 207.36.63.225:8080, 211.123.117.34:80, 211.123.117.34:8080, 215.169.44.106:80, 215.169.44.106:8080, 222.103.98.58:1234, 222.121.63.87:1234, 222.134.240.91:1234, 223.99.166.104:1234, 23.111.196.249:80, 23.111.196.249:8080, 30.37.190.232:80, 30.37.190.232:8080, 33.9.24.16:80, 33.9.24.16:8080, 38.228.208.174:80, 38.228.208.174:8080, 39.134.191.151:80, 39.134.191.151:8080, 4.15.231.152:80, 4.226.234.229:80, 40.3.138.151:80, 40.3.138.151:8080, 42.63.126.204:80, 42.63.126.204:8080, 45.120.216.114:1234, 51.75.146.174:443, 61.77.105.219:1234, 62.12.106.5:1234, 64.227.132.175:1234, 66.87.109.168:80, 66.87.109.168:8080, 82.66.5.84:1234, 83.151.37.248:80, 83.151.37.248:8080, 84.204.148.99:1234, 93.176.229.145:1234, 94.119.70.134:80, 94.119.70.134:8080, 94.99.76.77:80, 94.99.76.77:8080, 95.154.21.210:1234, 98.27.31.110:80 and 98.27.31.110:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8088 and 8182 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 27 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to user inactivity |
|