IP Address: 120.224.34.31Previously Malicious
IP Address: 120.224.34.31Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
IP Address |
120.224.34.31 |
|
|
Domain |
- |
|
|
ISP |
China Mobile Shandong |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2021-12-31 |
|
Last seen in Akamai Guardicore Segmentation |
2022-10-24 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
Process /usr/sbin/sshd scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
|
Process /dev/shm/apache2 scanned port 1234 on 33 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 1234 on 44 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
Process /dev/shm/apache2 scanned port 80 on 33 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
Process /usr/sbin/sshd scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
|
Process /bin/bash scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
|
Process /tmp/apache2 scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
|
Process /root/apache2 scanned port 1234 on 33 IP Addresses |
Port 1234 Scan |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 3 times |
Successful SSH Login |
|
/dev/shm/ifconfig was downloaded |
Download File |
|
A possibly malicious Superuser Operation was detected 12 times |
Superuser Operation |
|
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 1.220.98.197:1234, 1.239.55.4:80, 101.42.90.177:1234, 103.105.12.48:1234, 111.53.11.130:1234, 116.172.194.4:80, 117.54.14.169:1234, 118.140.125.31:80, 118.41.204.72:1234, 120.224.34.31:1234, 120.224.34.31:22, 120.31.133.162:1234, 124.115.231.214:1234, 128.13.128.19:80, 133.118.35.146:80, 134.168.220.182:80, 142.250.190.4:443, 148.99.107.12:80, 152.158.44.239:80, 161.107.113.34:1234, 161.247.246.248:80, 168.61.49.185:80, 17.104.213.80:80, 172.64.200.11:443, 176.207.184.214:80, 179.14.213.24:80, 181.126.225.140:80, 182.224.177.56:1234, 183.213.26.13:1234, 184.83.112.246:1234, 184.93.70.73:80, 185.210.144.122:1234, 190.138.240.233:1234, 194.98.251.150:80, 198.164.205.21:80, 200.187.120.199:80, 202.61.203.229:1234, 206.216.231.25:80, 209.216.177.158:1234, 21.122.233.131:80, 210.99.20.194:1234, 217.66.49.17:80, 218.131.61.71:80, 220.243.148.80:1234, 222.134.240.92:1234, 222.165.136.99:1234, 244.196.23.212:80, 246.251.118.162:80, 250.203.178.229:80, 251.89.178.95:80, 252.192.82.240:80, 253.35.14.68:80, 31.19.237.170:1234, 32.181.22.46:80, 33.31.72.154:80, 41.189.126.182:80, 51.75.146.174:443, 56.21.185.67:80, 59.73.186.187:80, 60.52.204.144:80, 62.12.106.5:1234, 64.227.132.175:1234, 67.188.196.43:80, 71.162.53.162:80, 77.41.193.200:80, 79.33.71.163:80, 8.8.4.4:443, 8.8.8.8:443, 80.147.162.151:1234, 81.150.212.179:80, 82.149.112.170:1234, 84.204.148.99:1234, 85.98.246.174:80, 86.241.173.40:80, 88.199.99.221:80, 89.212.123.191:1234, 89.42.172.23:80, 93.176.229.145:1234, 94.153.165.43:1234, 95.154.21.210:1234 and 96.3.86.203:80 |
Outgoing Connection |
|
Process /dev/shm/apache2 started listening on ports: 1234, 8087 and 8181 |
Listening |
|
The file /tmp/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /tmp/apache2 was downloaded and executed 5 times |
Download and Execute |
|
./ifconfig was downloaded |
Download File |
|
The file /root/ifconfig was downloaded and executed 4 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 22 times |
Download and Execute |
|
Process /root/apache2 generated outgoing network traffic to: 172.64.200.11:443 |
Outgoing Connection |
|
Process /dev/shm/apache2 scanned port 80 on 44 IP Addresses |
Port 1234 Scan Port 80 Scan |
|
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /var/tmp/apache2 was downloaded and executed 19 times |
Download and Execute |
|
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
System file /etc/apache2 was modified 4 times |
System File Modification |
|
The file /etc/ifconfig was downloaded and executed 6 times |
Download and Execute |
|
The file /etc/apache2 was downloaded and executed 14 times |
Download and Execute |
|
Connection was closed due to timeout |
|
|
/tmp/ifconfig |
SHA256: 2fd96aa6470f930f543ef665fcc62ffa4dfe6646b8f506c11b452a191800285b |
2392064 bytes |
|
/var/tmp/ifconfig |
SHA256: 003fc3b1c6259d744b011cde32a47e8cb0b00708ebec1465839b9c14279bc70b |
262144 bytes |
|
/tmp/ifconfig |
SHA256: 915f410de5799b81704f3695d8aa38d5da78b01b60cea17d3e0c3f162f9b0e9b |
1802240 bytes |
|
/tmp/ifconfig |
SHA256: b33bbdefc7d571e92a857b05db1fe718d964b55ec882786d8134442e3bb18f96 |
622592 bytes |
|
/root/ifconfig |
SHA256: fc67a5ff1acc35f9c4ef21c8429bb047e956486f2c12d401950cc7551f601195 |
2326528 bytes |
|
/etc/ifconfig |
SHA256: b2712bdabd192560eb201c14818ff1368c742242fee50fb164ef9f84142462fc |
2031616 bytes |
|
/root/ifconfig |
SHA256: 3b9707d2b3c510499a866fe655f57f05eba1eb55566b03979602e5b9d6616a05 |
655360 bytes |
|
/tmp/ifconfig |
SHA256: 2aacc3f6c14a2bd120ce9f7cab7af1f4d3e207bea33d56f02a14f75613a7930c |
786432 bytes |
|
/root/ifconfig |
SHA256: d9b749e456a80f1c690f3d3a80a74ef3cdaab9bbf91ad2392fa97c3085fbd8f1 |
229376 bytes |
© 2023 Akamai Technologies