IP Address: 124.222.126.169Previously Malicious
IP Address: 124.222.126.169Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
amazonaws.com dns.google linodeusercontent.com xmrpool.eu 1.1.1.1 2.218.46.213 8.8.4.4 8.8.8.8 15.119.6.131 15.122.41.42 19.115.1.9 27.172.181.86 39.131.78.15 51.75.146.174 62.12.106.5 73.62.48.159 100.31.105.13 101.42.225.97 103.9.134.247 103.197.75.223 104.21.25.86 104.200.17.39 117.16.44.111 139.129.173.210 161.107.113.27 163.123.181.132 180.239.141.179 201.217.214.176 210.147.197.218 |
IP Address |
124.222.126.169 |
|
Domain |
- |
|
ISP |
Development & Research Center of State Council Net |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-14 |
Last seen in Akamai Guardicore Segmentation |
2022-04-20 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 100.31.105.13:2222, 101.42.225.97:1234, 103.197.75.223:2222, 104.200.17.39:1234, 104.21.25.86:443, 111.79.41.212:80, 111.79.41.212:8080, 112.122.213.52:80, 112.122.213.52:8080, 117.16.44.111:1234, 120.17.79.217:80, 120.17.79.217:8080, 123.80.96.241:80, 123.80.96.241:8080, 129.199.4.150:80, 129.199.4.150:8080, 132.59.37.76:80, 132.59.37.76:8080, 134.4.121.8:80, 134.4.121.8:8080, 135.212.16.198:80, 135.212.16.198:8080, 139.129.173.210:80, 139.129.173.210:8080, 139.129.173.210:8090, 142.250.191.228:443, 15.119.6.131:1234, 15.122.41.42:2222, 150.26.29.129:80, 150.26.29.129:8080, 155.117.81.79:80, 155.117.81.79:8080, 161.107.113.27:1234, 163.123.181.132:1234, 17.168.188.167:80, 17.168.188.167:8080, 174.160.119.149:80, 174.160.119.149:8080, 180.239.141.179:2222, 183.107.242.141:80, 183.107.242.141:8080, 188.243.205.151:80, 188.243.205.151:8080, 189.213.30.42:80, 189.213.30.42:8080, 19.115.1.9:22, 199.162.202.50:80, 199.162.202.50:8080, 2.218.46.213:2222, 201.217.214.176:2222, 202.80.144.67:80, 202.80.144.67:8080, 206.196.21.137:80, 206.196.21.137:8080, 208.180.43.129:80, 208.180.43.129:8080, 210.147.197.218:22, 22.97.171.54:80, 22.97.171.54:8080, 23.111.141.143:80, 23.111.141.143:8080, 27.172.181.86:2222, 39.131.78.15:2222, 47.44.11.13:80, 47.44.11.13:8080, 51.75.146.174:443, 56.236.81.100:80, 56.236.81.100:8080, 62.12.106.5:1234, 67.243.112.10:80, 67.243.112.10:8080, 68.44.106.106:80, 68.44.106.106:8080, 69.32.38.233:80, 69.32.38.233:8080, 72.71.120.59:80, 72.71.120.59:8080, 73.62.48.159:22, 75.225.36.179:80, 75.225.36.179:8080, 8.8.4.4:443, 8.8.8.8:443, 85.157.50.217:80, 85.157.50.217:8080, 89.74.9.118:80, 89.74.9.118:8080, 93.248.69.35:80 and 93.248.69.35:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8080 and 8181 |
Listening |
Process /dev/shm/apache2 attempted to access suspicious domains: ifxnetworks.com and linodeusercontent.com |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|