IP Address: 175.24.120.21Previously Malicious
IP Address: 175.24.120.21Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
175.24.120.21 |
|
Domain |
- |
|
ISP |
Tencent cloud computing |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
Last seen in Akamai Guardicore Segmentation |
2022-05-14 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 4 times |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 4 times |
Superuser Operation |
./ifconfig was downloaded |
Download File |
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /root/apache2 scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
Process /root/apache2 generated outgoing network traffic to: 1.1.1.1:443, 1.56.81.3:80, 112.243.131.13:80, 112.243.131.13:8080, 114.58.213.66:80, 114.58.213.66:8080, 117.102.27.135:80, 117.102.27.135:8080, 117.16.44.111:1234, 117.54.14.169:1234, 118.100.111.108:80, 118.100.111.108:8080, 120.31.133.162:1234, 123.132.238.210:1234, 123.132.238.210:22, 124.115.231.214:1234, 126.47.172.207:80, 126.47.172.207:8080, 140.20.163.178:80, 140.20.163.178:8080, 142.250.191.196:443, 150.107.95.20:1234, 154.197.1.47:80, 154.197.1.47:8080, 161.107.113.27:1234, 161.107.113.34:1234, 161.70.98.32:1234, 165.222.104.146:80, 165.222.104.146:8080, 172.67.133.228:443, 173.18.35.41:1234, 175.178.52.112:80, 175.178.52.112:8080, 176.79.4.187:80, 176.79.4.187:8080, 182.248.201.230:80, 182.248.201.230:8080, 184.110.5.105:80, 184.110.5.105:8080, 186.239.131.1:80, 186.239.131.1:8080, 191.242.182.210:1234, 202.61.203.229:1234, 211.162.184.120:1234, 212.57.36.20:1234, 215.65.3.133:80, 222.100.124.62:1234, 222.103.98.58:1234, 222.134.240.91:1234, 223.171.91.160:1234, 30.177.179.218:80, 30.177.179.218:8080, 30.237.109.253:80, 30.237.109.253:8080, 34.234.142.74:80, 34.234.142.74:8080, 39.130.19.215:80, 43.242.247.139:1234, 45.120.216.114:1234, 49.202.244.178:80, 49.202.244.178:8080, 5.115.112.147:80, 5.115.112.147:8080, 51.75.146.174:443, 53.234.49.222:80, 53.234.49.222:8080, 59.184.191.148:80, 59.3.186.45:1234, 6.140.243.189:80, 6.140.243.189:8080, 62.174.136.92:80, 62.174.136.92:8080, 70.107.46.116:80, 70.107.46.116:8080, 78.51.173.246:80, 8.140.82.51:80, 8.8.8.8:443, 81.32.126.197:80, 81.32.126.197:8080, 85.105.82.39:1234, 86.133.233.66:1234, 91.157.155.122:80, 91.157.155.122:8080, 94.153.165.43:1234, 95.106.180.94:80, 95.106.180.94:8080, 99.67.243.207:80 and 99.67.243.207:8080 |
Outgoing Connection |
Process /root/apache2 started listening on ports: 1234, 8084 and 8183 |
Listening |
The file /root/apache2 was downloaded and executed 149 times |
Download and Execute |
Process /root/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
Process /root/apache2 scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
/tmp/ifconfig was downloaded |
Download File |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|