IP Address: 150.158.139.2Previously Malicious
IP Address: 150.158.139.2Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
3.110.236.209 8.198.138.18 24.117.72.188 30.94.25.37 39.99.60.12 56.71.96.203 76.53.91.189 82.98.89.209 106.52.252.228 111.26.161.204 125.98.52.36 139.148.26.70 163.158.27.103 166.66.188.121 202.61.203.229 213.208.244.40 222.55.81.232 241.231.4.5 |
IP Address |
150.158.139.2 |
|
Domain |
- |
|
ISP |
Tencent Cloud Computing (Beijing) Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-20 |
Last seen in Akamai Guardicore Segmentation |
2022-04-14 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.1.1.1:443, 105.169.196.49:80, 105.169.196.49:8080, 106.52.252.228:1234, 111.26.161.204:1234, 12.33.90.227:80, 12.33.90.227:8080, 125.98.52.36:2222, 130.25.111.87:80, 130.25.111.87:8080, 131.21.138.3:80, 131.21.138.3:8080, 132.165.157.177:80, 132.165.157.177:8080, 139.148.26.70:1234, 141.151.181.206:80, 141.151.181.206:8080, 142.250.191.228:443, 143.95.25.58:80, 143.95.25.58:8080, 146.150.146.66:80, 146.150.146.66:8080, 161.107.113.27:1234, 161.113.69.126:80, 161.113.69.126:8080, 163.158.27.103:22, 164.58.101.174:80, 164.58.101.174:8080, 166.66.188.121:22, 168.199.54.79:80, 168.199.54.79:8080, 172.67.133.228:443, 176.132.53.83:80, 176.132.53.83:8080, 176.6.100.68:80, 176.6.100.68:8080, 179.143.44.169:80, 179.143.44.169:8080, 180.220.123.198:80, 180.220.123.198:8080, 190.146.167.78:80, 190.146.167.78:8080, 190.166.251.89:80, 190.166.251.89:8080, 2.43.245.3:80, 2.43.245.3:8080, 202.61.203.229:1234, 213.208.244.40:22, 214.127.40.117:80, 214.127.40.117:8080, 218.245.236.99:80, 218.245.236.99:8080, 222.55.81.232:2222, 24.117.72.188:22, 240.55.216.111:80, 240.55.216.111:8080, 241.231.4.5:2222, 3.110.236.209:1234, 3.180.70.183:80, 3.180.70.183:8080, 30.251.70.15:80, 30.251.70.15:8080, 30.94.25.37:2222, 31.108.253.152:80, 31.108.253.152:8080, 39.125.39.191:80, 39.125.39.191:8080, 39.91.180.145:80, 39.91.180.145:8080, 39.99.60.12:1234, 42.29.21.167:80, 42.29.21.167:8080, 51.75.146.174:443, 56.71.96.203:2222, 7.60.138.178:80, 7.60.138.178:8080, 74.196.54.157:80, 74.196.54.157:8080, 76.53.91.189:22, 77.65.44.27:80, 77.65.44.27:8080, 8.198.138.18:22, 8.8.4.4:443, 8.8.8.8:443, 82.98.89.209:22, 88.240.83.226:80, 88.240.83.226:8080, 94.167.202.121:80 and 94.167.202.121:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8086 and 8184 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: caiway.nl, goodsrv.de, sparklight.net and t-systems-contentfilterservices.com |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|