IP Address: 150.158.142.185Previously Malicious
IP Address: 150.158.142.185Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
12.249.140.78 28.7.143.157 35.63.68.199 47.16.155.222 66.249.65.98 81.70.94.80 104.158.24.62 122.14.209.181 133.205.30.248 150.158.136.116 152.239.58.1 175.178.83.45 185.204.16.17 190.164.102.204 193.46.255.193 196.119.60.86 199.83.89.153 208.109.37.82 221.233.238.70 |
IP Address |
150.158.142.185 |
|
Domain |
- |
|
ISP |
Tencent Cloud Computing (Beijing) Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-25 |
Last seen in Akamai Guardicore Segmentation |
2022-04-04 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 104.158.24.62:22, 104.21.25.86:443, 106.204.175.221:80, 106.204.175.221:8080, 115.204.226.171:80, 115.204.226.171:8080, 12.12.65.181:80, 12.12.65.181:8080, 12.249.140.78:2222, 122.14.209.181:1234, 125.102.246.61:80, 125.102.246.61:8080, 128.5.73.131:80, 128.5.73.131:8080, 133.205.30.248:22, 142.251.32.4:443, 149.39.181.201:80, 149.39.181.201:8080, 150.158.136.116:1234, 152.239.58.1:22, 163.74.170.42:80, 163.74.170.42:8080, 17.175.128.51:80, 17.175.128.51:8080, 172.4.56.132:80, 172.4.56.132:8080, 175.178.83.45:1234, 178.103.150.148:80, 178.103.150.148:8080, 18.195.83.196:80, 18.195.83.196:8080, 185.204.16.17:2222, 190.164.102.204:2222, 193.46.255.193:1234, 196.119.60.86:80, 196.119.60.86:8080, 196.119.60.86:8090, 199.83.89.153:22, 208.109.37.82:1234, 208.109.37.82:22, 210.87.219.249:80, 210.87.219.249:8080, 212.157.231.86:80, 212.157.231.86:8080, 213.120.54.9:80, 213.120.54.9:8080, 221.233.238.70:2222, 24.136.248.122:80, 24.136.248.122:8080, 252.65.129.1:80, 252.65.129.1:8080, 28.7.143.157:22, 31.11.49.42:80, 31.11.49.42:8080, 32.94.225.157:80, 32.94.225.157:8080, 33.189.145.125:80, 33.189.145.125:8080, 35.63.68.199:22, 40.154.175.53:80, 40.154.175.53:8080, 45.70.153.243:80, 45.70.153.243:8080, 47.16.155.222:1234, 5.105.196.135:80, 5.105.196.135:8080, 51.75.146.174:443, 55.5.240.151:80, 55.5.240.151:8080, 6.7.167.143:80, 6.7.167.143:8080, 72.211.253.140:80, 72.211.253.140:8080, 73.170.47.135:80, 73.170.47.135:8080, 74.138.206.192:80, 74.138.206.192:8080, 8.37.6.72:80, 8.37.6.72:8080, 8.8.8.8:443, 81.70.94.80:1234, 9.57.128.77:80, 9.57.128.77:8080, 97.225.10.213:80, 97.225.10.213:8080, 99.211.129.164:80 and 99.211.129.164:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8088 and 8186 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: 104.in-addr.arpa, optonline.net, servermail.org, studiopreps.com and veloxzone.com.br |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|