IP Address: 150.230.56.211Previously Malicious
IP Address: 150.230.56.211Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SCP |
|
Tags |
Successful SSH Login Access Suspicious Domain Download File Port 80 Scan Outgoing Connection 2 Shell Commands Port 8080 Scan Superuser Operation Listening SSH SCP |
|
Associated Attack Servers |
22.174.180.119 35.214.58.36 39.97.149.216 55.76.164.47 76.175.168.235 81.70.246.178 97.236.169.111 117.50.3.175 121.5.146.101 149.18.181.66 150.86.246.141 150.158.76.27 162.157.112.163 162.168.74.107 167.200.189.221 169.206.39.93 176.207.117.80 185.129.50.53 194.130.102.251 212.164.128.76 248.64.159.243 |
|
IP Address |
150.230.56.211 |
|
|
Domain |
- |
|
|
ISP |
Oracle Corporation |
|
|
Country |
United States |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-04-13 |
|
Last seen in Akamai Guardicore Segmentation |
2022-04-20 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
/dev/shm/ifconfig was downloaded |
Download File |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
Process /dev/shm/ifconfig generated outgoing network traffic to: 104.21.25.86:443, 104.248.36.230:1234, 113.158.230.23:80, 113.158.230.23:8080, 117.115.100.252:80, 117.115.100.252:8080, 117.50.3.175:1234, 121.5.146.101:1234, 130.208.117.63:80, 130.208.117.63:8080, 135.230.87.135:80, 135.230.87.135:8080, 144.239.57.162:80, 144.239.57.162:8080, 149.18.181.66:2222, 150.158.76.27:1234, 150.86.246.141:22, 153.179.217.119:80, 153.179.217.119:8080, 154.218.206.186:80, 154.218.206.186:8080, 161.136.203.221:80, 161.136.203.221:8080, 161.238.199.213:80, 161.238.199.213:8080, 162.157.112.163:2222, 162.168.74.107:22, 167.200.189.221:2222, 169.206.39.93:2222, 172.67.133.228:443, 176.207.117.80:2222, 177.173.115.15:80, 177.173.115.15:8080, 183.152.223.111:80, 183.152.223.111:8080, 185.129.50.53:1234, 189.23.77.227:80, 189.23.77.227:8080, 194.130.102.251:2222, 202.43.17.54:80, 202.43.17.54:8080, 207.227.217.43:80, 207.227.217.43:8080, 211.19.176.166:80, 211.19.176.166:8080, 212.164.128.76:22, 213.160.117.1:80, 213.160.117.1:8080, 219.112.84.75:80, 219.112.84.75:8080, 22.174.180.119:22, 220.243.9.201:80, 220.243.9.201:8080, 221.50.198.154:80, 221.50.198.154:8080, 247.16.135.125:80, 247.16.135.125:8080, 248.64.159.243:2222, 32.176.86.181:80, 32.176.86.181:8080, 33.115.107.37:80, 33.115.107.37:8080, 33.22.108.225:80, 33.22.108.225:8080, 34.105.155.58:80, 34.105.155.58:8080, 35.214.58.36:2222, 37.11.14.184:80, 37.11.14.184:8080, 37.84.57.215:80, 37.84.57.215:8080, 39.9.47.88:80, 39.9.47.88:8080, 39.97.149.216:22, 42.240.248.206:80, 42.240.248.206:8080, 51.75.146.174:443, 55.76.164.47:22, 59.238.12.241:80, 59.238.12.241:8080, 63.65.156.196:80, 63.65.156.196:8080, 76.175.168.235:22, 81.70.246.178:1234, 86.99.2.149:80, 86.99.2.149:8080, 92.163.185.225:80, 92.163.185.225:8080 and 97.236.169.111:22 |
Outgoing Connection |
|
Process /dev/shm/ifconfig started listening on ports: 1234, 8083 and 8182 |
Listening |
|
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/ifconfig attempted to access suspicious domains: googleusercontent.com, myvzw.com and rt-solar.ru |
Access Suspicious Domain Outgoing Connection |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies