IP Address: 158.69.246.75Previously Malicious
IP Address: 158.69.246.75Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP |
Tags |
Port 22 Scan Access Suspicious Domain Port 8080 Scan 2 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
43.224.87.235 49.233.60.34 62.12.106.6 101.151.238.160 103.96.41.245 103.141.246.254 103.152.118.20 117.50.179.21 162.47.185.146 189.211.155.42 |
IP Address |
158.69.246.75 |
|
Domain |
- |
|
ISP |
OVH Hosting |
|
Country |
Canada |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-08 |
Last seen in Akamai Guardicore Segmentation |
2022-04-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 101.151.238.160:2222, 102.42.204.102:80, 102.42.204.102:8080, 103.141.246.254:1234, 103.152.118.20:1234, 103.96.41.245:1234, 104.21.25.86:443, 105.64.2.135:80, 105.64.2.135:8080, 108.18.22.253:80, 108.18.22.253:8080, 109.149.94.133:80, 109.149.94.133:8080, 113.211.178.170:22, 117.50.179.21:1234, 118.235.212.204:80, 118.235.212.204:8080, 119.2.7.190:80, 119.2.7.190:8080, 132.192.117.85:80, 132.192.117.85:8080, 132.84.11.229:80, 132.84.11.229:8080, 135.3.86.45:22, 143.9.101.205:80, 143.9.101.205:8080, 147.194.103.195:80, 147.194.103.195:8080, 149.142.194.43:22, 149.83.184.28:80, 149.83.184.28:8080, 15.84.152.172:80, 15.84.152.172:8080, 157.24.36.105:80, 157.24.36.105:8080, 162.47.185.146:2222, 165.56.81.90:80, 165.56.81.90:8080, 170.105.242.120:80, 170.105.242.120:8080, 170.251.41.102:22, 172.67.133.228:443, 175.78.245.144:80, 175.78.245.144:8080, 177.91.77.232:80, 177.91.77.232:8080, 178.243.229.211:22, 181.223.229.184:80, 181.223.229.184:8080, 184.102.46.171:22, 189.211.155.42:2222, 190.210.122.6:80, 190.210.122.6:8080, 198.202.231.15:80, 198.202.231.15:8080, 203.226.240.150:80, 203.226.240.150:8080, 208.12.198.2:22, 218.191.103.90:80, 218.191.103.90:8080, 24.101.128.169:80, 24.101.128.169:8080, 248.169.63.163:80, 248.169.63.163:8080, 35.120.96.239:80, 35.120.96.239:8080, 43.224.87.235:2222, 45.234.33.58:80, 45.234.33.58:8080, 49.233.60.34:1234, 50.157.199.109:80, 50.157.199.109:8080, 51.75.146.174:443, 56.189.109.226:22, 62.12.106.5:1234, 62.12.106.6:1234, 63.38.200.193:22, 8.236.98.189:80, 8.236.98.189:8080, 82.121.57.199:80, 82.121.57.199:8080, 82.166.197.100:80, 82.166.197.100:8080, 86.23.58.10:80, 86.23.58.10:8080, 91.228.73.73:22, 93.3.75.197:80, 93.3.75.197:8080 and 95.73.81.28:22 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8083 and 8189 |
Listening |
Process /dev/shm/ifconfig attempted to access suspicious domains: axtel.net, jiketoys.com.cn and limerick.co.in |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|