IP Address: 15.207.225.158Previously Malicious
IP Address: 15.207.225.158Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 22 Scan Port 8080 Scan 3 Shell Commands Download File SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection SCP Listening |
Associated Attack Servers |
5.77.217.163 6.109.193.106 15.76.35.151 20.141.185.205 23.94.56.185 27.163.201.69 45.176.190.247 46.13.164.29 49.223.115.202 49.234.105.58 52.211.153.92 53.141.202.192 64.135.138.38 67.190.18.245 68.130.128.113 77.81.181.231 77.167.19.98 80.29.39.22 80.74.168.249 81.214.154.133 82.157.131.41 86.18.6.125 93.184.176.202 97.68.188.68 99.247.243.86 101.42.223.157 101.43.142.151 101.43.184.100 101.131.15.82 |
IP Address |
15.207.225.158 |
|
Domain |
- |
|
ISP |
- |
|
Country |
India |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-04-04 |
Last seen in Akamai Guardicore Segmentation |
2022-04-20 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.193.13.194:80, 1.193.13.194:8080, 101.42.223.157:1234, 101.43.142.151:1234, 103.16.70.245:1234, 104.21.25.86:443, 104.63.99.250:80, 104.63.99.250:8080, 105.123.227.169:22, 106.55.188.60:1234, 106.7.141.88:22, 111.204.30.90:80, 111.204.30.90:8080, 114.103.166.176:80, 114.103.166.176:8080, 116.134.77.198:22, 116.208.253.11:2222, 117.237.214.127:80, 117.237.214.127:8080, 12.96.26.134:80, 12.96.26.134:8080, 120.68.61.120:80, 120.68.61.120:8080, 122.14.222.124:1234, 124.223.5.118:1234, 128.89.196.88:80, 128.89.196.88:8080, 142.250.191.196:443, 145.188.126.69:22, 153.232.42.198:80, 153.232.42.198:8080, 158.245.48.109:22, 161.226.99.44:80, 161.226.99.44:8080, 163.132.36.11:22, 17.178.7.33:22, 172.67.133.228:443, 175.233.192.71:80, 175.233.192.71:8080, 177.176.177.36:22, 194.35.30.59:80, 194.35.30.59:8080, 20.141.185.205:1234, 204.23.159.209:80, 204.23.159.209:8080, 204.230.149.141:80, 204.230.149.141:8080, 211.139.182.232:80, 211.139.182.232:8080, 216.14.116.30:80, 216.14.116.30:8080, 241.218.100.111:80, 241.218.100.111:8080, 243.67.202.91:80, 243.67.202.91:8080, 246.67.197.247:80, 246.67.197.247:8080, 247.17.166.193:80, 247.17.166.193:8080, 25.115.209.101:80, 25.115.209.101:8080, 25.141.195.151:80, 25.141.195.151:8080, 25.23.141.62:22, 250.8.91.105:80, 250.8.91.105:8080, 51.75.146.174:443, 6.109.193.106:2222, 60.179.112.132:22, 65.99.89.113:22, 7.38.173.159:80, 7.38.173.159:8080, 70.115.253.238:80, 70.115.253.238:8080, 71.200.203.69:80, 71.200.203.69:8080, 83.143.90.180:80, 83.143.90.180:8080, 83.171.126.80:80, 83.171.126.80:8080, 84.38.231.236:80, 84.38.231.236:8080, 89.187.140.191:80, 89.187.140.191:8080, 90.130.216.241:80, 90.130.216.241:8080, 93.184.176.202:2222, 99.17.184.186:80 and 99.17.184.186:8080 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8082 and 8185 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses 2 times |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|