IP Address: 150.136.67.66Previously Malicious
IP Address: 150.136.67.66Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Successful SSH Login Port 22 Scan Download and Execute SFTP Access Suspicious Domain Download File 1 Shell Commands Outgoing Connection Service Creation Listening Download and Allow Execution SSH |
|
Associated Attack Servers |
bsconect.com.br cabotelecom.com.br 81.222.221.226 119.45.1.175 138.185.197.214 159.65.57.205 187.111.253.62 |
|
IP Address |
150.136.67.66 |
|
|
Domain |
- |
|
|
ISP |
Oracle Public Cloud |
|
|
Country |
United States |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-04-17 |
|
Last seen in Akamai Guardicore Segmentation |
2022-04-17 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
./.895017816638976423/xinetd was downloaded |
Download File |
|
The file /root/.895017816638976423/xinetd was downloaded and executed 96 times |
Download and Execute |
|
Process /bin/bash generated outgoing network traffic to: 101.223.133.56:22, 102.167.215.48:22, 11.15.206.118:22, 111.238.192.189:22, 116.122.101.213:22, 117.232.129.235:22, 119.45.1.175:1919, 121.191.216.194:22, 123.237.186.164:22, 13.92.19.110:22, 130.18.168.131:22, 135.215.183.177:22, 137.151.154.236:22, 137.183.211.92:22, 138.185.197.214:1919, 139.246.23.91:22, 142.150.60.185:22, 142.217.150.48:22, 143.242.184.79:22, 143.74.18.157:22, 144.78.52.169:22, 15.135.149.114:22, 15.169.44.3:22, 153.138.218.42:22, 157.158.173.81:22, 159.65.57.205:1919, 164.106.244.139:22, 167.17.83.101:22, 17.56.202.28:22, 172.210.142.35:22, 176.115.130.6:22, 178.199.197.27:22, 178.68.47.151:22, 179.58.4.163:22, 181.139.126.61:22, 182.236.157.154:22, 182.92.84.9:22, 184.153.250.18:22, 187.111.253.62:1919, 19.252.227.231:22, 194.95.188.44:22, 198.215.173.216:22, 201.217.239.130:22, 202.238.161.167:22, 202.98.219.96:22, 204.98.8.162:22, 205.69.169.132:22, 209.187.123.244:22, 209.212.149.27:22, 214.165.228.200:22, 214.18.74.215:22, 217.60.91.138:22, 220.197.70.62:22, 221.11.174.164:22, 29.234.54.182:22, 31.180.179.21:22, 32.64.205.98:22, 33.155.155.116:22, 35.3.110.238:22, 37.51.239.109:22, 4.110.210.190:22, 43.14.58.235:22, 48.0.141.241:22, 48.82.11.45:22, 51.135.30.117:22, 52.67.185.33:22, 55.247.17.36:22, 60.18.96.138:22, 63.197.157.180:22, 64.110.27.246:22, 64.31.2.213:22, 64.73.212.100:22, 65.211.119.58:22, 66.244.234.235:22, 66.66.100.189:22, 67.44.162.164:22, 70.152.20.136:22, 71.127.178.9:22, 73.51.87.173:22, 75.185.200.156:22, 76.0.133.85:22, 76.10.74.215:22, 76.72.247.246:22, 8.245.27.12:22, 80.67.80.69:22, 81.222.221.226:1919, 84.155.120.35:22, 85.66.248.119:22, 85.94.205.108:22, 86.102.207.204:22, 86.181.90.238:22, 87.57.157.247:22, 88.120.5.74:22, 9.166.183.86:22, 91.55.163.74:22, 91.96.72.157:22, 95.178.30.121:22, 95.49.189.60:22, 96.15.150.210:22 and 98.152.185.50:22 |
Outgoing Connection |
|
Process /bin/bash attempted to access suspicious domains: bsconect.com.br and cabotelecom.com.br |
Access Suspicious Domain Outgoing Connection |
|
Process /bin/bash scanned port 22 on 95 IP Addresses |
Port 22 Scan |
|
Process /bin/bash started listening on ports: 1919 |
Listening |
|
Service systemd-worker was created |
Service Creation |
|
Connection was closed due to timeout |
|
|
/root/.2032687141960750504/xinetd |
SHA256: b9e643a8e78d2ce745fbe73eb505c8a0cc49842803077809b2267817979d10b0 |
30171136 bytes |
© 2023 Akamai Technologies