IP Address: 152.136.255.57Previously Malicious
IP Address: 152.136.255.57Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
152.136.255.57 |
|
Domain |
- |
|
ISP |
Tencent cloud computing |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-02-23 |
Last seen in Akamai Guardicore Segmentation |
2022-04-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 12 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.1.1.1:443, 1.220.98.197:1234, 101.230.162.47:80, 101.230.162.47:8080, 101.43.91.194:1234, 105.13.69.207:80, 105.13.69.207:8080, 117.152.23.244:80, 117.152.23.244:8080, 119.63.72.64:80, 119.63.72.64:8080, 121.13.139.252:80, 121.13.139.252:8080, 124.115.231.214:1234, 124.17.157.27:80, 124.17.157.27:8080, 126.178.229.241:80, 126.178.229.241:8080, 132.54.142.14:80, 132.54.142.14:8080, 135.164.164.143:22, 139.146.148.76:80, 139.146.148.76:8080, 152.136.255.57:1234, 164.155.43.166:80, 164.155.43.166:8080, 168.86.78.222:80, 168.86.78.222:8080, 170.9.166.26:22, 173.87.156.105:80, 173.87.156.105:8080, 176.194.64.79:80, 176.194.64.79:8080, 18.131.202.59:2222, 180.110.55.210:22, 182.101.116.61:80, 182.101.116.61:8080, 187.202.146.174:22, 188.166.149.59:22, 188.241.135.246:22, 193.45.67.62:22, 194.2.109.94:80, 194.2.109.94:8080, 196.68.174.204:80, 196.68.174.204:8080, 198.20.26.155:22, 199.34.22.110:1234, 201.229.106.142:80, 201.229.106.142:8080, 205.239.12.183:22, 207.24.44.56:80, 207.24.44.56:8080, 210.127.124.53:2222, 215.144.43.120:80, 215.144.43.120:8080, 219.31.26.172:80, 219.31.26.172:8080, 243.174.3.176:80, 243.174.3.176:8080, 247.114.39.79:2222, 26.97.20.81:80, 26.97.20.81:8080, 31.132.43.123:22, 35.85.169.147:80, 35.85.169.147:8080, 43.242.247.139:1234, 46.64.22.88:2222, 47.232.5.238:80, 47.232.5.238:8080, 49.232.205.83:1234, 50.134.143.105:80, 50.134.143.105:8080, 54.134.130.50:80, 54.134.130.50:8080, 65.14.119.223:80, 65.14.119.223:8080, 73.220.143.16:80, 73.220.143.16:8080, 75.27.5.112:22, 8.206.172.95:2222, 81.180.145.34:80, 81.180.145.34:8080, 89.245.108.249:80, 89.245.108.249:8080, 98.183.191.246:80, 98.183.191.246:8080, 98.221.155.80:80, 98.221.155.80:8080 and 99.27.80.201:2222 |
Outgoing Connection |
Process /dev/shm/ifconfig started listening on ports: 1234, 8087 and 8186 |
Listening |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/ifconfig attempted to access suspicious domains: sbcglobal.net and skybroadband.com |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|
/tmp/ifconfig |
SHA256: 1baed6e01f9715569e8d4aca39d13b7d8b92cb7c60e5099ed8998434287c985e |
2651328 bytes |