IP Address: 182.112.252.39Previously Malicious
IP Address: 182.112.252.39Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
Associated Attack Servers |
a1.net fortinettelecom.com.br versatel.net 14.35.205.157 18.134.224.150 20.195.231.146 40.250.77.101 64.201.196.66 66.228.28.18 79.211.199.134 82.113.101.69 87.215.113.228 93.111.3.12 101.43.63.42 110.156.18.213 113.39.238.70 122.55.205.56 122.226.203.193 146.56.115.54 157.51.42.212 159.75.135.54 165.144.134.253 179.51.198.178 222.165.136.99 250.52.117.51 |
IP Address |
182.112.252.39 |
|
Domain |
- |
|
ISP |
China Unicom Liaoning |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-24 |
Last seen in Akamai Guardicore Segmentation |
2022-03-25 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 101.43.63.42:1234, 104.21.25.86:443, 106.109.246.61:80, 106.109.246.61:8080, 109.31.14.18:80, 109.31.14.18:8080, 11.22.49.125:80, 11.22.49.125:8080, 110.156.18.213:2222, 113.39.238.70:22, 12.194.190.97:80, 12.194.190.97:8080, 12.211.122.154:80, 12.211.122.154:8080, 122.226.203.193:2222, 122.55.205.56:2222, 125.204.29.106:80, 125.204.29.106:8080, 13.142.56.159:80, 13.142.56.159:8080, 136.94.212.99:80, 136.94.212.99:8080, 139.101.201.104:80, 139.101.201.104:8080, 14.35.205.157:1234, 146.56.115.54:1234, 147.25.202.227:80, 147.25.202.227:8080, 154.232.85.207:80, 154.232.85.207:8080, 157.51.42.212:22, 159.75.135.54:1234, 165.144.134.253:2222, 172.67.133.228:443, 179.51.198.178:22, 18.134.224.150:2222, 184.250.215.121:80, 184.250.215.121:8080, 189.235.61.226:80, 189.235.61.226:8080, 19.235.17.233:80, 19.235.17.233:8080, 198.221.95.119:80, 198.221.95.119:8080, 20.195.231.146:1234, 21.133.172.72:80, 21.133.172.72:8080, 221.134.160.209:80, 221.134.160.209:8080, 222.165.136.99:1234, 250.52.117.51:22, 26.99.61.74:80, 26.99.61.74:8080, 32.154.70.29:80, 32.154.70.29:8080, 36.90.80.12:80, 36.90.80.12:8080, 38.82.135.8:80, 38.82.135.8:8080, 39.243.134.20:80, 39.243.134.20:8080, 40.250.77.101:2222, 45.91.128.108:80, 45.91.128.108:8080, 51.75.146.174:443, 52.46.79.175:80, 52.46.79.175:8080, 56.114.170.39:80, 56.114.170.39:8080, 60.134.249.37:80, 60.134.249.37:8080, 60.212.20.105:80, 60.212.20.105:8080, 62.30.244.78:80, 62.30.244.78:8080, 64.201.196.66:22, 66.228.28.18:1234, 78.2.154.52:80, 78.2.154.52:8080, 79.211.199.134:2222, 82.113.101.69:2222, 87.215.113.228:22, 88.88.137.160:80, 88.88.137.160:8080, 90.248.54.120:80, 90.248.54.120:8080, 93.111.3.12:2222, 99.1.103.190:80 and 99.1.103.190:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8088 and 8186 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: a1.net, fortinettelecom.com.br, pldt.net, sasknet.sk.ca, t-ipconnect.de, telkomadsl.co.za and versatel.net |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|