IP Address: 112.196.52.106Previously Malicious
IP Address: 112.196.52.106Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Port 22 Scan Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
Associated Attack Servers |
cultimording.org.uk smarttelecom.com.br 13.23.199.82 20.140.50.19 27.129.128.235 58.229.125.66 94.153.165.43 96.162.9.204 120.236.68.238 121.200.53.148 122.151.56.249 179.106.38.141 202.61.203.229 206.243.165.154 210.108.14.104 223.171.91.191 240.38.249.167 |
IP Address |
112.196.52.106 |
|
Domain |
- |
|
ISP |
Quadrant Televentures Limited |
|
Country |
India |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-08-09 |
Last seen in Akamai Guardicore Segmentation |
2022-04-03 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 scanned port 22 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 generated outgoing network traffic to: 103.214.224.251:80, 103.214.224.251:8080, 104.21.25.86:443, 105.99.36.164:22, 109.126.108.52:22, 115.4.47.199:80, 115.4.47.199:8080, 12.112.239.231:22, 120.152.52.210:80, 120.152.52.210:8080, 120.236.68.238:1234, 122.151.56.249:2222, 13.23.199.82:2222, 134.97.223.238:22, 135.171.239.34:80, 135.171.239.34:8080, 145.12.248.139:22, 150.70.225.62:80, 150.70.225.62:8080, 155.17.248.45:80, 155.17.248.45:8080, 168.111.90.17:80, 168.111.90.17:8080, 172.67.133.228:443, 177.91.199.100:80, 177.91.199.100:8080, 182.125.229.28:22, 182.15.232.153:80, 182.15.232.153:8080, 182.156.30.4:22, 190.239.30.207:80, 190.239.30.207:8080, 190.68.109.45:80, 190.68.109.45:8080, 195.244.165.228:80, 195.244.165.228:8080, 2.181.238.120:80, 2.181.238.120:8080, 20.140.50.19:2222, 202.61.203.229:1234, 203.228.113.101:80, 203.228.113.101:8080, 205.175.206.216:80, 205.175.206.216:8080, 206.243.165.154:2222, 208.222.104.145:80, 208.222.104.145:8080, 210.108.14.104:2222, 211.128.131.244:80, 211.128.131.244:8080, 215.225.165.166:80, 215.225.165.166:8080, 217.54.161.132:80, 217.54.161.132:8080, 219.15.154.14:22, 223.171.91.191:1234, 240.38.249.167:2222, 250.100.192.160:80, 250.100.192.160:8080, 250.210.194.204:80, 250.210.194.204:8080, 251.21.155.56:80, 251.21.155.56:8080, 30.236.27.124:22, 31.245.226.68:80, 31.245.226.68:8080, 50.90.61.19:80, 50.90.61.19:8080, 51.75.146.174:443, 55.172.177.23:80, 55.172.177.23:8080, 58.229.125.66:1234, 6.115.161.15:80, 6.115.161.15:8080, 65.28.29.175:22, 73.180.94.211:80, 73.180.94.211:8080, 74.53.112.238:80, 74.53.112.238:8080, 81.180.242.174:1234, 84.24.120.45:80, 84.24.120.45:8080, 86.86.77.197:80, 86.86.77.197:8080, 88.47.224.188:80, 88.47.224.188:8080, 9.126.71.167:80, 9.126.71.167:8080, 94.153.165.43:1234 and 96.162.9.204:2222 |
Outgoing Connection |
Process /dev/shm/apache2 attempted to access suspicious domains: cultimording.org.uk, dodo.net.au, goodsrv.de and kyivstar.net |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8080 and 8181 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|