IP Address: 2.236.87.150Previously Malicious
IP Address: 2.236.87.150Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SCP SSH |
|
Tags |
Port 1234 Scan SSH Listening 5 Shell Commands SCP Port 80 Scan Port 8080 Scan Superuser Operation Outgoing Connection Successful SSH Login Download File |
|
Associated Attack Servers |
|
IP Address |
2.236.87.150 |
|
|
Domain |
- |
|
|
ISP |
Fastweb |
|
|
Country |
Italy |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-05-11 |
|
Last seen in Akamai Guardicore Segmentation |
2022-11-26 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
Process /dev/shm/apache2 scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 1234 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
|
Process /bin/bash scanned port 1234 on 26 IP Addresses 2 times |
Port 1234 Scan |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
/dev/shm/ifconfig was downloaded |
Download File |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
Process /dev/shm/apache2 generated outgoing network traffic to: 100.244.46.170:80, 100.244.46.170:8080, 103.152.118.20:1234, 103.90.177.102:1234, 104.21.75.20:443, 108.179.63.175:80, 108.179.63.175:8080, 11.113.14.81:80, 11.113.14.81:8080, 11.210.225.42:80, 11.210.225.42:8080, 111.53.11.130:1234, 114.179.94.89:80, 114.179.94.89:8080, 12.133.27.234:80, 12.133.27.234:8080, 124.229.132.128:80, 124.229.132.128:8080, 133.228.124.21:80, 133.228.124.21:8080, 139.209.222.134:1234, 147.182.233.56:1234, 148.145.28.111:80, 148.145.28.111:8080, 153.187.185.161:80, 158.81.123.92:80, 158.81.123.92:8080, 161.107.113.27:1234, 161.70.98.32:1234, 163.182.160.117:80, 163.182.160.117:8080, 163.198.216.208:80, 163.198.216.208:8080, 168.190.104.17:80, 168.190.104.17:8080, 172.67.210.60:443, 175.132.164.167:80, 175.132.164.167:8080, 184.83.112.246:1234, 185.210.144.122:1234, 190.12.120.30:1234, 190.60.239.44:1234, 192.10.218.94:80, 192.10.218.94:8080, 20.141.185.205:1234, 206.189.25.255:1234, 21.162.39.50:80, 21.162.39.50:8080, 210.118.227.22:80, 211.118.215.155:80, 211.118.215.155:8080, 212.174.95.109:80, 212.174.95.109:8080, 220.102.37.142:80, 220.102.37.142:8080, 220.243.148.80:1234, 221.88.148.84:80, 223.171.91.149:1234, 223.171.91.191:1234, 223.182.26.163:80, 223.182.26.163:8080, 243.118.193.209:80, 243.118.193.209:8080, 247.54.191.188:80, 3.241.140.175:80, 3.241.140.175:8080, 34.160.69.117:80, 34.160.69.117:8080, 35.59.237.118:80, 35.59.237.118:8080, 39.175.68.100:1234, 45.120.216.114:1234, 50.4.69.5:80, 50.4.69.5:8080, 51.159.19.47:1234, 51.75.146.174:443, 59.3.186.45:1234, 61.77.105.219:1234, 68.134.150.195:80, 68.134.150.195:8080, 8.15.224.214:80, 8.15.224.214:8080, 80.147.162.151:1234, 82.66.5.84:1234, 89.212.123.191:1234, 9.9.100.184:80 and 9.9.100.184:8080 |
Outgoing Connection |
|
Process /dev/shm/apache2 started listening on ports: 1234, 8087 and 8186 |
Listening |
|
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 80 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 28 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies