IP Address: 208.109.37.82Previously Malicious
IP Address: 208.109.37.82Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
208.109.37.82 |
|
Domain |
- |
|
ISP |
GoDaddy.com, LLC |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-25 |
Last seen in Akamai Guardicore Segmentation |
2022-09-07 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.200.140.206:22, 101.211.148.5:22, 104.21.25.86:443, 115.153.209.95:22, 120.203.4.110:2222, 124.222.13.124:1234, 137.174.230.168:2222, 138.146.205.19:80, 138.146.205.19:8080, 142.23.212.106:2222, 152.175.179.200:80, 152.175.179.200:8080, 155.202.110.77:80, 155.202.110.77:8080, 158.174.158.60:80, 158.174.158.60:8080, 168.64.61.156:80, 168.64.61.156:8080, 17.18.77.77:80, 17.18.77.77:8080, 17.244.61.22:2222, 172.67.133.228:443, 179.171.61.92:80, 179.171.61.92:8080, 181.60.26.185:2222, 190.245.198.183:80, 190.245.198.183:8080, 191.242.188.103:1234, 199.168.34.125:80, 199.168.34.125:8080, 2.112.250.232:80, 2.112.250.232:8080, 20.195.231.146:1234, 202.172.30.215:80, 202.172.30.215:8080, 207.79.39.247:80, 207.79.39.247:8080, 208.109.37.82:1234, 214.133.253.221:80, 214.133.253.221:8080, 215.117.195.122:80, 215.117.195.122:8080, 221.24.196.217:22, 221.9.50.215:2222, 240.137.88.91:80, 240.137.88.91:8080, 241.136.110.106:80, 241.136.110.106:8080, 243.134.85.29:80, 243.134.85.29:8080, 247.147.122.31:80, 247.147.122.31:8080, 249.5.181.60:80, 249.5.181.60:8080, 37.91.142.200:2222, 48.211.4.40:80, 48.211.4.40:8080, 51.75.146.174:443, 52.140.42.216:1234, 52.208.184.40:80, 52.208.184.40:8080, 53.213.44.21:22, 54.99.251.85:80, 54.99.251.85:8080, 63.220.190.103:80, 63.220.190.103:8080, 72.154.42.238:80, 72.154.42.238:8080, 75.61.206.92:2222, 76.109.67.64:2222, 77.167.19.98:1234, 78.137.29.132:80, 78.137.29.132:8080, 82.36.140.174:80, 82.36.140.174:8080, 83.124.138.211:80, 83.124.138.211:8080, 83.227.20.33:2222, 86.104.30.2:80, 86.104.30.2:8080, 87.101.69.211:1234, 9.56.50.210:80, 9.56.50.210:8080, 91.11.172.224:80, 91.11.172.224:8080, 98.198.61.59:80, 98.198.61.59:8080, 98.251.116.83:80 and 98.251.116.83:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8083 and 8185 |
Listening |
Process /dev/shm/apache2 attempted to access suspicious domains: bbtec.net, conecttelecom.com.br, kpn.net and leon.com.pl |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 10 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|