IP Address: 27.150.62.21Previously Malicious
IP Address: 27.150.62.21Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 8080 Scan 3 Shell Commands SSH Superuser Operation Port 80 Scan Successful SSH Login Outgoing Connection Access Suspicious Domain Listening |
|
Associated Attack Servers |
1.116.42.111 3.126.158.219 13.158.98.48 16.40.89.246 24.46.220.50 43.246.44.174 56.60.46.251 84.204.148.99 87.102.140.2 88.90.24.193 90.70.39.207 101.42.90.177 101.43.115.47 119.92.135.54 124.223.72.11 126.35.58.3 128.53.58.78 154.11.251.42 205.39.152.205 206.189.25.255 214.218.21.208 |
|
IP Address |
27.150.62.21 |
|
|
Domain |
- |
|
|
ISP |
China Telecom fujian |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2019-08-18 |
|
Last seen in Akamai Guardicore Segmentation |
2022-04-01 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
Process /dev/shm/apache2 generated outgoing network traffic to: 1.116.42.111:1234, 101.42.90.177:1234, 101.43.115.47:1234, 104.21.25.86:443, 112.248.16.228:80, 112.248.16.228:8080, 114.122.43.140:80, 114.122.43.140:8080, 119.92.135.54:2222, 122.162.129.138:80, 122.162.129.138:8080, 122.90.43.222:80, 122.90.43.222:8080, 123.68.160.2:80, 123.68.160.2:8080, 124.223.72.11:1234, 126.35.58.3:2222, 128.237.162.197:80, 128.237.162.197:8080, 128.53.58.78:22, 13.158.98.48:22, 132.15.204.222:80, 132.15.204.222:8080, 132.83.244.152:80, 132.83.244.152:8080, 146.163.57.54:80, 146.163.57.54:8080, 150.107.95.20:1234, 150.198.220.83:80, 150.198.220.83:8080, 154.11.251.42:22, 16.40.89.246:2222, 162.211.167.132:80, 162.211.167.132:8080, 162.22.45.78:80, 162.22.45.78:8080, 166.30.126.98:80, 166.30.126.98:8080, 172.67.133.228:443, 182.172.14.111:80, 182.172.14.111:8080, 182.86.240.48:80, 182.86.240.48:8080, 184.181.155.158:80, 184.181.155.158:8080, 186.73.42.109:80, 186.73.42.109:8080, 189.36.82.234:80, 189.36.82.234:8080, 199.5.177.166:80, 199.5.177.166:8080, 202.122.43.227:80, 202.122.43.227:8080, 205.39.152.205:2222, 206.189.25.255:1234, 209.220.119.196:80, 209.220.119.196:8080, 214.218.21.208:2222, 219.29.76.127:80, 219.29.76.127:8080, 24.46.220.50:22, 253.193.106.20:80, 253.193.106.20:8080, 3.126.158.219:2222, 34.108.221.52:80, 34.108.221.52:8080, 37.11.136.38:80, 37.11.136.38:8080, 43.246.44.174:2222, 51.75.146.174:443, 54.22.15.60:80, 54.22.15.60:8080, 56.60.46.251:22, 59.192.237.33:80, 59.192.237.33:8080, 71.87.213.29:80, 71.87.213.29:8080, 73.125.181.126:80, 73.125.181.126:8080, 8.69.25.182:80, 8.69.25.182:8080, 84.204.148.99:1234, 87.102.140.2:22, 88.90.24.193:22, 90.70.39.207:22, 93.134.25.85:80, 93.134.25.85:8080, 96.178.231.28:80 and 96.178.231.28:8080 |
Outgoing Connection |
|
Process /dev/shm/apache2 started listening on ports: 1234, 8080 and 8188 |
Listening |
|
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 80 Scan Port 8080 Scan |
|
Process /dev/shm/apache2 attempted to access suspicious domains: nttpc.ne.jp, online.no, optonline.net, panda-world.ne.jp, pldt.net, teleport.ch and wanadoo.fr |
Access Suspicious Domain Outgoing Connection |
|
Connection was closed due to user inactivity |
|
© 2023 Akamai Technologies