IP Address: 82.200.244.154Previously Malicious
IP Address: 82.200.244.154Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
82.200.244.154 |
|
Domain |
- |
|
ISP |
JSC Kazakhtelecom |
|
Country |
Kazakhstan |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-02-23 |
Last seen in Akamai Guardicore Segmentation |
2022-04-20 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
The file /tmp/apache2 was downloaded and executed 22 times |
Download and Execute |
Process /tmp/apache2 scanned port 22 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 80 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 8080 on 11 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 generated outgoing network traffic to: 1.1.1.1:443, 103.152.37.54:1234, 103.174.114.217:1234, 104.21.25.86:443, 104.78.180.69:80, 104.78.180.69:8080, 104.78.180.69:8090, 107.173.84.130:1234, 120.136.134.153:1234, 129.237.219.87:80, 129.237.219.87:8080, 132.11.132.98:22, 136.105.211.196:80, 136.105.211.196:8080, 137.123.60.36:80, 137.123.60.36:8080, 141.10.249.148:80, 141.10.249.148:8080, 142.250.191.228:443, 153.122.181.237:80, 153.122.181.237:8080, 154.232.30.77:80, 154.232.30.77:8080, 165.77.82.253:80, 165.77.82.253:8080, 167.167.15.55:80, 167.167.15.55:8080, 167.184.187.135:22, 168.156.182.230:80, 168.156.182.230:8080, 188.171.204.94:80, 188.171.204.94:8080, 19.38.90.231:80, 19.38.90.231:8080, 192.9.88.239:80, 192.9.88.239:8080, 193.128.198.236:22, 195.252.159.75:80, 195.252.159.75:8080, 196.84.223.97:22, 204.218.31.138:22, 205.50.120.140:80, 205.50.120.140:8080, 207.169.34.157:80, 207.169.34.157:8080, 212.104.114.151:22, 217.10.80.148:80, 217.10.80.148:8080, 222.51.194.171:80, 222.51.194.171:8080, 240.85.18.205:22, 241.230.134.180:80, 241.230.134.180:8080, 245.71.15.47:80, 245.71.15.47:8080, 247.76.152.1:2222, 251.117.202.245:80, 251.117.202.245:8080, 251.99.26.231:22, 29.157.196.97:80, 29.157.196.97:8080, 29.87.113.187:80, 29.87.113.187:8080, 35.138.2.252:80, 35.138.2.252:8080, 38.131.124.18:22, 4.39.1.97:80, 4.39.1.97:8080, 40.1.115.158:80, 40.1.115.158:8080, 40.69.192.208:80, 40.69.192.208:8080, 47.113.190.219:1234, 51.75.146.174:443, 62.12.106.6:1234, 62.8.194.2:80, 62.8.194.2:8080, 70.112.31.89:22, 77.197.114.60:80, 77.197.114.60:8080, 8.8.4.4:443, 8.8.8.8:443, 82.200.244.154:1234, 85.24.114.35:80, 85.24.114.35:8080, 97.94.176.43:80, 97.94.176.43:8080, 98.82.169.39:80 and 98.82.169.39:8080 |
Outgoing Connection |
Process /tmp/apache2 started listening on ports: 1234, 8088 and 8181 |
Listening |
Process /tmp/apache2 attempted to access suspicious domains: cloudhost.asia and dsnet |
Access Suspicious Domain Outgoing Connection |
Process /tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to user inactivity |
|