IP Address: 101.34.16.17Previously Malicious
IP Address: 101.34.16.17Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
5 Shell Commands Superuser Operation Listening SCP Port 2222 Scan Successful SSH Login Port 22 Scan Port 1234 Scan SSH Download File |
Associated Attack Servers |
comunitel.net heartcareassoc.com myrepublic.co.id 1.119.152.110 50.216.110.195 50.216.208.27 87.235.101.94 94.133.158.230 102.223.37.58 103.172.204.9 104.226.0.82 119.91.218.244 128.199.10.250 158.140.160.214 193.123.244.240 |
IP Address |
101.34.16.17 |
|
Domain |
- |
|
ISP |
Beijing CNISP Technology Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-13 |
Last seen in Akamai Guardicore Segmentation |
2022-01-04 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/ifconfig scanned port 22 on 26 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 26 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 22 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 1234 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 2222 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 22 on 19 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /dev/shm/ifconfig scanned port 1234 on 19 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /bin/bash scanned port 1234 on 38 IP Addresses 2 times |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 38 IP Addresses 2 times |
Port 1234 Scan |
Process /dev/shm/ifconfig started listening on ports: 1234 and 8088 |
Listening |
Process /dev/shm/ifconfig generated outgoing network traffic to: 1.215.124.2:2222, 101.34.179.178:1234, 101.35.138.55:1234, 101.55.207.9:22, 103.90.177.102:1234, 106.41.147.209:22, 109.191.251.214:1234, 112.237.102.59:2222, 117.62.205.181:1234, 119.29.194.232:1234, 119.45.216.61:1234, 120.236.78.194:1234, 120.36.163.183:1234, 121.53.22.40:22, 136.26.130.29:1234, 139.99.124.25:1234, 142.194.35.84:2222, 143.42.244.229:22, 15.184.75.217:1234, 15.77.75.219:22, 158.140.160.214:1234, 159.32.134.142:2222, 160.236.241.234:22, 163.197.16.123:1234, 163.197.8.123:1234, 167.100.82.110:1234, 172.12.64.111:22, 172.196.176.55:22, 172.65.26.211:2222, 176.119.50.93:1234, 177.128.213.102:22, 177.177.40.30:22, 179.50.160.80:1234, 182.199.177.14:2222, 183.151.94.173:1234, 183.252.37.188:1234, 185.230.138.104:1234, 186.115.57.53:22, 191.168.203.171:22, 193.8.4.44:1234, 2.233.234.162:22, 202.186.131.149:22, 203.18.132.82:22, 205.159.215.16:2222, 210.120.209.101:2222, 215.33.202.226:22, 218.91.150.93:1234, 220.20.130.122:22, 223.171.79.71:1234, 241.80.186.169:2222, 243.16.34.224:2222, 28.190.60.55:2222, 3.138.162.152:1234, 3.139.61.138:1234, 3.141.14.24:1234, 31.25.51.132:1234, 31.54.164.172:22, 37.211.162.102:2222, 41.106.79.203:2222, 41.77.174.48:22, 43.204.53.117:22, 43.82.142.192:22, 50.217.22.2:1234, 50.228.141.102:1234, 51.123.162.146:22, 54.218.118.119:1234, 61.199.239.181:2222, 62.146.90.15:22, 67.169.155.213:1234, 75.80.236.65:2222, 76.44.66.213:2222, 79.175.151.220:1234, 8.210.0.70:1234, 80.147.130.33:22, 84.36.86.43:2222, 87.103.120.149:1234, 90.85.221.234:2222, 94.133.158.230:1234, 96.185.196.24:2222 and 97.251.41.178:22 |
|
Process /dev/shm/ifconfig scanned port 2222 on 19 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Connection was closed due to timeout |
|