IP Address: 103.172.204.9Previously Malicious
IP Address: 103.172.204.9Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Superuser Operation Listening 7 Shell Commands Outgoing Connection Access Suspicious Domain Port 2222 Scan Successful SSH Login Port 22 Scan SSH |
|
Associated Attack Servers |
|
IP Address |
103.172.204.9 |
|
|
Domain |
- |
|
|
ISP |
- |
|
|
Country |
- |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2021-12-17 |
|
Last seen in Akamai Guardicore Segmentation |
2022-02-03 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
|
Process /dev/shm/ifconfig scanned port 22 on 45 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /dev/shm/ifconfig scanned port 22 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /dev/shm/ifconfig scanned port 2222 on 45 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /dev/shm/ifconfig started listening on ports: 1234 and 8084 |
Listening |
|
Process /dev/shm/ifconfig generated outgoing network traffic to: 101.34.16.17:1234, 101.89.100.176:2222, 104.193.125.109:2222, 107.225.196.37:2222, 119.127.242.52:2222, 119.174.113.45:2222, 120.178.101.190:2222, 125.85.83.252:2222, 129.245.27.130:22, 129.245.27.130:2222, 13.252.134.153:2222, 13.99.231.206:22, 134.51.81.230:2222, 137.172.249.172:2222, 137.25.183.79:2222, 138.55.57.166:2222, 139.77.143.103:2222, 145.29.22.169:2222, 148.192.113.108:22, 148.227.190.66:22, 152.139.32.123:22, 161.210.10.250:22, 165.127.51.133:22, 166.133.5.100:2222, 176.58.84.148:2222, 177.81.71.73:22, 178.247.184.55:2222, 18.102.75.82:2222, 183.169.181.237:22, 184.111.169.192:22, 188.18.132.113:2222, 188.86.51.17:2222, 190.252.173.229:22, 198.234.174.23:22, 202.226.149.170:2222, 203.241.114.51:22, 213.76.252.96:2222, 215.141.80.244:22, 215.4.40.193:22, 220.144.30.81:22, 220.80.98.71:2222, 222.168.234.112:22, 222.89.75.238:22, 23.76.13.107:22, 240.90.238.232:2222, 242.134.224.144:22, 248.100.157.215:22, 25.71.155.148:22, 251.29.17.37:22, 26.1.224.100:22, 27.94.223.31:2222, 3.113.192.30:22, 34.18.4.152:22, 34.49.4.100:2222, 35.82.86.161:22, 36.49.185.28:22, 38.179.89.162:2222, 39.77.7.241:2222, 42.207.51.199:22, 42.217.167.8:2222, 43.164.171.107:2222, 44.45.189.95:2222, 48.21.88.222:2222, 51.145.202.167:22, 52.210.201.96:22, 52.243.222.42:2222, 55.32.11.133:22, 55.32.11.133:2222, 60.183.116.111:22, 65.228.113.76:2222, 68.158.221.203:22, 70.112.76.31:22, 70.162.20.38:22, 71.153.69.63:22, 71.159.74.57:22, 77.170.142.99:22, 78.202.126.77:2222, 78.90.205.151:22, 86.252.200.47:22, 87.186.166.217:22, 87.235.101.94:1234, 89.4.184.204:22, 9.237.163.125:2222 and 91.182.83.194:22 |
Outgoing Connection |
|
Process /dev/shm/ifconfig scanned port 2222 on 38 IP Addresses |
Port 22 Scan Port 2222 Scan |
|
Process /dev/shm/ifconfig attempted to access suspicious domains: comunitel.net |
Access Suspicious Domain Outgoing Connection |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies