IP Address: 171.22.30.31Previously Malicious
IP Address: 171.22.30.31Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Outgoing Connection 20 Shell Commands Download Operation SSH Read Password Secrets SSH Brute Force Superuser Operation Port 22 Scan Successful SSH Login Failed SSH Login System File Modification Kill Process |
Associated Attack Servers |
1.13.187.67 1.15.138.95 1.116.46.30 1.117.167.158 14.116.206.92 14.146.92.3 36.40.95.25 36.46.157.53 36.93.83.5 36.133.66.241 42.192.123.133 43.138.37.170 43.138.43.168 43.138.103.194 43.138.129.52 43.138.239.207 43.139.7.142 43.139.56.88 43.139.113.230 43.140.245.90 43.142.40.130 43.142.87.223 43.142.245.166 43.143.35.137 43.143.67.17 43.143.138.155 43.143.152.191 45.89.127.134 45.119.132.191 49.232.165.234 |
IP Address |
171.22.30.31 |
|
Domain |
- |
|
ISP |
Mayak Smart Services Ltd. |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-10-07 |
Last seen in Akamai Guardicore Segmentation |
2022-11-28 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ******** - Authentication policy: White List (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
A user logged in using SSH with the following credentials: root / ******** - Authentication policy: Correct Password (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
A possibly malicious Superuser Operation was detected 4 times |
Download Operation Kill Process Superuser Operation |
System file /etc/nshadow was modified 36 times |
System File Modification |
A possibly malicious Kill Process was detected 2 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Download Operation was detected 2 times |
Download Operation Kill Process Superuser Operation |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
A possibly malicious Superuser Operation was detected 4 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Kill Process was detected 2 times |
Download Operation Kill Process Superuser Operation |
Process /dev/shm/ksmdr generated outgoing network traffic to: 142.202.242.43:80 |
Outgoing Connection |
A possibly malicious Download Operation was detected 10 times |
Download Operation Kill Process Superuser Operation |
Process /usr/bin/wget generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:57388 |
Outgoing Connection |
Process /usr/bin/wget generated outgoing network traffic to: 171.22.30.31:80 2 times |
Outgoing Connection |
Process /dev/shm/ksmdr generated outgoing network traffic to: 142.202.242.43:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 101.119.175.196:22, 101.176.34.138:22, 106.79.185.37:22, 107.84.165.115:22, 11.215.7.246:22, 111.205.80.190:22, 117.190.245.186:22, 123.199.217.74:22, 126.134.29.142:22, 126.195.250.88:22, 130.62.217.99:22, 133.36.71.62:22, 136.151.67.177:22, 136.216.169.51:22, 149.248.204.61:22, 150.97.33.49:22, 156.16.190.163:22, 159.16.237.208:22, 162.223.155.134:22, 165.105.190.42:22, 166.212.71.135:22, 167.58.52.103:22, 170.12.175.77:22, 171.22.30.31:45833, 171.22.30.31:80, 172.196.224.141:22, 172.217.5.14:80, 174.115.110.76:22, 18.203.58.18:22, 180.91.43.169:22, 184.144.249.164:22, 184.46.223.185:22, 186.182.208.142:22, 186.72.216.94:22, 189.185.60.154:22, 196.195.189.136:22, 196.22.62.50:22, 196.33.130.42:22, 199.207.248.82:22, 200.189.76.16:22, 200.71.194.92:22, 204.197.130.81:22, 205.35.27.128:22, 206.253.247.189:22, 207.239.119.206:22, 210.184.123.65:22, 213.225.31.168:22, 216.7.174.97:22, 219.85.84.181:22, 240.66.143.117:22, 242.76.54.120:22, 243.246.159.209:22, 245.103.157.235:22, 247.169.219.245:22, 249.104.89.20:22, 249.193.112.33:22, 249.24.106.159:22, 250.146.115.85:22, 26.252.14.195:22, 27.15.188.137:22, 28.108.142.155:22, 29.97.169.167:22, 3.87.42.216:22, 32.238.54.213:22, 34.82.190.91:22, 36.17.16.218:22, 39.239.189.227:22, 4.204.242.45:22, 43.99.87.44:22, 44.178.252.202:22, 49.190.216.243:22, 50.76.197.3:22, 51.160.113.55:22, 52.66.31.4:22, 53.106.225.170:22, 54.17.246.193:22, 57.226.210.162:22, 66.151.52.59:22, 66.208.152.88:22, 73.36.28.112:22, 78.24.116.136:22, 80.233.198.210:22, 82.253.142.66:22, 86.181.69.224:22, 88.116.1.124:22, 88.64.109.147:22, 9.210.178.146:22, 91.108.6.146:22, 92.246.116.69:22, 95.198.30.238:22 and 98.112.232.146:22 |
Outgoing Connection |
Process /bin/bash scanned port 22 on 88 IP Addresses |
Port 22 Scan |
Connection was closed due to user inactivity |
|