IP Address: 171.37.16.247Previously Malicious
IP Address: 171.37.16.247Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SCP SSH |
|
Tags |
SSH SCP Superuser Operation Download and Allow Execution Successful SSH Login Download and Execute Download File |
|
Associated Attack Servers |
|
IP Address |
171.37.16.247 |
|
|
Domain |
- |
|
|
ISP |
China Unicom Liaoning |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-10-06 |
|
Last seen in Akamai Guardicore Segmentation |
2022-10-09 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password 3 times |
Successful SSH Login |
|
A possibly malicious Superuser Operation was detected 4 times |
Superuser Operation |
|
The file /root/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /root/apache2 was downloaded and executed 19 times |
Download and Execute |
|
Process /var/tmp/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /var/tmp/ifconfig scanned port 1234 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /var/tmp/ifconfig scanned port 1234 on 19 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /var/tmp/ifconfig scanned port 80 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /var/tmp/ifconfig scanned port 8080 on 26 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /root/ifconfig scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
|
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
|
Process /bin/nc.openbsd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
|
Process /bin/bash scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
|
Process /usr/sbin/sshd scanned port 1234 on 26 IP Addresses |
Port 1234 Scan |
|
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
|
The file /var/tmp/apache2 was downloaded and executed 184 times |
Download and Execute |
|
Process /root/ifconfig generated outgoing network traffic to: 150.107.95.20:1234 and 161.70.98.32:1234 |
|
|
Process /root/ifconfig started listening on ports: 1234, 8085 and 8184 |
Listening |
|
Process /var/tmp/ifconfig generated outgoing network traffic to: 101.246.106.176:80, 103.152.118.20:1234, 103.90.177.102:1234, 104.122.144.71:80, 104.122.144.71:8080, 12.22.164.252:80, 12.22.164.252:8080, 123.132.238.210:1234, 124.115.231.214:1234, 131.190.11.65:80, 136.230.90.10:80, 141.253.21.120:80, 141.253.21.120:8080, 161.107.113.34:1234, 161.35.79.199:1234, 161.70.98.32:1234, 165.251.94.24:80, 165.251.94.24:8080, 17.14.167.239:80, 17.14.167.239:8080, 172.64.162.15:443, 172.64.163.15:443, 178.174.203.224:80, 181.174.199.113:80, 181.174.199.113:8080, 181.233.149.3:80, 181.233.149.3:8080, 183.213.26.13:1234, 184.177.2.20:80, 184.177.2.20:8080, 187.194.234.86:80, 190.138.240.233:1234, 190.60.239.44:1234, 199.230.40.154:80, 202.61.203.229:1234, 204.137.125.194:80, 204.137.125.194:8080, 206.189.25.255:1234, 207.173.26.1:80, 208.115.188.191:80, 208.115.188.191:8080, 211.94.232.108:80, 211.94.232.108:8080, 212.57.36.20:1234, 214.62.191.102:80, 222.103.98.58:1234, 222.134.240.92:1234, 223.171.91.127:1234, 243.8.57.8:80, 243.80.55.8:80, 243.80.55.8:8080, 33.152.17.14:80, 33.152.17.14:8080, 43.242.247.139:1234, 43.67.70.207:80, 44.68.163.19:80, 45.120.216.114:1234, 46.73.110.141:80, 46.73.110.141:8080, 51.159.19.47:1234, 51.75.146.174:443, 52.131.32.110:1234, 55.221.145.223:80, 55.221.145.223:8080, 58.241.79.138:80, 58.241.79.138:8080, 59.3.186.45:1234, 60.81.207.51:80, 68.74.76.204:80, 72.35.27.246:80, 72.35.27.246:8080, 84.236.96.124:80, 84.236.96.124:8080, 85.249.219.128:80, 85.249.219.128:8080, 86.133.233.66:1234 and 94.153.165.43:1234 |
Outgoing Connection |
|
Process /var/tmp/ifconfig started listening on ports: 1234, 8083 and 8186 |
Listening |
|
Process /var/tmp/ifconfig scanned port 80 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /var/tmp/ifconfig scanned port 80 on 19 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /var/tmp/ifconfig scanned port 8080 on 32 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /var/tmp/ifconfig scanned port 8080 on 19 IP Addresses |
Port 1234 Scan Port 80 Scan Port 8080 Scan |
|
Process /usr/local/mysql/bin/mysqld started listening on ports: 3306 3 times |
Listening |
|
Process /lib/systemd/systemd started listening on ports: 80 |
Listening |
|
Connection was closed due to timeout |
|
© 2023 Akamai Technologies