IP Address: 13.72.72.75Previously Malicious
IP Address: 13.72.72.75Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
New SSH Key Executable File Modification SSH SSH Brute Force Outgoing Connection Access Suspicious Domain Successful SSH Login Download and Execute |
Associated Attack Servers |
42.62.6.200 103.7.43.237 103.29.119.125 107.170.192.159 111.229.97.20 111.229.188.24 111.231.255.200 116.255.177.198 118.24.21.150 120.24.207.170 139.224.221.17 148.70.38.13 208.67.222.222 211.110.1.206 |
IP Address |
13.72.72.75 |
|
Domain |
- |
|
ISP |
Microsoft Corporation |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-08-25 |
Last seen in Akamai Guardicore Segmentation |
2020-10-16 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****************** - Authentication policy: Reached Max Attempts (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
Executable file /usr/bin/bghovh was modified 9 times |
Executable File Modification |
The file /usr/bin/bghovh was downloaded and executed 45 times |
Download and Execute |
Process /usr/bin/bghovh generated outgoing network traffic to: 1.1.1.1:53, 103.29.119.125:22969, 103.7.43.237:44478, 107.170.192.159:8000, 111.229.188.24:40101, 111.229.97.20:44019, 111.231.255.200:41137, 116.255.177.198:39401, 118.24.21.150:42797, 120.24.207.170:38001, 139.224.221.17:57422, 148.70.38.13:41448, 208.67.222.222:443, 211.110.1.206:42809 and 42.62.6.200:41960 |
Outgoing Connection |
Process /usr/bin/bghovh attempted to access suspicious domains: one.one and usib.tv |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|
An attempt to download /root/.ssh/authorized_keys was made 25 times |
New SSH Key |