IP Address: 14.48.7.213Previously Malicious
IP Address: 14.48.7.213Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Access Suspicious Domain SSH New SSH Key Successful SSH Login Download and Execute Outgoing Connection |
Associated Attack Servers |
39.98.201.31 47.95.196.235 47.100.30.15 47.107.59.45 47.244.198.252 62.60.207.137 68.183.186.25 106.13.59.97 110.164.183.181 122.51.80.103 123.178.246.50 134.175.19.191 208.67.222.222 223.203.98.179 |
IP Address |
14.48.7.213 |
|
Domain |
- |
|
ISP |
Korea Telecom |
|
Country |
Korea, Republic of |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-04-04 |
Last seen in Akamai Guardicore Segmentation |
2020-05-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Reached Max Attempts |
Successful SSH Login |
The file /usr/bin/aiidxp was downloaded and executed 44 times |
Download and Execute |
Process /usr/bin/aiidxp generated outgoing network traffic to: 1.1.1.1:53, 106.13.59.97:41828, 110.164.183.181:40998, 122.51.80.103:41957, 123.178.246.50:10896, 134.175.19.191:39028, 208.67.222.222:443, 223.203.98.179:34033, 39.98.201.31:44290, 47.100.30.15:40330, 47.107.59.45:39640, 47.244.198.252:37079, 47.95.196.235:38473, 62.60.207.137:39221 and 68.183.186.25:8000 |
Outgoing Connection |
Process /usr/bin/aiidxp attempted to access suspicious domains: one.one |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|
An attempt to download /root/.ssh/authorized_keys was made 25 times |
New SSH Key |