Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 177.47.193.74Previously Malicious

IP Address: 177.47.193.74Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Scanner

Services Targeted

RDP SMB

Tags

CMD SMB Null Session Login Service Creation DNS Query SMB Access Suspicious Domain IDS - A Network Trojan was detected Service Start Outgoing Connection

Associated Attack Servers

2542116.fls.doubleclick.net 3ade021432102f6e500559858e8ccdff.clo.footprintdns.com 446f9f271a2c0339216a0ced7697dc37.clo.footprintdns.com adncdnend.azureedge.net apis.google.com bat.bing.com cdn.adapex.io cdnjs.cloudflare.com crl.pki.goog crl.rootca1.amazontrust.com ctldl.windowsupdate.com d42e7393ad132d9ea4e1d7bf9bd4ae36.clo.footprintdns.com embed.sendtonews.com f9ec503f032a326f88ab912b52bd76d4.clo.footprintdns.com fonts.googleapis.com fonts.gstatic.com fp.msedge.net google.protopower.icu img-s-msn-com.akamaized.net login.live.com login.microsoftonline.com ocsp.pki.goog ocsp.rootca1.amazontrust.com ocsp.sectigo.com o.ss2.us parking2.parklogic.com parklogic.com pki.goog raka.bing.com simcast.com

72.52.178.23 104.28.22.25 105.112.38.181 110.185.171.182 177.52.196.146 179.189.250.121 188.17.158.240 188.169.2.195 195.181.163.8 197.211.52.76 202.142.167.188

Basic Information

IP Address

177.47.193.74

Domain

-

ISP

Pontenet Teleinformática Ltda.

Country

Brazil

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2017-06-29

Last seen in Akamai Guardicore Segmentation

2021-02-10

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

IDS detected A Network Trojan was detected : ETERNALBLUE Probe Vulnerable System Response MS17-010

IDS - A Network Trojan was detected

Service XKRu was created and started

Service Start Service Creation

Process c:\windows\system32\regsvr32.exe attempted to access suspicious domains: img.vim-cn.com

DNS Query Access Suspicious Domain Outgoing Connection

Process c:\windows\system32\regsvr32.exe generated outgoing network traffic to: 104.28.22.25:443

Outgoing Connection

Connection was closed due to user inactivity