IP Address: 42.202.132.6Malicious
IP Address: 42.202.132.6Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SMB |
|
Tags |
SMB Access Suspicious Domain Outgoing Connection Service Deletion Service Creation SMB Null Session Login CMD MSRPC Successful SMB Login Service Start Successful MSRPC Login |
|
Associated Attack Servers |
121.in-addr.arpa 163data.com.cn bracnet.net had.wf hinet.net lstn.net 1.197.79.9 5.202.190.172 14.99.81.181 37.221.206.206 41.207.250.110 41.233.188.199 45.66.8.143 45.187.92.49 61.178.26.173 61.190.15.81 61.222.155.49 95.182.15.54 103.39.232.58 103.107.188.9 111.42.237.27 112.26.206.35 113.167.42.238 113.205.46.242 114.31.43.210 115.127.5.12 117.146.23.202 121.22.124.78 122.224.237.117 123.25.146.152 123.59.7.46 123.59.195.147 134.175.55.34 146.190.121.55 159.89.31.59 |
|
IP Address |
42.202.132.6 |
|
|
Domain |
- |
|
|
ISP |
- |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2023-05-10 |
|
Last seen in Akamai Guardicore Segmentation |
2024-02-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SMB with the following username: administrator - Authentication policy: Reached Max Attempts |
Successful SMB Login |
|
A user logged in using SMB with the following username: administrator - Authentication policy: Previously Approved User 2 times |
Successful SMB Login |
|
c:\windows\system32\services.exe installed and started mshta.exe as a service named AC07 under service group None |
Service Start Service Creation |
|
Service MSIServer was started |
Service Start |
|
Process c:\windows\system32\msiexec.exe generated outgoing network traffic to: 206.189.97.95:19135, 208.115.193.38:11014 and 42.202.132.6:16699 |
Outgoing Connection |
|
Process c:\windows\system32\msiexec.exe attempted to access suspicious domains: lstn.net |
Access Suspicious Domain Outgoing Connection |
|
A user logged in using MSRPC from COMUNITARIA-02 with the following username: administrator - Authentication policy: Previously Approved User 2 times |
Successful MSRPC Login |
|
c:\windows\system32\services.exe installed and started mshta.exe as a service named AC01 under service group None |
Service Start Service Creation |
|
Connection was closed due to user inactivity |
|
© 2023 Akamai Technologies
