IP Address: 42.247.7.40Previously Malicious
IP Address: 42.247.7.40Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Access Suspicious Domain SSH New SSH Key Successful SSH Login Executable File Modification Download and Execute Outgoing Connection |
Associated Attack Servers |
34.236.80.17 36.155.10.103 39.105.175.226 39.107.228.6 42.49.119.38 47.52.62.133 47.56.108.23 47.56.189.124 47.56.225.121 47.75.128.105 47.89.212.240 47.104.150.36 47.107.73.38 47.244.8.87 47.244.198.252 49.232.28.144 49.232.132.91 49.234.122.134 60.248.152.189 66.171.248.178 68.183.186.25 85.154.68.75 101.255.130.41 103.1.237.148 103.27.42.84 103.71.76.45 104.129.129.64 106.12.154.49 114.113.63.101 |
IP Address |
42.247.7.40 |
|
Domain |
- |
|
ISP |
China Education and Research Network Center |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-26 |
Last seen in Akamai Guardicore Segmentation |
2020-05-26 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ********* - Authentication policy: White List |
Successful SSH Login |
Executable file /usr/bin/adgrsv was modified 9 times |
Executable File Modification |
The file /usr/bin/adgrsv was downloaded and executed 32 times |
Download and Execute |
Process /usr/bin/adgrsv generated outgoing network traffic to: 1.1.1.1:53, 101.255.130.41:43927, 103.1.237.148:37997, 103.27.42.84:60584, 103.71.76.45:32821, 104.129.129.64:19131, 106.12.154.49:45588, 114.113.63.101:44040, 116.202.244.153:80, 119.9.77.75:38201, 121.199.2.49:33085, 123.194.80.148:46002, 123.206.42.92:34275, 123.252.163.118:47339, 129.28.203.99:36293, 139.162.219.43:39161, 154.83.15.227:40198, 172.105.54.84:38825, 176.58.123.25:80, 182.61.13.176:45574, 202.91.33.98:14587, 204.237.142.146:80, 208.67.222.222:443, 216.239.32.21:80, 216.239.36.21:80, 34.236.80.17:80, 36.155.10.103:35094, 39.105.175.226:26322, 39.107.228.6:33479, 42.49.119.38:44767, 47.104.150.36:40391, 47.107.73.38:42174, 47.244.198.252:37079, 47.244.198.252:40255, 47.244.8.87:43070, 47.52.62.133:38957, 47.56.108.23:41005, 47.56.189.124:42290, 47.56.225.121:45621, 47.75.128.105:39850, 47.89.212.240:44557, 49.232.132.91:45259, 49.232.28.144:42465, 49.234.122.134:36241, 60.248.152.189:60199, 66.171.248.178:80, 68.183.186.25:8000 and 85.154.68.75:33912 |
Outgoing Connection |
Process /usr/bin/adgrsv attempted to access suspicious domains: 123-tataidc.co.in, hybs-pro.net, icanhazip.com, kbronet.com.tw and one.one |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|
An attempt to download /root/.ssh/authorized_keys was made 25 times |
New SSH Key |