IP Address: 5.36.53.140Previously Malicious
IP Address: 5.36.53.140Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
New SSH Key Access Suspicious Domain SSH Download and Execute Successful SSH Login Outgoing Connection |
Associated Attack Servers |
34.192.250.175 45.63.66.221 47.75.87.139 47.91.234.92 47.93.85.225 47.93.206.19 47.93.226.60 47.94.83.63 47.94.101.75 47.95.145.40 47.101.209.202 47.102.102.46 47.103.13.108 47.105.184.110 47.244.163.224 60.248.152.189 64.225.50.109 66.171.248.178 103.112.104.247 111.229.218.123 116.202.244.153 118.25.185.160 120.25.243.182 120.26.241.5 120.27.228.61 120.55.165.126 120.79.253.132 121.40.33.33 121.42.15.204 |
IP Address |
5.36.53.140 |
|
Domain |
- |
|
ISP |
Omantel |
|
Country |
Oman |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-18 |
Last seen in Akamai Guardicore Segmentation |
2020-05-18 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ********* - Authentication policy: Reached Max Attempts |
Successful SSH Login |
The file /usr/bin/xuivsq was downloaded and executed 46 times |
Download and Execute |
Process /usr/bin/xuivsq generated outgoing network traffic to: 1.1.1.1:53, 103.112.104.247:44333, 111.229.218.123:38121, 116.202.244.153:80, 118.25.185.160:33847, 120.25.243.182:16037, 120.26.241.5:45888, 120.27.228.61:42082, 120.55.165.126:54393, 120.79.253.132:41411, 121.158.190.83:51246, 121.40.33.33:40125, 121.42.15.204:46441, 122.51.68.129:39723, 123.207.35.108:33944, 123.57.66.202:39122, 124.234.194.204:42585, 125.129.189.251:36763, 129.204.112.162:35434, 129.211.125.26:20691, 132.232.40.86:40215, 139.224.54.182:37175, 139.59.83.109:45552, 140.143.28.242:42361, 167.71.161.144:46391, 176.58.123.25:80, 182.61.13.176:45574, 182.92.234.97:44698, 202.5.21.4:8000, 204.237.142.122:80, 208.67.222.222:443, 216.239.32.21:80, 216.239.34.21:80, 222.216.247.143:48465, 222.92.142.58:36941, 223.203.98.179:34033, 34.192.250.175:80, 45.63.66.221:44147, 47.101.209.202:39299, 47.102.102.46:38079, 47.103.13.108:35622, 47.105.184.110:37517, 47.244.163.224:35937, 47.75.87.139:40743, 47.91.234.92:39765, 47.93.206.19:45017, 47.93.226.60:35291, 47.93.85.225:45972, 47.94.101.75:38179, 47.94.83.63:40134, 47.95.145.40:39148, 60.248.152.189:60199, 64.225.50.109:41831 and 66.171.248.178:80 |
Outgoing Connection |
Process /usr/bin/xuivsq attempted to access suspicious domains: icanhazip.com and one.one |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|
An attempt to download /root/.ssh/authorized_keys was made 25 times |
New SSH Key |