IP Address: 52.130.81.35Previously Malicious
IP Address: 52.130.81.35Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
New SSH Key SSH SSH Brute Force Outgoing Connection Access Suspicious Domain Successful SSH Login Download and Execute |
Associated Attack Servers |
14.29.196.126 23.55.220.59 39.105.187.175 47.95.196.235 47.104.252.215 49.232.99.199 49.232.163.176 49.233.189.198 49.234.62.76 49.234.122.134 49.234.197.216 50.19.206.143 66.171.248.178 68.183.186.25 106.52.133.125 106.53.52.246 106.53.74.231 106.53.108.192 106.54.0.80 111.229.242.150 111.230.251.247 111.231.84.107 111.231.197.120 115.159.220.112 116.202.55.106 118.24.18.164 118.25.98.162 119.27.166.148 119.29.2.120 |
IP Address |
52.130.81.35 |
|
Domain |
- |
|
ISP |
Shanghai Blue Cloud Technology Co.,Ltd |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-04-12 |
Last seen in Akamai Guardicore Segmentation |
2020-07-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Reached Max Attempts (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
The file /usr/bin/dahdzu was downloaded and executed 46 times |
Download and Execute |
Process /usr/bin/dahdzu generated outgoing network traffic to: 1.1.1.1:53, 106.52.133.125:46139, 106.53.108.192:43137, 106.53.52.246:46863, 106.53.74.231:35899, 106.54.0.80:34630, 111.229.242.150:38398, 111.230.251.247:34911, 111.231.197.120:43572, 111.231.84.107:36662, 115.159.220.112:47655, 116.202.55.106:80, 118.24.18.164:43215, 118.25.98.162:42895, 119.27.166.148:36185, 119.29.2.120:34462, 120.77.50.237:24880, 120.77.57.50:35523, 120.92.104.149:28127, 122.51.80.13:42906, 122.51.88.172:33873, 123.206.18.36:32337, 123.207.3.213:34072, 129.204.103.141:41826, 139.155.17.53:43568, 139.155.74.38:40090, 14.29.196.126:38630, 140.143.240.59:39080, 149.129.103.50:44894, 175.24.22.178:46074, 176.58.123.25:80, 180.108.64.5:44619, 208.67.222.222:443, 212.129.154.177:37965, 212.64.34.108:44629, 216.239.32.21:80, 216.239.34.21:80, 218.201.70.103:30524, 219.149.105.246:37338, 223.203.98.166:34195, 23.55.220.59:80, 39.105.187.175:44963, 47.104.252.215:6081, 47.95.196.235:35381, 49.232.163.176:41405, 49.232.99.199:44956, 49.233.189.198:32949, 49.234.122.134:36241, 49.234.197.216:40909, 49.234.62.76:45949, 50.19.206.143:80, 66.171.248.178:80 and 68.183.186.25:8000 |
Outgoing Connection |
Process /usr/bin/dahdzu attempted to access suspicious domains: icanhazip.com, ident.me and one.one |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|
An attempt to download /root/.ssh/authorized_keys was made 25 times |
New SSH Key |