IP Address: 62.234.74.48Previously Malicious
IP Address: 62.234.74.48Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
New SSH Key Access Suspicious Domain SSH Download and Execute Successful SSH Login Outgoing Connection |
Associated Attack Servers |
23.43.56.59 46.101.101.24 47.101.192.165 47.102.195.168 47.240.40.98 49.235.130.36 49.235.136.220 50.116.37.115 52.0.197.231 58.209.253.169 66.171.248.178 103.27.42.46 103.27.42.80 103.230.240.110 106.12.34.149 116.202.244.153 117.73.12.57 117.73.13.13 119.23.132.235 129.211.11.196 132.232.27.83 176.58.123.25 180.101.226.149 206.81.5.154 208.67.222.222 |
IP Address |
62.234.74.48 |
|
Domain |
- |
|
ISP |
Tencent cloud computing |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-14 |
Last seen in Akamai Guardicore Segmentation |
2020-05-14 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ******* - Authentication policy: Reached Max Attempts |
Successful SSH Login |
The file /usr/local/bin/ephzbx was downloaded and executed 38 times |
Download and Execute |
Process /usr/local/bin/ephzbx generated outgoing network traffic to: 1.1.1.1:53, 103.230.240.110:45547, 103.27.42.46:36673, 103.27.42.80:36919, 106.12.34.149:43650, 116.202.244.153:80, 117.73.12.57:43881, 117.73.13.13:37382, 119.23.132.235:44427, 129.211.11.196:41366, 132.232.27.83:37233, 176.58.123.25:80, 180.101.226.149:56217, 206.81.5.154:8000, 208.67.222.222:443, 216.239.32.21:80, 23.43.56.59:80, 46.101.101.24:37951, 47.101.192.165:38404, 47.102.195.168:35870, 47.240.40.98:37077, 49.235.130.36:46309, 49.235.136.220:36437, 50.116.37.115:33773, 52.0.197.231:80, 58.209.253.169:44728 and 66.171.248.178:80 |
Outgoing Connection |
Process /usr/local/bin/ephzbx attempted to access suspicious domains: hybs-pro.net, icanhazip.com and one.one |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|
An attempt to download /root/.ssh/authorized_keys was made 4 times |
New SSH Key |