IP Address: 92.42.45.198Previously Malicious
IP Address: 92.42.45.198Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
New SSH Key Access Suspicious Domain SSH Download and Execute Successful SSH Login Outgoing Connection |
Associated Attack Servers |
47.105.223.208 49.235.4.213 49.235.136.220 71.57.39.2 106.12.21.231 111.229.188.24 116.62.54.144 117.73.13.208 121.36.167.183 139.162.127.223 154.204.30.239 183.207.172.118 206.81.5.154 208.67.222.222 |
IP Address |
92.42.45.198 |
|
Domain |
- |
|
ISP |
Marvin Kluck trading as ZAP-Hosting GmbH & Co.KG |
|
Country |
Germany |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-13 |
Last seen in Akamai Guardicore Segmentation |
2020-05-23 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ********* - Authentication policy: Reached Max Attempts |
Successful SSH Login |
The file /usr/bin/xsinrh was downloaded and executed 45 times |
Download and Execute |
Process /usr/bin/xsinrh generated outgoing network traffic to: 1.1.1.1:53, 106.12.21.231:34059, 111.229.188.24:39845, 116.62.54.144:39066, 117.73.13.208:38101, 121.36.167.183:37695, 139.162.127.223:33189, 154.204.30.239:45055, 183.207.172.118:36541, 206.81.5.154:8000, 208.67.222.222:443, 47.105.223.208:39869, 49.235.136.220:36437, 49.235.4.213:45891 and 71.57.39.2:36180 |
Outgoing Connection |
Process /usr/bin/xsinrh attempted to access suspicious domains: hwclouds-dns.com and one.one |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|
An attempt to download /root/.ssh/authorized_keys was made 25 times |
New SSH Key |