IP Address: 122.114.222.158Previously Malicious
IP Address: 122.114.222.158Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Outgoing Connection Successful SSH Login SSH Access Suspicious Domain New SSH Key Download and Execute |
Associated Attack Servers |
23.223.159.192 34.197.12.81 39.108.72.183 45.9.188.72 47.101.59.60 47.101.192.165 47.103.214.241 47.107.73.38 49.233.64.4 49.234.225.74 49.235.136.220 49.235.172.144 50.116.37.115 52.175.54.100 66.171.248.178 71.57.39.2 101.132.172.189 103.230.240.110 106.14.38.76 106.14.183.222 106.54.102.94 106.54.218.3 111.229.66.87 111.229.136.54 116.202.244.153 117.73.2.100 117.73.8.17 117.73.13.208 120.77.244.64 121.40.174.89 |
IP Address |
122.114.222.158 |
|
Domain |
- |
|
ISP |
ZhengZhou GIANT Computer Network Technology Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-05 |
Last seen in Akamai Guardicore Segmentation |
2020-05-05 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ******** - Authentication policy: White List |
Successful SSH Login |
The file /usr/bin/pmhwzn was downloaded and executed 45 times |
Download and Execute |
Process /usr/bin/pmhwzn generated outgoing network traffic to: 1.1.1.1:53, 101.132.172.189:43792, 101.132.172.189:45419, 103.230.240.110:45547, 106.14.183.222:38701, 106.14.38.76:37355, 106.54.102.94:44331, 106.54.218.3:44787, 111.229.136.54:45003, 111.229.66.87:33372, 116.202.244.153:80, 117.73.13.208:38101, 117.73.2.100:35488, 117.73.8.17:36397, 120.77.244.64:39016, 121.40.174.89:35691, 122.51.181.167:44899, 123.194.80.147:43020, 123.207.3.213:35391, 129.211.55.202:37797, 132.232.27.83:37233, 164.52.194.119:42854, 176.58.123.25:80, 178.128.108.158:43917, 180.101.226.149:56217, 180.76.189.148:34683, 183.234.189.241:54856, 206.81.5.154:8000, 208.67.222.222:443, 216.239.32.21:80, 216.239.38.21:80, 218.195.180.37:11404, 23.223.159.192:80, 34.197.12.81:80, 39.108.72.183:38225, 45.9.188.72:36895, 47.101.192.165:38404, 47.101.59.60:39249, 47.103.214.241:35303, 47.107.73.38:38230, 49.233.64.4:46615, 49.234.225.74:42568, 49.235.136.220:36437, 49.235.172.144:44700, 50.116.37.115:33773, 52.175.54.100:43700, 66.171.248.178:80 and 71.57.39.2:36180 |
Outgoing Connection |
Process /usr/bin/pmhwzn attempted to access suspicious domains: e2enetworks.net.in, icanhazip.com, kbronet.com.tw and one.one |
Access Suspicious Domain Outgoing Connection |
The file /usr/bin/chattr was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|
An attempt to download /root/.ssh/authorized_keys was made 25 times |
New SSH Key |