IP Address: 122.14.222.124Previously Malicious
IP Address: 122.14.222.124Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
122.14.222.124 |
|
Domain |
- |
|
ISP |
CNISP-Union Technology (Beijing) Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-02-23 |
Last seen in Akamai Guardicore Segmentation |
2022-04-29 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /var/tmp/ifconfig was downloaded and executed 5 times |
Download and Execute |
Process /var/tmp/apache2 scanned port 22 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 80 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 8080 on 10 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 22 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
The file /var/tmp/apache2 was downloaded and executed 192 times |
Download and Execute |
Process /var/tmp/apache2 generated outgoing network traffic to: 103.174.114.217:1234, 104.21.25.86:443, 114.140.191.72:22, 115.79.182.65:22, 119.124.82.130:22, 120.118.187.61:22, 120.136.134.153:1234, 122.14.222.124:1234, 132.199.245.16:2222, 133.36.32.83:2222, 134.148.23.200:80, 134.148.23.200:8080, 14.40.40.71:2222, 141.80.10.235:80, 141.80.10.235:8080, 142.94.172.72:80, 142.94.172.72:8080, 146.123.162.32:2222, 150.50.186.161:80, 150.50.186.161:8080, 155.193.52.14:80, 155.193.52.14:8080, 160.190.145.223:22, 161.18.126.63:80, 161.18.126.63:8080, 164.238.54.97:80, 164.238.54.97:8080, 172.67.133.228:443, 192.155.64.119:2222, 197.97.210.140:80, 197.97.210.140:8080, 2.230.164.229:80, 2.230.164.229:8080, 204.209.73.123:80, 204.209.73.123:8080, 21.104.166.19:80, 21.104.166.19:8080, 213.6.141.225:80, 213.6.141.225:8080, 222.7.5.4:80, 222.7.5.4:8080, 223.174.134.205:80, 223.174.134.205:8080, 253.179.128.227:22, 33.215.94.214:80, 33.215.94.214:8080, 34.102.27.233:80, 34.102.27.233:8080, 4.70.124.230:80, 4.70.124.230:8080, 41.16.167.159:80, 41.16.167.159:8080, 42.194.138.246:1234, 48.94.164.241:80, 48.94.164.241:8080, 49.81.167.6:80, 49.81.167.6:8080, 5.151.93.59:80, 5.151.93.59:8080, 50.120.27.49:80, 50.120.27.49:8080, 51.75.146.174:443, 55.218.49.236:80, 55.218.49.236:8080, 56.44.158.46:22, 57.168.207.89:80, 57.168.207.89:8080, 6.66.176.17:80, 6.66.176.17:8080, 6.82.136.29:80, 6.82.136.29:8080, 76.136.226.197:80, 76.136.226.197:8080, 78.143.72.94:80, 78.143.72.94:8080, 78.64.182.214:2222, 8.151.148.158:80, 8.151.148.158:8080, 8.153.136.10:80, 8.153.136.10:8080, 81.68.166.127:1234, 85.120.38.210:22, 89.108.119.250:1234, 92.246.89.8:1234, 93.5.42.130:80, 93.5.42.130:8080, 95.62.93.119:80, 95.62.93.119:8080 and 96.197.29.130:22 |
Outgoing Connection |
Process /var/tmp/apache2 started listening on ports: 1234, 8083 and 8186 |
Listening |
Process /var/tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
Process /var/tmp/apache2 attempted to access suspicious domains: cloudhost.asia, dsnet, railcommerce.com and takushoku-u.ac.jp |
Access Suspicious Domain Outgoing Connection |
Process /var/tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 22 Scan Port 80 Scan Port 8080 Scan |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /usr/local/bin/dash was downloaded and executed |
Download and Execute |
The file /var/tmp/php-fpm was downloaded and executed 38 times |
Download and Execute |
The file /var/tmp/php-fpm was downloaded and executed 6 times |
Download and Execute |
The file /var/tmp/php-fpm was downloaded and executed 24 times |
Download and Execute |
Connection was closed due to timeout |
|
The file /var/tmp/php-fpm was downloaded and executed |
Download and Execute |
/var/tmp/ifconfig |
SHA256: 46fd6a67ba837f6ee1cabec4dd96938034693417961369f76ac3a97275370287 |
2097152 bytes |
/var/tmp/php-fpm |
SHA256: d9ee6cbbc40b3b337e3af157b14a1e7ac276c9f27c2efcd8daa21ded4bd810b6 |
2875940 bytes |