IP Address: 122.175.164.58Previously Malicious
IP Address: 122.175.164.58Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Access Suspicious Domain SSH New SSH Key Successful SSH Login Executable File Modification Download and Execute Outgoing Connection |
Associated Attack Servers |
23.223.159.192 34.192.250.175 47.75.87.139 47.90.87.2 47.91.234.92 47.93.85.225 47.98.188.113 47.100.30.15 47.101.192.165 47.105.184.110 47.240.162.121 49.232.112.237 49.234.176.41 49.234.187.186 49.235.166.5 64.225.50.109 66.171.248.178 71.57.39.2 103.27.42.59 103.43.153.220 103.85.24.204 103.230.240.110 103.239.205.49 106.14.133.61 106.14.183.222 106.52.52.230 106.54.208.137 111.229.175.249 116.120.58.66 116.202.244.153 |
IP Address |
122.175.164.58 |
|
Domain |
- |
|
ISP |
Airtel |
|
Country |
India |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-05-19 |
Last seen in Akamai Guardicore Segmentation |
2020-05-19 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Reached Max Attempts |
Successful SSH Login |
Executable file /usr/bin/wegpjq was modified 9 times |
Executable File Modification |
The file /usr/bin/wegpjq was downloaded and executed 53 times |
Download and Execute |
Process /usr/bin/wegpjq generated outgoing network traffic to: 1.1.1.1:53, 103.230.240.110:43551, 103.239.205.49:34834, 103.27.42.59:40393, 103.43.153.220:36853, 103.85.24.204:46209, 106.14.133.61:14589, 106.14.183.222:38701, 106.52.52.230:37609, 106.54.208.137:43316, 111.229.175.249:41491, 116.120.58.66:37847, 116.202.244.153:80, 118.190.199.13:38400, 120.24.182.114:36097, 120.27.228.61:42082, 120.55.165.126:54393, 120.78.168.80:45368, 120.92.18.134:31652, 123.194.80.148:41883, 123.207.40.249:34471, 129.204.112.162:35434, 139.59.83.109:45552, 150.109.123.35:35553, 165.22.108.201:37817, 176.58.123.25:80, 180.108.64.5:34390, 182.92.234.97:44698, 202.5.21.4:8000, 208.67.222.222:443, 216.239.32.21:80, 216.239.36.21:80, 219.240.111.114:38976, 223.203.98.179:34033, 23.223.159.192:80, 34.192.250.175:80, 47.100.30.15:40330, 47.101.192.165:34505, 47.105.184.110:45595, 47.240.162.121:40366, 47.75.87.139:40743, 47.90.87.2:36916, 47.91.234.92:39765, 47.93.85.225:45972, 47.98.188.113:54538, 49.232.112.237:43176, 49.232.112.237:45641, 49.234.176.41:39573, 49.234.187.186:41455, 49.235.166.5:35714, 64.225.50.109:41831, 66.171.248.178:80, 71.57.39.2:36180 and 71.57.39.2:46124 |
Outgoing Connection |
Process /usr/bin/wegpjq attempted to access suspicious domains: hybs-pro.net, icanhazip.com, one.one and sendmail04.com |
Access Suspicious Domain Outgoing Connection |
Connection was closed due to timeout |
|
An attempt to download /root/.ssh/authorized_keys was made 25 times |
New SSH Key |