IP Address: 14.116.206.92Previously Malicious
IP Address: 14.116.206.92Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Outgoing Connection Download Operation SSH 19 Shell Commands Read Password Secrets SSH Brute Force Superuser Operation Port 22 Scan Listening Successful SSH Login System File Modification Kill Process |
Associated Attack Servers |
IP Address |
14.116.206.92 |
|
Domain |
- |
|
ISP |
China Telecom Guangdong |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-10-01 |
Last seen in Akamai Guardicore Segmentation |
2022-11-28 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
A possibly malicious Superuser Operation was detected 6 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Kill Process was detected 2 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Superuser Operation was detected 2 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Kill Process was detected 2 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Download Operation was detected 11 times |
Download Operation Kill Process Superuser Operation |
Process /usr/bin/wget generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /dev/shm/ksmdr generated outgoing network traffic to: 142.202.242.43:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 2 times |
Outgoing Connection |
Process /dev/shm/kmsd generated outgoing network traffic to: 171.22.30.31:57388 |
Outgoing Connection |
Process /dev/shm/ksmdr generated outgoing network traffic to: 142.202.242.45:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /usr/bin/wget generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /dev/shm/ksmdx generated outgoing network traffic to: 100.226.112.228:22, 103.202.219.72:22, 109.146.208.115:22, 11.68.159.147:22, 115.135.234.194:22, 116.120.191.100:22, 117.178.228.189:22, 124.214.68.99:22, 126.130.154.201:22, 126.220.130.62:22, 126.241.177.83:22, 128.59.80.44:22, 130.136.5.11:22, 131.197.106.249:22, 132.78.54.147:22, 136.226.167.169:22, 139.114.25.184:22, 139.162.9.227:22, 14.170.57.125:22, 142.250.190.142:80, 143.74.200.51:22, 147.127.115.104:22, 15.1.137.112:22, 150.34.58.36:22, 153.141.249.190:22, 162.0.108.168:22, 165.132.149.34:22, 166.240.217.193:22, 167.1.129.213:22, 169.126.85.217:22, 169.170.20.132:22, 171.113.197.64:22, 171.22.30.31:45833, 171.22.30.31:80, 173.5.168.36:22, 174.199.45.234:22, 183.165.11.18:22, 187.121.84.49:22, 187.28.250.59:22, 188.27.165.143:22, 188.98.197.33:22, 191.217.145.171:22, 194.36.222.161:22, 196.31.62.21:22, 199.130.154.135:22, 200.152.188.109:22, 202.160.17.199:22, 21.130.114.115:22, 210.200.82.125:22, 211.224.14.39:22, 215.254.60.19:22, 218.109.7.126:22, 244.153.224.52:22, 246.196.16.150:22, 247.137.143.74:22, 25.58.153.3:22, 250.202.163.87:22, 252.95.123.228:22, 29.155.83.191:22, 29.231.140.77:22, 30.170.112.252:22, 34.126.42.74:22, 35.61.19.57:22, 37.97.142.152:22, 38.166.163.115:22, 41.91.134.111:22, 42.78.47.248:22, 42.87.121.129:22, 44.172.15.120:22, 5.126.9.139:22, 5.171.28.147:22, 50.110.76.90:22, 51.11.191.115:22, 61.109.34.214:22, 64.63.226.71:22, 66.27.149.108:22, 72.47.171.74:22, 73.151.152.162:22, 73.37.182.157:22, 76.73.220.11:22, 8.171.96.214:22, 8.23.60.84:22, 82.222.72.95:22, 83.153.83.106:22, 86.131.5.4:22, 88.195.35.143:22, 89.209.131.146:22, 91.87.162.12:22, 92.252.109.103:22, 93.96.63.229:22, 96.138.12.4:22 and 98.71.43.243:22 |
Outgoing Connection |
System file /etc/sysctl.conf was modified 9 times |
System File Modification |
Process /dev/shm/ksmdx scanned port 22 on 89 IP Addresses |
Port 22 Scan |
Process /lib/systemd/systemd started listening on ports: 80 |
Listening |
Process /usr/local/mysql/bin/mysqld started listening on ports: 3306 |
Listening |
Connection was closed due to timeout |
|