IP Address: 14.146.92.3Previously Malicious
IP Address: 14.146.92.3Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Scanner |
Services Targeted |
SSH |
Tags |
Outgoing Connection Download Operation SSH 10 Shell Commands SSH Brute Force Superuser Operation Port 22 Scan Successful SSH Login System File Modification Kill Process |
Associated Attack Servers |
IP Address |
14.146.92.3 |
|
Domain |
- |
|
ISP |
China Telecom Guangdong |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-10-31 |
Last seen in Akamai Guardicore Segmentation |
2022-11-06 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ******** - Authentication policy: White List (Part of a Brute Force Attempt) |
SSH Brute Force Successful SSH Login |
A possibly malicious Superuser Operation was detected 4 times |
Download Operation Kill Process Superuser Operation |
System file /etc/shadow was modified 9 times |
System File Modification |
A possibly malicious Kill Process was detected 2 times |
Download Operation Kill Process Superuser Operation |
A possibly malicious Download Operation was detected 6 times |
Download Operation Kill Process Superuser Operation |
Process /usr/bin/wget generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /dev/shm/ksmdr generated outgoing network traffic to: 142.202.242.45:80 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /dev/shm/kmsd generated outgoing network traffic to: 171.22.30.31:57388 |
Outgoing Connection |
Process /bin/bash generated outgoing network traffic to: 171.22.30.31:80 |
Outgoing Connection |
Process /dev/shm/ksmdx generated outgoing network traffic to: 102.18.63.20:22, 106.175.172.196:22, 114.37.240.102:22, 115.99.204.102:22, 12.75.222.63:22, 120.193.200.162:22, 124.60.32.143:22, 125.227.160.7:22, 130.170.181.98:22, 135.22.161.205:22, 136.226.156.237:22, 136.230.35.191:22, 139.159.169.4:22, 14.128.115.193:22, 142.251.32.14:80, 144.169.162.156:22, 145.143.168.3:22, 145.4.253.233:22, 150.211.234.253:22, 151.101.231.104:22, 152.94.235.151:22, 154.180.35.39:22, 156.161.217.10:22, 156.239.33.236:22, 159.85.71.9:22, 159.94.121.52:22, 16.9.122.125:22, 163.60.86.239:22, 164.45.87.133:22, 165.45.34.109:22, 165.73.249.52:22, 169.118.36.218:22, 171.22.30.31:45833, 171.22.30.31:80, 172.251.69.10:22, 176.157.79.32:22, 179.31.58.25:22, 184.215.0.162:22, 189.75.120.43:22, 19.162.116.37:22, 195.140.239.57:22, 197.5.239.57:22, 198.148.234.231:22, 198.42.159.48:22, 199.31.215.161:22, 2.12.0.67:22, 205.186.210.118:22, 21.43.16.239:22, 211.8.101.148:22, 212.144.226.170:22, 215.248.207.169:22, 216.135.17.246:22, 242.40.20.180:22, 243.210.57.56:22, 246.250.240.29:22, 248.14.211.251:22, 252.9.136.213:22, 3.22.68.177:22, 30.96.77.210:22, 32.104.217.234:22, 35.230.156.1:22, 36.2.31.235:22, 37.163.98.44:22, 38.135.21.13:22, 39.48.102.107:22, 39.71.157.111:22, 42.144.170.32:22, 42.6.237.101:22, 46.65.67.200:22, 47.194.66.150:22, 47.235.221.4:22, 49.10.165.159:22, 49.149.120.214:22, 5.154.208.198:22, 5.193.243.207:22, 51.16.94.179:22, 52.38.67.95:22, 56.21.220.134:22, 56.27.48.115:22, 61.112.4.131:22, 62.153.65.166:22, 62.184.132.45:22, 71.203.11.170:22, 71.28.26.223:22, 75.141.202.10:22, 76.77.27.244:22, 78.188.45.73:22, 81.56.161.147:22, 82.186.127.209:22, 83.59.44.56:22, 9.109.209.62:22, 91.143.89.92:22, 95.43.86.156:22, 98.162.232.102:22 and 99.48.26.96:22 |
Outgoing Connection |
Process /dev/shm/ksmdx scanned port 22 on 92 IP Addresses |
Port 22 Scan |
Connection was closed due to timeout |
|