Port 22

110K domains targeted in 'sophisticated' AWS cloud extortion campaign