IP Address: 196.189.91.162Previously Malicious
IP Address: 196.189.91.162Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SSH |
Tags |
Port 2222 Scan Listening Port 1234 Scan Download and Execute Download and Allow Execution 18 Shell Commands SSH Successful SSH Login Port 22 Scan |
Associated Attack Servers |
121.201.61.205 avonet.cz orange-business.com ss-cloudfront.co ufcg.edu.br 5.26.250.165 12.222.12.26 24.158.63.182 43.228.244.10 45.32.128.117 47.91.87.67 54.91.250.89 85.37.147.81 94.20.64.202 100.0.197.18 121.201.61.205 122.51.48.52 123.57.138.150 148.70.242.55 150.165.60.105 161.139.68.245 175.24.57.194 188.38.175.137 194.27.136.2 217.112.162.10 |
IP Address |
196.189.91.162 |
|
Domain |
- |
|
ISP |
Ethiopian Telecommunication Corporation |
|
Country |
Ethiopia |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2020-04-28 |
Last seen in Akamai Guardicore Segmentation |
2021-06-06 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password 2 times |
Successful SSH Login |
Process /bin/bash scanned port 1234 on 16 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 16 IP Addresses |
Port 1234 Scan |
Process /root/nginx scanned port 1234 on 16 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/nginx scanned port 22 on 16 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/nginx scanned port 2222 on 16 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/nginx scanned port 1234 on 34 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/nginx scanned port 1234 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /bin/bash scanned port 1234 on 16 IP Addresses |
Port 1234 Scan |
Process /usr/sbin/sshd scanned port 1234 on 16 IP Addresses 2 times |
Port 1234 Scan |
Process /bin/nc.openbsd scanned port 1234 on 16 IP Addresses |
Port 1234 Scan |
Process /bin/bash scanned port 1234 on 16 IP Addresses |
Port 1234 Scan |
A user logged in using SSH with the following credentials: root / **** - Authentication policy: Correct Password |
Successful SSH Login |
The file /root/ifconfig was downloaded and executed 7 times |
Download and Execute |
The file /root/nginx was downloaded and executed 149 times |
Download and Execute |
Process /root/nginx scanned port 22 on 34 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/nginx scanned port 2222 on 34 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/nginx scanned port 22 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
Process /root/nginx started listening on ports: 1234 |
Listening |
Process /root/nginx generated outgoing network traffic to: 100.0.197.18:1234, 104.133.18.70:2222, 104.168.114.122:22, 104.168.114.122:2222, 107.172.90.18:1234, 107.60.180.46:2222, 11.91.200.137:22, 11.91.200.137:2222, 112.217.225.61:1234, 112.9.88.233:2222, 123.57.138.150:1234, 132.247.210.126:1234, 134.13.42.144:2222, 137.162.205.94:22, 137.162.205.94:2222, 138.55.183.125:22, 138.55.183.125:2222, 141.36.91.249:22, 141.36.91.249:2222, 142.121.29.15:2222, 146.79.38.20:2222, 154.60.21.57:2222, 161.139.68.245:1234, 162.184.205.11:22, 162.184.205.11:2222, 17.72.9.119:22, 176.195.232.52:22, 176.195.232.52:2222, 177.170.84.35:22, 177.170.84.35:2222, 181.132.123.97:22, 181.132.123.97:2222, 182.145.177.229:2222, 183.248.138.65:22, 183.248.138.65:2222, 190.86.16.17:22, 190.86.16.17:2222, 193.38.64.60:22, 193.38.64.60:2222, 196.189.91.162:1234, 198.188.2.2:1234, 20.91.227.237:22, 201.208.26.96:22, 209.41.203.3:2222, 210.222.236.58:1234, 211.110.184.22:1234, 213.88.158.159:22, 23.254.217.214:1234, 249.141.253.185:22, 253.60.21.40:2222, 3.110.186.223:22, 33.81.187.182:2222, 37.151.197.34:2222, 40.162.133.5:2222, 41.242.180.162:22, 41.242.180.162:2222, 46.79.146.221:22, 46.79.146.221:2222, 47.58.35.113:22, 47.58.35.113:2222, 48.238.230.182:22, 48.238.230.182:2222, 49.97.245.25:22, 55.29.172.72:2222, 57.100.69.129:1234, 58.71.199.99:1234, 65.108.52.59:22, 65.203.91.126:22, 65.203.91.126:2222, 69.140.114.178:22, 69.140.114.178:2222, 70.137.88.208:22, 76.160.137.30:22, 76.160.137.30:2222, 78.88.229.100:22, 78.88.229.100:2222, 86.152.123.239:22, 86.152.123.239:2222, 86.160.250.55:22, 86.160.250.55:2222, 88.39.87.64:2222, 9.97.100.53:22, 99.67.2.78:22, 99.67.2.78:2222 and 99.79.195.76:1234 |
|
Process /root/nginx scanned port 2222 on 38 IP Addresses |
Port 1234 Scan Port 22 Scan Port 2222 Scan |
The file /root/php-fpm was downloaded and executed 67 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 15 times |
Download and Execute |
The file /root/php-fpm was downloaded and executed 41 times |
Download and Execute |
The file /root/php-fpm was downloaded and granted execution privileges |
Download and Allow Execution |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|