Cyber Threat Intelligence

Discover malicious IPs and domains with Akamai Guardicore Segmentation

IP Address: 45.95.168.172Previously Malicious

IP Address: 45.95.168.172Previously Malicious

This IP address attempted an attack on a machine in our threat sensors network

Threat Information

Role

Attacker, Scanner

Services Targeted

SSH

Tags

Log Tampering SSH 5 Shell Commands SSH Brute Force Outgoing Connection Successful SSH Login Download Operation

Associated Attack Servers

upbetrixir.world

45.95.168.230 185.172.110.175 185.172.110.185

Basic Information

IP Address

45.95.168.172

Domain

-

ISP

-

Country

Croatia

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Akamai Guardicore Segmentation

2020-05-12

Last seen in Akamai Guardicore Segmentation

2020-08-29

What is Akamai Guardicore Segmentation
Akamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / ***** - Authentication policy: White List (Part of a Brute Force Attempt)

SSH Brute Force Successful SSH Login

A user logged in using SSH with the following credentials: root / ***** - Authentication policy: Correct Password (Part of a Brute Force Attempt) 4 times

SSH Brute Force Successful SSH Login

A possibly malicious Download Operation was detected 10 times

Download Operation

History File Tampering detected from /usr/sbin/sshd 3 times

Log Tampering

Process /bin/bash generated outgoing network traffic to: 185.172.110.185:80

Outgoing Connection

Process /usr/bin/wget generated outgoing network traffic to: 185.172.110.185:80

Outgoing Connection

Process /bin/bash generated outgoing network traffic to: 185.172.110.185:80

Outgoing Connection

History File Tampering detected from /usr/sbin/sshd

Log Tampering

Process /usr/bin/wget generated outgoing network traffic to: 185.172.110.185:80

Outgoing Connection

History File Tampering detected from /bin/bash

Log Tampering

Process /usr/bin/wget generated outgoing network traffic to: 185.172.110.185:80

Outgoing Connection

Connection was closed due to timeout