IP Address: 114.205.251.196Malicious
IP Address: 114.205.251.196Malicious
This IP address attempted an attack on a machine in our threat sensors network
|
Role |
Attacker, Scanner |
|
Services Targeted |
SSH |
|
Tags |
Port 22 Scan SFTP Download File SSH Successful SSH Login Download and Execute 1 Shell Commands Outgoing Connection Listening Download and Allow Execution |
|
Associated Attack Servers |
|
IP Address |
114.205.251.196 |
|
|
Domain |
- |
|
|
ISP |
SK Broadband |
|
|
Country |
Korea, Republic of |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Akamai Guardicore Segmentation |
2022-04-07 |
|
Last seen in Akamai Guardicore Segmentation |
2024-05-04 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
|
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
|
./.4223939500724059445/sshd was downloaded |
Download File |
|
The file /root/.4223939500724059445/sshd was downloaded and executed 13 times |
Download and Execute |
|
Process /usr/bin/nohup generated outgoing network traffic to: 101.80.54.138:22, 102.234.254.50:22, 107.139.85.152:22, 117.142.186.46:22, 117.215.76.74:22, 12.235.153.140:22, 121.185.137.228:22, 121.4.12.172:22, 124.143.176.234:22, 125.47.1.49:22, 13.14.97.196:22, 134.58.74.63:22, 135.94.193.62:22, 136.74.93.187:22, 139.111.205.217:22, 141.19.218.125:22, 144.208.231.137:22, 144.226.97.153:22, 147.180.208.191:22, 147.200.64.226:22, 147.212.52.206:22, 148.36.11.151:22, 15.105.237.11:22, 152.54.220.231:22, 157.145.239.70:22, 16.79.33.62:22, 160.179.101.241:22, 161.227.59.73:22, 162.159.136.232:443, 162.204.165.159:22, 163.63.232.36:22, 164.197.186.78:22, 165.121.29.233:22, 166.123.244.154:22, 166.75.32.46:22, 166.94.168.168:22, 170.195.110.95:22, 172.189.89.115:22, 174.173.133.152:22, 176.96.68.134:22, 177.35.74.30:22, 179.60.226.246:22, 180.48.58.198:22, 182.245.168.178:22, 184.97.130.38:22, 189.133.142.97:22, 191.178.226.76:22, 192.118.39.117:22, 192.177.195.63:22, 194.76.60.154:22, 198.203.59.9:22, 198.224.101.15:22, 201.219.205.252:22, 202.196.134.90:22, 204.89.134.111:22, 209.81.89.156:22, 21.179.150.27:22, 221.103.5.93:22, 221.221.134.131:22, 222.66.99.251:22, 23.229.91.35:22, 26.57.4.164:22, 28.198.66.77:22, 30.148.88.39:22, 32.0.17.6:22, 34.74.167.240:22, 35.39.242.222:22, 37.151.76.22:22, 37.246.27.135:22, 4.187.115.2:22, 40.117.228.247:22, 43.212.155.217:22, 45.132.120.150:22, 45.99.150.253:22, 46.155.76.33:22, 47.195.164.45:22, 5.66.54.0:22, 52.235.189.112:22, 54.59.79.116:22, 55.220.131.235:22, 58.70.222.157:22, 6.46.90.97:22, 64.112.248.172:22, 65.225.219.13:22, 68.195.64.155:22, 7.192.225.25:22, 70.25.91.172:22, 71.75.0.136:22, 73.215.213.252:22, 77.103.243.9:22, 82.203.206.14:22, 83.196.16.250:22, 86.210.17.21:22, 86.73.106.88:22, 89.80.180.44:22, 91.133.47.150:22, 93.45.137.182:22, 96.72.240.94:22, 97.117.49.123:22 and 97.78.65.124:22 |
Outgoing Connection |
|
Process /usr/bin/nohup scanned port 22 on 99 IP Addresses |
Port 22 Scan |
|
Process /usr/bin/nohup started listening on ports: 1919 and 22 |
Listening |
|
Connection was closed due to timeout |
|
|
/root/.7494401776016047577/sshd |
SHA256: 94f2e4d8d4436874785cd14e6e6d403507b8750852f7f2040352069a75da4c00 |
30304472 bytes |
© 2023 Akamai Technologies
