This IP address has been reported a total of
54
times from
35 distinct
sources.
206.189.134.196 was first reported on
, and the most recent report was
.
Old Reports:
The most recent abuse report for this IP address is from
. It is possible that this IP is no longer involved in abusive activities.
IP 206.189.134.196 conducted 71 brute-force SSH sessions over 47 minutes using common default creden ...
show moreIP 206.189.134.196 conducted 71 brute-force SSH sessions over 47 minutes using common default credentials across multiple accounts (ec2-user, ftp, mysql, nginx, pi) with weak passwords, executing commands to modify system files, download a malware binary from 130.12.180.179/f/aarch64/.b0s, and establish persistence via SSH authorized_keys injection. Recovered artifacts include multiple executable binaries (.16 4.0MB, .VJS4IGOsDjfx0MBMBnBYEYDvQEJeVc 1.5MB), SSH persistence keys, rootkit indicators (ld.so.preload 34 bytes SHA-2320499610b4fcd57553964d91832069d7696e99ba8fc8f9db97f8fd16088339), and system configuration modifications consistent with Linux botnet or cryptominer deployment.
show less
Mar 2 16:09:49 monitoring01 sshd[2918295]: Invalid user support from 206.189.134.196 port 44372
Mar ...
show moreMar 2 16:09:49 monitoring01 sshd[2918295]: Invalid user support from 206.189.134.196 port 44372
Mar 2 16:10:24 monitoring01 sshd[2918830]: Invalid user support from 206.189.134.196 port 43888
Mar 2 16:10:24 monitoring01 sshd[2918830]: Invalid user support from 206.189.134.196 port 43888
...
show less
Brute-Force
SSH
Anonymous
2026-03-02T15:07:45.091046+00:00 TP sshd[3848800]: Failed password for backup from 206.189.134.196 p ...
show more2026-03-02T15:07:45.091046+00:00 TP sshd[3848800]: Failed password for backup from 206.189.134.196 port 60000 ssh2
2026-03-02T15:08:16.877505+00:00 TP sshd[3849106]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.134.196 user=backup
2026-03-02T15:08:19.164153+00:00 TP sshd[3849106]: Failed password for backup from 206.189.134.196 port 33860 ssh2
2026-03-02T15:08:51.629891+00:00 TP sshd[3849356]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.134.196 user=backup
2026-03-02T15:08:53.390253+00:00 TP sshd[3849356]: Failed password for backup from 206.189.134.196 port 37462 ssh2
2026-03-02T15:09:25.147842+00:00 TP sshd[3849599]: Invalid user support from 206.189.134.196 port 50236
2026-03-02T15:09:25.793550+00:00 TP sshd[3849599]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.134.196
2026-03-02T15:09:2
...
show less
2026-03-02T23:59:22.886954 mustar-kr-miso sshd[358621]: Failed password for invalid user backup from ...
show more2026-03-02T23:59:22.886954 mustar-kr-miso sshd[358621]: Failed password for invalid user backup from 206.189.134.196 port 53304 ssh2
2026-03-02T23:59:53.435942 mustar-kr-miso sshd[358623]: Invalid user backup from 206.189.134.196 port 45184
2026-03-02T23:59:53.680524 mustar-kr-miso sshd[358623]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.134.196
2026-03-02T23:59:55.584693 mustar-kr-miso sshd[358623]: Failed password for invalid user backup from 206.189.134.196 port 45184 ssh2
2026-03-03T00:00:27.033395 mustar-kr-miso sshd[358660]: Invalid user backup from 206.189.134.196 port 47336
...
show less
Attacker conducted 3 SSH sessions using credentials mysql/123123 via a Go-based SSH client, executin ...
show moreAttacker conducted 3 SSH sessions using credentials mysql/123123 via a Go-based SSH client, executing only passwd commands to change the root password to j6KPf!txogZ?ZgWV across 4 command variations. No malware downloads, file transfers, port forwarding attempts, or persistence mechanisms were observed; this appears to be account credential modification activity.
show less
206.189.134.196 conducted 27 SSH sessions over approximately 15 minutes using a Go-based SSH client, ...
show more206.189.134.196 conducted 27 SSH sessions over approximately 15 minutes using a Go-based SSH client, attempting 22 common credential combinations across ftp and nginx user accounts including variations of numeric and dictionary passwords. The attacker executed system reconnaissance commands including uname, HOME variable checks, and uptime queries to gather host information, with PATH manipulation suggesting preparation for follow-on activities. No malware downloads, binary artifacts, or persistence mechanisms were recovered during the observed activity.
show less
Brute-Force
SSH
Anonymous
2026-03-02T14:04:15.843172+00:00 TP sshd[3819767]: pam_unix(sshd:auth): authentication failure; logn ...
show more2026-03-02T14:04:15.843172+00:00 TP sshd[3819767]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.134.196
2026-03-02T14:04:18.497174+00:00 TP sshd[3819767]: Failed password for invalid user ftp from 206.189.134.196 port 50204 ssh2
2026-03-02T14:04:50.431127+00:00 TP sshd[3820024]: Invalid user ftp from 206.189.134.196 port 33584
2026-03-02T14:04:50.849049+00:00 TP sshd[3820024]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.134.196
2026-03-02T14:04:53.306326+00:00 TP sshd[3820024]: Failed password for invalid user ftp from 206.189.134.196 port 33584 ssh2
2026-03-02T14:05:26.212993+00:00 TP sshd[3820306]: Invalid user ftp from 206.189.134.196 port 51614
2026-03-02T14:05:26.819785+00:00 TP sshd[3820306]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=206.189.134.196
2026-03-02T14:05:29.553246+00:00 TP s
...
show less
Brute-Force
SSH
Showing 1 to
15
of 54 reports
Think this IP has been falsely reported? You may request to have the associated
reports reviewed and removed.
Request Takedown ๐ฉ