IP Address: 104.200.20.46Previously Malicious
Weekly Summary
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
Top Threats
Cyber Threat Intelligence
Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed
IP Address:
104.200.20.46
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Threat Information
|
Role |
Attacker, Connect-Back, Scanner |
|
Services Targeted |
SCP SSH |
|
Tags |
Download File SCP Access Suspicious Domain Port 443 Scan 9 Shell Commands Download and Execute Listening SSH Successful SSH Login Outgoing Connection |
|
Associated Attack Servers |
ip-pool.com w4gfzjunvynjhpj6.onion.cab poneytelecom.eu jreusch.de zencurity.dk 0x86.net 4711.se mit.edu txtfile.eu t-3.net startdedicated.de voxility.net giannoug.gr bynumlaw.net plastic-spoon.de w4gfzjunvynjhpj6.onion.nu onion.nu pep-security.net mdfnet.se svengo.net 188.213.49.65 212.47.233.86 213.239.217.18 62.138.11.6 193.11.114.43 163.172.25.118 185.129.62.62 62.138.7.171 64.113.32.29 37.187.102.186 185.129.249.124 193.11.114.45 185.100.85.101 188.40.128.246 82.223.21.74 171.25.193.9 185.220.101.46 37.221.162.226 46.36.37.82 188.166.133.133 185.220.102.4 91.121.84.137 85.25.159.65 128.31.0.34 213.141.138.174 |
Basic Information
|
IP Address |
104.200.20.46 |
|
|
Domain |
- |
|
|
ISP |
Linode |
|
|
Country |
- |
|
|
WHOIS |
Created Date |
2005-07-30 |
|
Updated Date |
2019-07-16 |
|
|
Organization |
REDACTED FOR PRIVACY |
|
|
First seen in Guardicore Centra |
2017-07-01 |
|
Last seen in Guardicore Centra |
2018-07-08 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
Attack Flow
|
A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List |
Successful SSH Login |
|
The file /tmp/stcp was downloaded and executed 8 times |
Download and Execute |
|
Process /tmp/tcp started listening on ports: 6666 |
Listening |
|
The file /tmp/tcp was downloaded and executed |
Download and Execute |
|
Process /tmp/tcp generated outgoing network traffic to: 91.121.84.137:4052, 154.35.175.225:443, 128.31.0.34:9101, 193.11.114.43:9001, 185.129.62.62:9001, 199.249.223.61:443, 213.239.217.18:1337, 163.172.176.167:443, 163.172.223.200:443, 185.129.249.124:9001, 195.154.164.243:443, 104.200.20.46:9001, 193.23.244.244:443, 199.58.81.140:443, 131.188.40.189:443, 77.247.181.162:443, 82.223.21.74:9001, 163.172.149.155:443, 46.165.230.5:443, 62.138.7.171:8001, 37.120.174.249:443, 185.100.84.82:443, 212.83.154.33:443, 31.31.78.49:443, 62.210.254.132:443, 37.221.162.226:9001, 134.119.36.135:443, 185.100.86.100:443, 188.166.133.133:9001, 199.184.246.250:443, 31.185.104.21:443, 193.234.15.58:443, 163.172.25.118:22, 194.109.206.212:443, 46.101.151.222:443, 81.7.14.253:443, 213.141.138.174:9001, 80.127.117.180:443, 85.25.159.65:80, 204.13.164.118:443, 172.98.193.43:443, 92.222.38.67:443, 199.249.223.69:443, 185.96.88.29:443, 171.25.193.25:443, 193.11.114.45:9002, 178.62.197.82:443, 86.59.21.38:443 and 171.25.193.9:80 |
Outgoing Connection |
|
Process /tmp/tcp scanned port 443 on 33 IP Addresses |
Port 443 Scan |
|
Process /tmp/tcp attempted to access suspicious domains: ip-pool.com, pep-security.net, svengo.net, bynumlaw.net, 0x86.net, voxility.net, poneytelecom.eu, 4711.se, mdfnet.se, plastic-spoon.de and zencurity.dk |
Access Suspicious Domain Outgoing Connection |
|
Connection was closed due to timeout |
|
Associated Files
|
/tmp/4jNkVBzzYG0J1 |
SHA256: 51e737ad7ab0b48d35742f69cf2768579737af1766db9592fc883799d6d01d4f |
4390176 bytes |
|
/tmp/4MgDyR15sp9 |
SHA256: 1aa18e69df7ebefd6056d72257230e3aaf7fccec6a238beaee193fa8733f4401 |
4390176 bytes |
|
/tmp/tcp |
SHA256: b1834cb9847ce03f6b087249dccab32cd58022dc9424a6de58c0196dd9c0a49e |
6263064 bytes |
|
/tmp/stcp |
SHA256: ff0a6c82f5be9019a29328a9a2345c02bdf9b686b2d0b4f0fac688a3464b490e |
4406080 bytes |