IP Address: 121.10.1.120Previously Malicious
Weekly Summary
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
Top Threats
Cyber Threat Intelligence
Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed
IP Address:
121.10.1.120
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Threat Information
|
Role |
Attacker |
|
Services Targeted |
HTTP |
|
Tags |
IDS - Potential Corporate Privacy Violation Malicious File HTTP Outgoing Connection Inbound HTTP Request |
|
Connect Back Servers |
52.176.54.76 52.176.48.108 195.234.176.55 195.234.176.57 13.81.63.87 52.173.74.230 |
Basic Information
|
IP Address |
121.10.1.120 |
|
|
Domain |
- |
|
|
ISP |
China Telecom Guangdong |
|
|
Country |
China |
|
|
WHOIS |
Created Date |
- |
|
Updated Date |
- |
|
|
Organization |
- |
|
|
First seen in Guardicore Centra |
2017-01-23 |
|
Last seen in Guardicore Centra |
2017-02-12 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
Attack Flow
|
IDS detected Potential Corporate Privacy Violation : Unsupported/Fake Internet Explorer Version MSIE 5. |
IDS - Potential Corporate Privacy Violation |
|
An inbound HTTP request was made to http://52.173.74.230/pma/scripts/setup.php |
Inbound HTTP Request |
|
An inbound HTTP request was made to http://52.173.74.230/phpmyadmin/scripts/setup.php |
Inbound HTTP Request |
|
An inbound HTTP request was made to http://52.173.74.230/myadmin/scripts/setup.php |
Inbound HTTP Request |
|
Process /usr/local/apache2/bin/httpd generated outgoing network traffic to: kuoni.ch:21 |
Outgoing Connection |
|
/tmp/sess_c12c0cce28290b79b6599cfbb66a746f9b0c7ab1 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index |
Malicious File |
|
/tmp/sess_21458938bb12af72e080408f2382e30bf7730235 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index |
Malicious File |
|
/tmp/sess_1e53dce1c30157e6504ece218676539686ed8b5c was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index |
Malicious File |