IP Address: 147.135.116.67Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
147.135.116.67​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker

Services Targeted

HTTP

Tags

IDS - Web Application Attack Inbound HTTP Request HTTP Download and Execute Access Suspicious Domain Download File Download and Allow Execution Outgoing Connection

Connect Back Servers

infinity-hosting.com ip-149-56-78.net

185.244.25.112 168.63.110.250 13.69.86.134 52.176.42.97 13.89.235.217 52.173.134.241 52.173.74.14 13.81.218.89 52.168.169.156 23.101.132.197 52.178.117.81 13.92.238.45 149.56.78.240 52.173.196.231 147.135.21.159 40.112.61.187 13.93.46.82 52.174.17.41

Basic Information

IP Address

147.135.116.67

Domain

-

ISP

Ovh Us LLC

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2019-05-19

Last seen in Guardicore Centra

2019-06-16

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

Process /usr/bin/wget generated outgoing network traffic to: 147.135.21.159:80

Outgoing Connection

Process /usr/bin/wget attempted to access suspicious domains: infinity-hosting.com

Access Suspicious Domain Outgoing Connection

Process /tmp/xmr-net generated outgoing network traffic to: 147.135.21.159:80

Outgoing Connection

Process /tmp/xmr-net attempted to access suspicious domains: infinity-hosting.com

Access Suspicious Domain Outgoing Connection

The file /tmp/xmr-net was downloaded and executed 2 times

Download and Execute

The file /tmp/pretzel was downloaded and executed 8 times

Download and Execute

Process /tmp/pretzel generated outgoing network traffic to: 149.56.78.240:3333

Outgoing Connection

Process /tmp/pretzel attempted to access suspicious domains: ip-149-56-78.net

Access Suspicious Domain Outgoing Connection

IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body

IDS - Web Application Attack

Connection was closed due to user inactivity

Associated Files

/usr/local/apache2/cgi-bin/ws/v1/cluster/mingetty

SHA256: db2a704128340cfd4a1d2bb4b9274c93d49cbbc852137263e6c932cfeb10c2ef

4032648 bytes

/tmp/xmr-net.2

SHA256: f3acb407094a7f22ac928243b835ee20188d83d9bb00f750a54e53f272025c26

10545 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 147.135.116.67​Previously Malicious