IP Address: 164.215.130.142Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
164.215.130.142​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker

Services Targeted

HTTP

Tags

HTTP Malicious File IDS - A Network Trojan was detected Inbound HTTP Request

Connect Back Servers

13.90.253.5 13.67.213.103 13.92.114.106 13.92.114.238 13.82.25.160

Basic Information

IP Address

164.215.130.142

Domain

-

ISP

Fanava Group

Country

Iran, Islamic Republic of

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2017-01-26

Last seen in Guardicore Centra

2017-01-26

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

An inbound HTTP request was made to http://13.92.114.238/w00tw00t.at.blackhats.romanian.anti-sec:)

Inbound HTTP Request

IDS detected A Network Trojan was detected : ZmEu Scanner User-Agent Inbound

IDS - A Network Trojan was detected

An inbound HTTP request was made to http://13.92.114.238/phpMyAdmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://13.92.114.238/phpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://13.92.114.238/pma/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://13.92.114.238/myadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://13.92.114.238/MyAdmin/scripts/setup.php

Inbound HTTP Request

/tmp/sess_c9f485eabeb6da4db0bf2e30ee707c94b50e7d91 was identified as malicious by YARA according to rules: Crypto Signatures, Crypto Index and Url

Malicious File

/tmp/sess_0264c2e869661d23c7ffbb3f6413db513a0fe06a was identified as malicious by YARA according to rules: Crypto Signatures, Crypto Index and Url

Malicious File

/tmp/sess_139e3629ed3656d59400e038715c22b1efd0b470 was identified as malicious by YARA according to rules: Crypto Signatures, Crypto Index and Url

Malicious File

/tmp/sess_4261dab84de31b8dfd08713b3f308f82abe8abaa was identified as malicious by YARA according to rules: Crypto Signatures, Crypto Index and Url

Malicious File

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 164.215.130.142​Previously Malicious