IP Address: 165.22.130.160Previously Malicious
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
IP Address:
165.22.130.160
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Role |
Attacker, Scanner |
Services Targeted |
HTTP |
Tags |
IDS - Web Application Attack Inbound HTTP Request HTTP Download and Execute Access Suspicious Domain Download File IDS - Potential Corporate Privacy Violation Download and Allow Execution Outgoing Connection |
Associated Attack Servers |
colocrossing.com time4vps.cloud 52.173.92.168 13.81.11.198 40.68.86.26 40.68.123.235 107.174.251.123 13.93.46.82 176.223.138.165 52.173.17.77 52.173.242.8 40.112.61.187 52.176.52.74 40.112.57.175 52.186.126.218 52.166.70.254 52.165.237.129 |
IP Address |
165.22.130.160 |
|
Domain |
- |
|
ISP |
Digital Ocean |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Guardicore Centra |
2019-04-07 |
Last seen in Guardicore Centra |
2019-04-14 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
Process /usr/bin/wget generated outgoing network traffic to: 176.223.138.165:80 2 times |
Outgoing Connection |
Process /usr/bin/wget attempted to access suspicious domains: time4vps.cloud 2 times |
Access Suspicious Domain Outgoing Connection |
The file /tmp/Pemex.sh was downloaded and granted execution privileges |
Download and Allow Execution |
The file /tmp/loligang.x86 was downloaded and granted execution privileges |
Download and Allow Execution |
The file /tmp/mysql.sock.lock was downloaded and granted execution privileges |
|
The file /tmp/awoo was downloaded and executed |
Download and Execute |
IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body |
IDS - Web Application Attack |
IDS detected Potential Corporate Privacy Violation : Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set |
IDS - Potential Corporate Privacy Violation |
IDS detected Potential Corporate Privacy Violation : Non-DNS or Non-Compliant DNS traffic on DNS port Reserved Bit Set |
IDS - Potential Corporate Privacy Violation |
IDS detected Potential Corporate Privacy Violation : Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 6 or 7 set |
IDS - Potential Corporate Privacy Violation |
IDS detected Potential Corporate Privacy Violation : DNS Update From External net |
IDS - Potential Corporate Privacy Violation |
Connection was closed due to timeout |
|
/tmp/jackmymipsel |
SHA256: 0922af2fba4f2348dbb31590247e69a52cc7001db030dd8a0bc4ffc415083334 |
52843 bytes |
/tmp/Pemex.sh |
SHA256: 8d8f6ab47c65239ecca2077e6b67f0bc76ec019c47819a1b324de9b3dcee38c3 |
2013 bytes |
/tmp/loligang.x86 |
SHA256: db54ff8f31b2ad7c8b56096803fb6d6e72afd9ea03cb7c6f03caf0896b736fec |
27614 bytes |
/tmp/loligang.x86 |
SHA256: 8a91100244546999ec7650e0b0743ba694260b4f3d57171cc01b58b1014de2bc |
66136 bytes |
IP Address: 165.22.130.160Previously Malicious