IP Address: 165.22.60.159Previously Malicious
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
IP Address:
165.22.60.159
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Role |
Attacker, Scanner |
Services Targeted |
HTTP SSH |
Tags |
IDS - Web Application Attack Inbound HTTP Request Download and Execute Access Suspicious Domain Download File IDS - Potential Corporate Privacy Violation Download and Allow Execution Outgoing Connection |
Associated Attack Servers |
168.63.111.68 52.165.185.84 157.230.118.36 40.77.24.190 13.72.71.0 13.92.155.148 40.77.30.135 52.165.185.202 104.43.209.159 168.63.110.58 167.71.179.58 13.72.71.73 13.92.155.251 40.77.30.237 40.77.30.223 178.128.18.251 40.117.126.83 52.165.231.208 51.79.54.106 52.165.185.18 52.165.185.97 168.63.110.147 13.92.155.19 40.77.29.89 168.63.109.62 68.183.233.217 104.47.157.45 40.77.30.79 13.72.68.116 134.209.150.166 |
IP Address |
165.22.60.159 |
|
Domain |
- |
|
ISP |
Digital Ocean |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Guardicore Centra |
2019-06-23 |
Last seen in Guardicore Centra |
2019-07-21 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
Process /usr/bin/wget generated outgoing network traffic to: 51.79.54.106:80 |
Outgoing Connection |
Process /usr/bin/wget attempted to access suspicious domains: ip-51-79-54.net |
Access Suspicious Domain Outgoing Connection |
The file /usr/local/apache2/cgi-bin/ws/v1/cluster/hoho.x86 was downloaded and executed |
Download and Execute |
IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body |
IDS - Web Application Attack |
IDS detected Potential Corporate Privacy Violation : DNS Update From External net |
IDS - Potential Corporate Privacy Violation |
IDS detected Potential Corporate Privacy Violation : Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 6 or 7 set |
IDS - Potential Corporate Privacy Violation |
IDS detected Potential Corporate Privacy Violation : Non-DNS or Non-Compliant DNS traffic on DNS port Opcode 8 through 15 set |
IDS - Potential Corporate Privacy Violation |
IDS detected Potential Corporate Privacy Violation : Non-DNS or Non-Compliant DNS traffic on DNS port Reserved Bit Set |
IDS - Potential Corporate Privacy Violation |
Connection was closed due to user inactivity |
|
/usr/local/apache2/cgi-bin/ws/v1/cluster/hoho.x86 |
SHA256: df58a0e43e228827569eade15b56365c31fb9e4cd1c25dc16bd971687c7785e9 |
1075 bytes |
IP Address: 165.22.60.159Previously Malicious