IP Address: 174.138.63.166Previously Malicious
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
IP Address:
174.138.63.166
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Role |
Attacker, Scanner |
Services Targeted |
HadoopYARN HTTP |
Tags |
HTTP Download and Allow Execution IDS - Web Application Attack Inbound HTTP Request Outgoing Connection Download and Execute Download File HadoopYARN Access Suspicious Domain Malicious File |
Associated Attack Servers |
52.168.135.83 89.46.223.227 13.94.211.122 174.138.54.190 52.232.27.116 52.166.20.128 40.76.78.149 40.121.81.249 13.68.208.174 52.170.101.192 104.46.40.157 52.178.117.81 52.165.235.77 40.69.190.235 40.117.196.246 52.170.96.50 40.68.31.228 40.117.44.182 52.174.36.73 52.176.107.216 |
IP Address |
174.138.63.166 |
|
Domain |
- |
|
ISP |
Digital Ocean |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Guardicore Centra |
2018-12-09 |
Last seen in Guardicore Centra |
2019-01-21 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
Process /usr/bin/wget generated outgoing network traffic to: 89.46.223.227:80 |
Outgoing Connection |
Process /usr/bin/wget attempted to access suspicious domains: pillsonline.eu |
Access Suspicious Domain Outgoing Connection |
IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body |
IDS - Web Application Attack |
The file /tmp/triosec.x86 was downloaded and executed |
Download and Execute |
Connection was closed due to user inactivity |
|
/tmp/triosec.x86 was identified as malicious by YARA according to rules: Suspicious Strings and 000 Common Rules |
Malicious File |
/tmp/triosec.x86 |
SHA256: 5c26b1c1daa861cda31a2613a7e34af55e9311c8389ce0bcc98e396eca2f3467 |
123241 bytes |
IP Address: 174.138.63.166Previously Malicious