IP Address: Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information


Attacker, Scanner

Services Targeted



Download File SCP Access Suspicious Domain Port 443 Scan 9 Shell Commands Download and Execute Listening SSH Successful SSH Login Port 9001 Scan Outgoing Connection

Associated Attack Servers

ip-pool.com 0x86.net 4711.se mit.edu lmco62zvt7fnezd5.onion.cab startdedicated.de server4you.de pep-security.net mdfnet.se tqz3y4w3eq4wi2ay.onion.to xphkxaiz233pjoto.onion.to

Basic Information

IP Address




Quintex Alliance Consulting


United States


Created Date


Updated Date




First seen in Guardicore Centra


Last seen in Guardicore Centra


What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List

Successful SSH Login

The file /tmp/stcp was downloaded and executed 7 times

Download and Execute

The file /tmp/tcp was downloaded and executed

Download and Execute

Process /tmp/tcp started listening on ports: 6666


Process /tmp/tcp generated outgoing network traffic to:,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, and

Outgoing Connection

Process /tmp/tcp scanned port 443 on 14 IP Addresses

Port 443 Scan Port 9001 Scan

Process /tmp/tcp scanned port 443 on 24 IP Addresses

Port 443 Scan Port 9001 Scan

Process /tmp/tcp scanned port 9001 on 24 IP Addresses

Port 443 Scan Port 9001 Scan

Process /tmp/tcp scanned port 9001 on 14 IP Addresses

Port 443 Scan Port 9001 Scan

Process /tmp/tcp attempted to access suspicious domains: ip-pool.com, pep-security.net, 0x86.net, 4711.se and mdfnet.se

Access Suspicious Domain Outgoing Connection

Connection was closed due to timeout

Associated Files


SHA256: 35eb176f25a027436b253ef6268617df0b551083251bedc096ca7c8ccefb1ce8

4390176 bytes


SHA256: b1834cb9847ce03f6b087249dccab32cd58022dc9424a6de58c0196dd9c0a49e

6263064 bytes


SHA256: ef3b88501cf2afe7e6f28eff55565161013f9aca212fa1fab6801dffaa3ea852

4406080 bytes


SHA256: fed6989da1abc07c20e66d1c182ee9916c6ebfe6286f795ffa9ce8b72988872a

4390176 bytes


SHA256: bd894efdc0b744cc047709c3c1bb781bf7b0644e42789846c22045f85f2b17da

4390176 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address:​Previously Malicious