IP Address: 204.48.28.11Previously Malicious
Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network
IP Address:
204.48.28.11
Previously Malicious
This IP address attempted an attack on a machine protected by Guardicore Centra
Role |
Attacker, Scanner |
Services Targeted |
HadoopYARN |
Tags |
HTTP HadoopYARN Malicious File IDS - Web Application Attack Outgoing Connection Download and Allow Execution Download and Execute Download File Inbound HTTP Request |
Associated Attack Servers |
23.101.137.184 52.168.135.83 40.71.214.242 52.232.27.167 13.92.132.27 13.82.183.3 13.81.222.239 13.73.160.230 194.147.32.102 52.168.169.156 13.82.51.31 13.90.97.22 13.82.52.118 13.92.238.45 13.90.100.161 52.166.206.33 40.121.136.37 142.93.175.212 13.73.167.164 |
IP Address |
204.48.28.11 |
|
Domain |
- |
|
ISP |
Digital Ocean |
|
Country |
United States |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Guardicore Centra |
2018-12-02 |
Last seen in Guardicore Centra |
2018-12-22 |
What is Guardicore CentraGuardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
Process /usr/bin/wget generated outgoing network traffic to: 142.93.175.212:80 |
Outgoing Connection |
The file /tmp/mysql.sock.lock was downloaded and granted execution privileges |
|
The file /tmp/bash was downloaded and executed 3 times |
Download and Execute |
Process /tmp/bash generated outgoing network traffic to: 142.93.175.212:23 |
Outgoing Connection |
IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body |
IDS - Web Application Attack |
Connection was closed due to user inactivity |
|
/tmp/bash was identified as malicious by YARA according to rules: 000 Common Rules |
Malicious File |
/tmp/bash |
SHA256: c83e35234f1e2ce41ebbb7f9fe2b3e9f155eb982998f37323dce32d336b52975 |
85604 bytes |
/tmp/bash.1 |
SHA256: 137b30f3bad6c4483fd90535b398b338b4af8a1c28f72c04b9554348885033de |
85604 bytes |
/tmp/bash |
SHA256: 6be27aea7723ac722223097cc36f88338dbc588c813e9c77e946689ed5c2ea12 |
1053 bytes |
IP Address: 204.48.28.11Previously Malicious