IP Address: 216.218.222.11Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
216.218.222.11​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker

Services Targeted

SSH

Tags

DNS Query Port 22 Scan Download and Execute Outgoing Connection SSH Successful SSH Login 2 Shell Commands SFTP

Connect Back Servers

gmpsfqrlquaokfl5.onion.cab tqz3y4w3eq4wi2ay.onion.link zhtwwpqt6ci62n5o.onion.nu 6ppk2oii4hsweqb7.onion.cab qcuifb2klqqkwc5q.onion.link startdedicated.de zlha65umg7qmprg6.onion.link igxhhnue75hvk5yc.onion.cab 6ppk2oii4hsweqb7.onion.link gmpsfqrlquaokfl5.onion.to hukot.net igxhhnue75hvk5yc.onion.link qcuifb2klqqkwc5q.onion.cab zhtwwpqt6ci62n5o.onion.link 6ppk2oii4hsweqb7.onion.to w4gfzjunvynjhpj6.onion.link

188.213.49.65 62.138.11.6 46.36.37.82 192.36.27.5 103.198.0.2 185.100.85.150

Basic Information

IP Address

216.218.222.11

Domain

-

ISP

Hurricane Electric

Country

United States

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2017-06-19

Last seen in Guardicore Centra

2017-09-22

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List

Successful SSH Login

The file /tmp/se3Q70pX2 was downloaded and executed 2 times

Download and Execute

Process /tmp/se3Q70pX2 generated outgoing network traffic to: 116.57.124.104:22, 102.122.143.42:22, 102.209.76.2:22, 165.222.49.64:22, 167.174.91.243:22, 184.52.131.204:22, 157.65.0.29:22, 164.159.215.57:22, 139.166.15.191:22, 197.67.113.79:22, 27.222.43.61:22, 76.34.209.192:22, 196.3.136.118:22, 103.52.24.98:22, 162.96.133.231:22, 4.244.168.204:22, 66.159.48.96:22, 193.207.159.61:22, 145.50.16.216:22, 34.60.170.3:22, 204.176.249.248:22, 149.216.105.82:22, 203.115.150.39:22, 25.199.220.30:22, 207.93.164.49:22, 98.205.19.106:22, 98.118.227.204:22, 57.112.35.18:22, 36.105.76.185:22, 186.109.203.163:22, 209.147.93.8:22, 138.2.101.90:22, 191.104.155.250:22, 164.172.125.56:22, 83.200.67.32:22, 181.48.35.126:22, 195.93.67.167:22, 109.178.163.182:22, 162.93.196.83:22, 213.30.29.221:22, 188.97.53.8:22, 166.107.69.156:22, 4.227.204.169:22, 175.113.191.15:22, 186.104.216.240:22, 117.91.207.223:22, 103.198.0.2:80, 81.61.41.162:22, 144.89.151.148:22, 134.239.240.74:22, 24.208.140.15:22, 85.110.7.148:22, 181.36.239.246:22, 14.138.180.32:22, 187.17.250.247:22, 65.225.197.196:22, 204.154.5.106:22, 81.44.128.236:22, 95.227.43.156:22, 64.56.244.89:22, 14.189.103.112:22, 85.196.126.123:22, 47.53.9.89:22, 159.210.60.189:22, 207.135.154.233:22, 121.112.147.37:22, 97.142.138.38:22, 35.67.48.209:22, 136.228.41.253:22, 95.186.188.46:22, 210.80.107.205:22, 222.186.66.204:22, 115.185.212.210:22, 102.52.94.148:22, 41.143.165.252:22, 218.245.113.91:22, 153.57.196.82:22, 62.59.60.225:22, 123.93.79.239:22, 213.212.119.162:22, 111.96.7.21:22, 1.131.205.104:22, 56.58.126.52:22, 80.0.188.27:22, 14.223.39.230:22, 38.138.241.216:22, 51.238.137.181:22, 216.132.101.203:22, 221.64.219.99:22, 167.178.220.185:22, 98.134.203.202:22, 80.34.183.75:22, 146.22.79.153:22, 40.136.25.185:22, 113.102.109.154:22, 210.30.201.234:22, 101.117.101.154:22, 86.12.152.211:22, 19.85.161.68:22 and 4.159.221.7:22

Outgoing Connection

Process /tmp/se3Q70pX2 scanned port 22 on 99 IP Addresses

Port 22 Scan

Associated Files

/tmp/4WQYOZwkbHwR23N

SHA256: c2d779e3af5fb536116eaf529f448e2cbbd5462914089cee52de5ee291cd753e

4390176 bytes

/tmp/r9MAa0jfZD8rR

SHA256: bb8b611d3074b15a9fbe9967c0dd46346cd9f815bae60b3d92678afdd428064e

4390176 bytes

/tmp/cqjzSiU73By

SHA256: e62105ab36579f0e55c397d63f757e6a4320e6c7713ccbdfff883e9f53ffdebf

4390176 bytes

/tmp/DFxVFwauOgIk

SHA256: 118bcc73f2b740392af9729382f348b5d85f497424f1523c3d14b1cc57d75985

4390176 bytes

/tmp/4jNkVBzzYG0J1

SHA256: 51e737ad7ab0b48d35742f69cf2768579737af1766db9592fc883799d6d01d4f

4390176 bytes

/tmp/wTDo8tMptjJDlh

SHA256: 957bf53bc91efd4bc60c775acf5e0377f1f5ff819d818747d084f0832a140f40

4390176 bytes

/tmp/3OjDwN9995

SHA256: e83e31dc4668df3f5579d0378f7dce17f6fae85a261b05912803348f5cbf0dfe

4390176 bytes

/tmp/ocGzBRDwKZiix

SHA256: 345114c108b25fddf72e14bac383a8a989e0a4e46f7555a50deb931845ee2b8d

4390176 bytes

/tmp/se3Q70pX2

SHA256: 6e686307dd1174ce84d2083c0818e01f651acf95bd189172b158a1f88cbf432c

4390176 bytes

/tmp/thRwk1fopqdqz

SHA256: 93dfe5972eef0062814a3a54461876e15f6dc5cfc1833b4ca5804ef7baeaf4b9

4390176 bytes

/tmp/vQPbEk9QUG2WV

SHA256: b1dc61633ecf6bb9e5e67e8edab0eda14c0892fae084f1c8f130d4fe3bc7709d

4390176 bytes

/tmp/mhrHHPKOD

SHA256: 9ea0f4c0175997f99bf4def49e4a625371051bb542f0e8e949f4535865c36674

4390176 bytes

/tmp/4WQYOZwkbHwR23N

SHA256: 20682c6a79c57eeef7afd6ed836d2dd9bd146c9e4a4e19532d54922baab5c66d

4390176 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 216.218.222.11​Previously Malicious