IP Address: 51.89.100.102Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
51.89.100.102​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker, Connect-Back, Scanner

Services Targeted

SSH

Tags

SSH 1 Shell Commands Access Suspicious Domain Successful SSH Login Outgoing Connection Download Operation Executable File Modification

Associated Attack Servers

ip-54-37-192.eu ip-51-89-115.eu tier.ro ip-51-89-52.eu ip-51-89-100.eu ip-92-222-121.eu kekshost.com

51.89.115.82 51.89.52.10 92.55.147.42 54.37.192.210 92.222.121.154 46.4.31.115

Basic Information

IP Address

51.89.100.102

Domain

-

ISP

OVH SAS

Country

France

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2019-12-05

Last seen in Guardicore Centra

2020-01-05

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

A user logged in using SSH with the following credentials: root / **** - Authentication policy: White List

Successful SSH Login

A possibly malicious Download Operation was detected 2 times

Download Operation

Process /usr/bin/wget generated outgoing network traffic to: 51.89.52.10:80

Outgoing Connection

Process /usr/bin/wget attempted to access suspicious domains: ip-51-89-52.eu

Access Suspicious Domain Outgoing Connection

Executable file /bin/hostname was modified

Executable File Modification

Executable file /bin/bzdiff was modified

Executable File Modification

Executable file /bin/lesspipe was modified

Executable File Modification

Executable file /bin/uname was modified

Executable File Modification

Executable file /bin/kill was modified

Executable File Modification

Executable file /bin/networkctl was modified

Executable File Modification

Executable file /bin/touch was modified

Executable File Modification

Executable file /bin/chgrp was modified

Executable File Modification

Executable file /bin/ln was modified

Executable File Modification

Executable file /bin/less was modified

Executable File Modification

Executable file /bin/ls was modified

Executable File Modification

Executable file /bin/bzcat was modified

Executable File Modification

Executable file /bin/tailf was modified

Executable File Modification

Executable file /bin/vdir was modified

Executable File Modification

Executable file /bin/df was modified

Executable File Modification

Executable file /bin/dd was modified

Executable File Modification

Executable file /bin/lesskey was modified

Executable File Modification

Executable file /bin/cpio was modified

Executable File Modification

Executable file /bin/systemctl was modified

Executable File Modification

Executable file /bin/grep was modified

Executable File Modification

Executable file /bin/bzexe was modified

Executable File Modification

Executable file /bin/findmnt was modified

Executable File Modification

Executable file /bin/zcmp was modified

Executable File Modification

Executable file /bin/umount was modified

Executable File Modification

Executable file /bin/lessecho was modified

Executable File Modification

Executable file /bin/sleep was modified

Executable File Modification

Executable file /bin/dir was modified

Executable File Modification

Executable file /bin/systemd-inhibit was modified

Executable File Modification

Executable file /bin/sync was modified

Executable File Modification

Executable file /bin/zforce was modified

Executable File Modification

Executable file /bin/mknod was modified

Executable File Modification

Executable file /bin/sed was modified

Executable File Modification

Executable file /bin/systemd-hwdb was modified

Executable File Modification

Executable file /bin/mountpoint was modified

Executable File Modification

Executable file /bin/znew was modified

Executable File Modification

Executable file /bin/mktemp was modified

Executable File Modification

Executable file /bin/kmod was modified

Executable File Modification

Executable file /bin/fgconsole was modified

Executable File Modification

Executable file /bin/uncompress was modified

Executable File Modification

Executable file /bin/loginctl was modified

Executable File Modification

Executable file /bin/chvt was modified

Executable File Modification

Executable file /bin/systemd-ask-password was modified

Executable File Modification

Executable file /bin/run-parts was modified

Executable File Modification

Executable file /bin/systemd-tmpfiles was modified

Executable File Modification

Executable file /bin/gzexe was modified

Executable File Modification

Executable file /bin/udevadm was modified

Executable File Modification

Executable file /bin/ping6 was modified

Executable File Modification

Executable file /bin/netstat was modified

Executable File Modification

Executable file /bin/journalctl was modified

Executable File Modification

Executable file /bin/bzmore was modified

Executable File Modification

Executable file /bin/zmore was modified

Executable File Modification

Executable file /bin/zdiff was modified

Executable File Modification

Executable file /bin/systemd-escape was modified

Executable File Modification

Executable file /bin/tempfile was modified

Executable File Modification

Executable file /bin/zegrep was modified

Executable File Modification

Executable file /bin/login was modified

Executable File Modification

Executable file /bin/whiptail was modified

Executable File Modification

Executable file /bin/lsblk was modified

Executable File Modification

Executable file /bin/chmod was modified

Executable File Modification

Executable file /bin/echo was modified

Executable File Modification

Executable file /bin/wdctl was modified

Executable File Modification

Executable file /bin/cp was modified

Executable File Modification

Executable file /bin/bzgrep was modified

Executable File Modification

Executable file /bin/mkdir was modified

Executable File Modification

Executable file /bin/kbd_mode was modified

Executable File Modification

Executable file /bin/mt-gnu was modified

Executable File Modification

Executable file /bin/fuser was modified

Executable File Modification

Executable file /bin/rmdir was modified

Executable File Modification

Executable file /bin/zless was modified

Executable File Modification

Executable file /bin/more was modified

Executable File Modification

Executable file /bin/openvt was modified

Executable File Modification

Executable file /bin/setupcon was modified

Executable File Modification

Executable file /bin/bunzip2 was modified

Executable File Modification

Executable file /bin/pwd was modified

Executable File Modification

Executable file /bin/true was modified

Executable File Modification

Executable file /bin/systemd-tty-ask-password-agent was modified

Executable File Modification

Executable file /bin/nc.openbsd was modified

Executable File Modification

Executable file /bin/zcat was modified

Executable File Modification

Executable file /bin/stty was modified

Executable File Modification

Executable file /bin/mount was modified

Executable File Modification

Executable file /bin/cat was modified

Executable File Modification

Executable file /bin/mv was modified

Executable File Modification

Executable file /bin/bzip2recover was modified

Executable File Modification

Executable file /bin/false was modified

Executable File Modification

Executable file /bin/tar was modified

Executable File Modification

Executable file /bin/ip was modified

Executable File Modification

Executable file /bin/ps was modified

Executable File Modification

Executable file /bin/dash was modified

Executable File Modification

Executable file /bin/setfont was modified

Executable File Modification

Executable file /bin/systemd-machine-id-setup was modified

Executable File Modification

Executable file /bin/bzip2 was modified

Executable File Modification

Executable file /bin/egrep was modified

Executable File Modification

Executable file /bin/dumpkeys was modified

Executable File Modification

Executable file /bin/ping was modified

Executable File Modification

Executable file /bin/zfgrep was modified

Executable File Modification

Executable file /bin/systemd-notify was modified

Executable File Modification

Executable file /bin/fgrep was modified

Executable File Modification

Executable file /bin/which was modified

Executable File Modification

Executable file /bin/readlink was modified

Executable File Modification

Executable file /bin/date was modified

Executable File Modification

Executable file /bin/gunzip was modified

Executable File Modification

Executable file /bin/loadkeys was modified

Executable File Modification

Executable file /bin/dmesg was modified

Executable File Modification

Executable file /bin/ss was modified

Executable File Modification

Executable file /bin/su was modified

Executable File Modification

Executable file /bin/zgrep was modified

Executable File Modification

Executable file /bin/chown was modified

Executable File Modification

Executable file /bin/unicode_start was modified

Executable File Modification

Executable file /bin/gzip was modified

Executable File Modification

Connection was closed due to user inactivity

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 51.89.100.102​Previously Malicious