IP Address: 64.137.213.109Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
64.137.213.109​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker

Services Targeted

HTTP

Tags

HTTP Outgoing Connection IDS - Potential Corporate Privacy Violation Malicious File Inbound HTTP Request

Connect Back Servers

aruba.it

94.177.187.194 13.93.93.231 52.176.49.221 13.81.60.184 13.82.52.9 104.46.40.157

Basic Information

IP Address

64.137.213.109

Domain

-

ISP

KW Datacenter

Country

Canada

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2017-01-06

Last seen in Guardicore Centra

2017-01-11

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

IDS detected Potential Corporate Privacy Violation : Unsupported/Fake Internet Explorer Version MSIE 5.

IDS - Potential Corporate Privacy Violation

An inbound HTTP request was made to http://52.176.49.221/php/phpmyadmin/scripts/setup.php

Inbound HTTP Request

Process /usr/local/apache2/bin/httpd generated outgoing network traffic to: aruba.it:21

Outgoing Connection

An inbound HTTP request was made to http://52.176.49.221/pma/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.176.49.221/mysqladmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.176.49.221/cpphpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.176.49.221/php-my-admin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.176.49.221/phpadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.176.49.221/cpanelphpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.176.49.221/forum/phpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.176.49.221/phpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.176.49.221/mysql/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.176.49.221/db/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.176.49.221/_phpmyadmin/scripts/setup.php

Inbound HTTP Request

An inbound HTTP request was made to http://52.176.49.221/admin/scripts/setup.php

Inbound HTTP Request

/tmp/sess_a9a7d759e846e5365ba493e8d1060f95e4b21cf5 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_f90ff87fe39e9f809211ea0ccfd532b6b23e03f6 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_4c92049cb647b1134aaafbdc1e19abd1441e2edf was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_cc4be6bbb36f5d2c3b0cc22aa65a5fc508b2b08d was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_d2352941c29f667a6850e9d15d0b162a072d0314 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_228dfe65186c19391a75e9716cb8170d63929669 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_90ea69e6e39fed9ed7eaa96fa70f9fb82af0a6b6 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_38fbff2cdb90b30085cd038d89df5d3a4222a981 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_8baec09999eff5fb12e415f0fa1d4ac33c7362c2 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_d109c82faae9d3425eb8d196e082649f1e855547 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_b3cb5566eedca29dc55558eba89785335ce0dee3 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_f2af24b91171e19ef976d701a55dc1066e9b3aa3 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_79482e57614a7521264afb2e2b63c7a9b2f0edc4 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_7921adf53590a25da09f8e90d0beb778b3e4704e was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_028146b7ad3056e43b6bed6155a4e867973d2a80 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_7c2806f67d8a5d56c3fd9ce52a7ef31d6452ab02 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_6c45797def180886189a1f6941b8b361feb96b7b was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_1d86e7738296f726dcaaea2982531add807e2ac2 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_9616e4185e86476530cba41ca45b8a86bb523150 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_55544fa849667812b95efe4ea3fe126705215e49 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_6890cf4fa23425e77cb7cbe66650dea50d0cf644 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_c40f1e36753b76e79d39655b290a329822fbff30 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_41b5557019ef54e1cea655c4fa4d9f3daf52965a was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

/tmp/sess_d52398fb5a8c100e4adb8624e687df911012f3a9 was identified as malicious by YARA according to rules: Url, Crypto Signatures and Crypto Index

Malicious File

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 64.137.213.109​Previously Malicious