IP Address: 80.211.11.13Previously Malicious

Weekly Summary

Browse or download a weekly review of our cyber threat intelligence data and gain more insight to help protect your network

Top Threats

Cyber Threat Intelligence

Discover Malicious IPs and Domains with Guardicore Cyber Threat Feed

IP Address:
80.211.11.13​
Previously Malicious

This IP address attempted an attack on a machine protected by Guardicore Centra

Threat Information

Role

Attacker

Services Targeted

HadoopYARN

Tags

HTTP HadoopYARN IDS - Web Application Attack Outgoing Connection Download and Allow Execution Download and Execute Access Suspicious Domain Download File Inbound HTTP Request

Connect Back Servers

aruba.it arubacloud.de

52.168.173.204 52.173.243.215 13.90.98.228 40.68.244.223 40.121.81.249 52.166.72.240 13.68.208.174 52.170.101.192 40.71.213.194 52.176.107.216 13.81.220.89 52.174.17.41 13.73.165.162 80.211.113.47 52.170.98.243 52.176.42.220 13.82.51.31 52.170.212.170 13.92.132.27 40.71.229.210 217.61.7.216 40.69.185.194 52.170.211.178 52.186.120.217 40.71.193.75 52.186.125.0 52.174.53.10 40.69.187.243 40.68.97.216 52.173.132.230

Basic Information

IP Address

80.211.11.13

Domain

-

ISP

Aruba S.p.A.

Country

Italy

WHOIS

Created Date

-

Updated Date

-

Organization

-

First seen in Guardicore Centra

2018-10-28

Last seen in Guardicore Centra

2018-11-04

What is Guardicore Centra
Guardicore Centra is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Centra generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More

Attack Flow

IDS detected Web Application Attack : 401TRG Generic Webshell Request - POST with wget in body

IDS - Web Application Attack

Process /usr/bin/wget generated outgoing network traffic to: 217.61.7.216:80

Outgoing Connection

Process /usr/bin/wget attempted to access suspicious domains: arubacloud.de

Access Suspicious Domain Outgoing Connection

The file /tmp/KHz.x86 was downloaded and executed 2 times

Download and Execute

Process /tmp/KHz.x86 generated outgoing network traffic to: 217.61.7.216:23145

Outgoing Connection

Process /tmp/KHz.x86 attempted to access suspicious domains: arubacloud.de

Access Suspicious Domain Outgoing Connection

Connection was closed due to user inactivity

Associated Files

/tmp/KHz.x86.1

SHA256: 1b57a19dc6814e2ce3728cd9181df4e9d18c21590d574f5446f2da281a1fab20

41560 bytes

/tmp/x86

SHA256: ec4ec32be1139d39e32d47d5490fee9917be1b4b5ab39a028b8c7eece3c42b4a

59288 bytes

Oops! - Do you see your IP here? Contact us at labs@guardicore.com to remove it from the Threat Intelligence data.

IP Address: 80.211.11.13​Previously Malicious