threatintelligence.guardicore.com Open in urlscan Pro
34.95.107.128 Public Scan

Back to summary

URL:
https://threatintelligence.guardicore.com/
Submission: On February 01 via api (February 1st 2022, 4:13:25 pm UTC) from US — Scanned from DE

Form analysis
1 forms found in the DOM

<form onsubmit="return false;" class="search">
  <input type="search" name="search" placeholder="Search IP or Domain" class="search-field">
  <input type="submit" value="" class="search-btn" onclick="searchPage()">
</form>

Text Content

WANT TO KNOW MORE?

Check out our blog post about Guardicore Cyber Threat Intelligence

Week Time

GUARDICORE.COM

CAREERS

INFECTION MONKEY

BLOG

GUARDICORE LABS

GUARDICORE CENTRA

CYBER THREAT INTELLIGENCE

DISCOVER MALICIOUS IPS AND DOMAINS WITH GUARDICORE CYBER THREAT FEED

LAST WEEK

Jan 23 2022 - Jan 30 2022

DOWNLOAD FEED

TOP ATTACKERS

This chart lists the top ten attacking IP addresses observed by GuardiCore
sensors around the world.

The attackers coming from these IPs use penetration techniques such as brute
force password guessing and exploiting known and unknown (zero day)
vulnerabilities. Once the machine has been compromised, these attackers execute
a wide range of attack tools to establish their control over the victim machine
and attempt to further propagate across the network.

TOP ATTACKERS

Created with Highcharts 6.1.1Number of AttacksTop Ten AttackersChart portrays
the top ten attackers we observed over GGSNTime Frame:
2022-01-23,2022-01-305006007008009001k2k
212.193.30.137207.180.238.8138.68.109.14943.155.111.10996.69.13.14082.156.46.187161.35.236.2445.9.150.113104.211.77.31157.230.40.119

TOP ATTACKED SERVICES BY PORT

This chart presents the services that are most often attacked over the internet.
This helps detect new malware outbreaks in their early stages (e.g. WannaCry) by
identifying a dramatic surge in the number of attacks targeting a specific
service.

TOP ATTACKED SERVICES BY PORT

Created with Highcharts 6.1.1Port NumberNumber of ScansPorts DistributionChart
portrays the top ten most active scanners detected over GGSNTime Frame:
2022-01-23,2022-01-30374K374K67672280101001k10k100k1M

TOP MALICIOUS DOMAINS

This table lists the top malicious domains attackers currently use. Attackers
use domains rather than hard coding IP addresses to allow them to constantly
shift infrastructure. These domains usually serve as file servers to download
post-breach tools, C&C servers to control the different attack tools, and
logging servers to send data from the victim machines.

TOP MALICIOUS DOMAINS

xmr.crypto-pool.frponeytelecom.euusapyonsoft.jp

TOP MALICIOUS IPS

This table list the top IPs attackers connect to after breaching a server. These
machines usually serve as file servers to download post-breach tools (e.g.
Remote Administration Tools (RAT) network and vulnerability scanners, exploit
and cryptocurrency tools ), C&C servers to control the different attack tools,
and logging servers to send data from the victim machines.

TOP MALICIOUS IPS

157.245.41.7745.9.148.99142.93.127.16104.236.182.223

TOP SCANNERS

This chart lists the most active scanners. Scanners are machines that access one
or more services across one or more subnets monitored by GuardiCore sensors
without performing attacks. The attackers run scanners to locate vulnerable
services that can fit their exploitation methods (e.g. bad configuration,
out-of-date software).

TOP SCANNERS

Created with Highcharts 6.1.1Number of ScansTop Ten Active ScannersChart
portrays the top ten most active scanners detected over GGSNTime Range:
2022-01-23,2022-01-301.5k2k2.5k3k3.5k4k4.5k5k5.5k
46.19.139.18195.3.147.47193.105.134.4561.177.173.331.7.57.130222.186.42.7218.93.208.150222.187.232.10222.186.31.166222.186.180.130

SCRIPT VS. HUMAN

This chart shows the percentage of human attacks within the overall attacks.
Attacks operated by humans (as opposed to automated attack scripts) may suggest
an insider threat or a more skillful external actor. These attackers don’t
usually aim for crypto mining, traffic monetization or DDOS botnet creation.
Instead, once access has been gained, they try to move laterally across the
organization to steal confidential information, shut down activity for long
periods of time, etc...

SCRIPT VS. HUMAN

Created with Highcharts 6.1.1Script vs. HumanDistribution of script-based
attacks vs. human-based attacks between: 2022-01-23,2022-01-30ScriptHuman

OOPS! - DO YOU SEE YOUR IP HERE? CONTACT US AT LABS@GUARDICORE.COM TO REMOVE IT
FROM THE THREAT INTELLIGENCE DATA.

ABOUT GUARDICORE CYBER THREAT INTELLIGENCE

The Guardicore Cyber Threat Intelligence service offers unique information on
malicious Internet assets - IP addresses and domains - detected by Guardicore.
Threat information is based on three main resources: Guardicore Global Sensors
Network (GGSN), Guardicore Reputation Services, and the insights of the
Guardicore Labs team.

Sensors
80

IOC Types
80

Scanners
80

Attackers

VISIT OUR RESEARCH LABS

GUARDICORE LABS

GUARDICORE GLOBAL

SENSORS NETWORK (GGSN)

A network of deception servers installed in multiple data centers around the
world, streaming early threat information to Guardicore Labs for attack
identification and analysis.

OUR RESOURCES

GUARDICORE REPUTATION

ANALYSIS (GRA)

A cloud-based service that identifies indicators of compromise (IoCs) based on
the presence of suspicious domain names, IP addresses, and file hashes
associated with known malicious activity.

GUARDICORE

LABS

Guardicore’s global research team is comprised of leading cyber security experts
whose mission is to provide analysis, insights and response methodologies to the
latest cyber threats.

WANT MORE?

If you have questions or comments about this threat data or want to learn more,
contact our security experts.

labs@guardicore.com

HomeProductUse CasesPartnersCompanyResourcesBlogSupportNews & PressContact
UsCustomer PortalTerm Of UsePrivacy PolicyLabs