Cyber threat intelligence Report

Malware Activity Investigation: IP Address 20.217.217.224

Prepared by : Vijaykumar Prajapati

Field of work : Cyber Security Researcher

Table of contents :

1. Executive Summary

2. Detection and Findings

3. Indicators of Compromise (IOCs)

4. Detailed Analysis

5. Recommendations

6. Prevention Measures

7. Conclusion
Threat Report: Analysis of IP Address 20.117.117.224

1.Executive Summary

This report analyzes the threat posed by IP address 20.117.117.224, associated with the URL
https://locker-points.com/index.php. The IP address has been identified as malicious by multiple
security vendors, primarily flagged for phishing and malicious activity. Immediate action is required to
mitigate the potential risks associated with this IP address.

The image shows a table of security vendors that have flagged an IP address (20.117.117.224) for
phishing and malicious activities. Here's a summary:

1.1Phishing Detection:

Multiple vendors, including alphaMountain.ai, BitDefender, ESET, Gridinsoft, Phishtank, SOCRadar,

Sophos, Trustwave, VIPRE, and others, flagged the IP as Phishing.

1.2Malicious Activity:

Some vendors, such as Cluster25, CyRadar, and SecLookup, identified the IP as Malicious.

This indicates that the IP address is highly suspicious and likely involved in malicious or phishing
activities based on analyses from various security tools. Proceed with caution when interacting with
resources associated with this IP.
2.Detection and Findings

• Threat Category: Phishing and Malicious Activity

• Community Reports:

o Multiple security vendors have flagged the IP address as malicious.

o The website associated with the IP address has been reported as a phishing site.

• Key Relations:

o The IP address is associated with the domain locker-points.com, which is known for
hosting phishing and malware distribution sites.

3.Indicators of Compromise (IOCs)

• IP Address: 20.117.117.224

• Domain: locker-points.com

• URL: https://locker-points.com/index.php

4.Detailed Analysis

Behavioral Insights

Based on the available information, the IP address 20.117.117.224 is likely involved in the following
activities:

• Phishing Attacks: The associated website is designed to trick users into revealing sensitive
information, such as login credentials or financial details.

• Malware Distribution: The website may host malicious files, such as malware installers or
exploit kits, which can compromise systems.

• Redirects to Malicious Websites: The website may redirect users to other malicious sites.

5.Recommendations
 5.1Immediate Mitigation Actions:

• Block the IP Address: Implement network security measures to block access to the IP address.

• Warn Users: Educate users about the phishing threat and advise them to avoid clicking on
suspicious links or downloading attachments from unknown sources.

• Scan Systems: Conduct a thorough scan of all systems for malware and other threats.

• Update Security Software: Ensure that all security software, including antivirus and anti-
malware solutions, is up-to-date.

5.2Long-term Strategies:

• Implement a Robust Email Security Solution: Deploy a robust email security solution with
advanced phishing protection capabilities.

• Conduct Regular Security Awareness Training: Educate employees about the latest phishing
techniques and social engineering tactics.

• Use Web Filtering: Implement web filtering to block access to malicious websites.

• Monitor Network Traffic: Continuously monitor network traffic for suspicious activity.

• Stay Updated: Keep up-to-date with the latest security threats and vulnerabilities.

6.Prevention Measures

Immediate Actions to Contain the Threat:

• Isolate Infected Systems: If any systems are infected, isolate them from the network to
prevent further spread.

• Perform Malware Removal: Remove any malware from infected systems.

• Restore from Backups: If necessary, restore infected systems from clean backups.

Strengthening Endpoint Security:

• Use Strong Passwords: Implement strong password policies and encourage the use of unique
passwords for each account.

• Enable Two-Factor Authentication: Enable two-factor authentication for all critical accounts.

• Keep Software Updated: Keep all software, including operating systems and applications, up-
to-date with the latest security patches.1

Enhancing Network Security:

• Implement a Firewall: Configure a firewall to block incoming and outgoing traffic from the
malicious IP address.

• Use Intrusion Detection Systems (IDS): Deploy an IDS to monitor network traffic for suspicious
activity.

• Segment the Network: Segment the network to limit the impact of a potential breach.

Proactive Monitoring and Threat Detection:

 • Use Security Information and Event Management (SIEM): Implement a SIEM solution to
monitor security events and identify anomalies.

• Conduct Regular Security Audits: Perform regular security audits to identify vulnerabilities
and weaknesses.

• Stay Informed: Stay informed about the latest security threats and trends.

Employee Awareness and Training:

• Regular Security Awareness Training: Conduct regular security awareness training to educate
employees about phishing attacks, social engineering tactics, and other cyber threats.

• Phishing Simulations: Conduct phishing simulations to test employees' awareness and

response skills.

• Encourage Reporting: Encourage employees to report any suspicious emails or websites.

Long-term Security Strategies:

• Adopt a Zero-Trust Security Model: Implement a zero-trust security model, which assumes
that all users and devices are potentially malicious.

• Use Advanced Threat Protection Solutions: Deploy advanced threat protection solutions to
detect and respond to sophisticated attacks.

• Regularly Review and Update Security Policies and Procedures: Regularly review and update
security policies and procedures to ensure they are effective.

Advanced Prevention Measures:

• Implement Behavioral Analytics: Use behavioral analytics to identify anomalous behavior and
potential threats.

• Use Artificial Intelligence and Machine Learning: Utilize AI and ML to automate threat
detection and response.

7.Conclusion

IP address 20.117.117.224 poses a significant threat to organizations. By following the

recommendations outlined in this report, organizations can effectively mitigate the risks associated
with this IP address and protect their systems and data. It is crucial to remain vigilant and stay informed
about the latest threats to ensure ongoing security.