IP Address: 81.68.238.98Malicious
IP Address: 81.68.238.98Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
81.68.238.98 |
|
Domain |
- |
|
ISP |
Tencent Cloud Computing (Beijing) Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-29 |
Last seen in Akamai Guardicore Segmentation |
2023-05-24 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/tmp/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /tmp/apache2 scanned port 22 on 12 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
Process /tmp/apache2 scanned port 80 on 12 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
Process /tmp/apache2 scanned port 8080 on 12 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
Process /tmp/apache2 scanned port 22 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
Process /tmp/apache2 scanned port 22 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
The file /tmp/apache2 was downloaded and executed 153 times |
Download and Execute |
Process /tmp/apache2 generated outgoing network traffic to: 1.1.1.1:443, 100.207.245.107:22, 107.128.82.79:80, 107.128.82.79:8080, 107.208.248.100:2222, 107.230.72.134:80, 107.230.72.134:8080, 109.96.10.227:80, 109.96.10.227:8080, 112.4.243.36:80, 112.4.243.36:8080, 113.225.217.138:80, 113.225.217.138:8080, 116.203.32.249:80, 116.203.32.249:8080, 117.16.44.111:1234, 12.37.181.241:22, 122.14.222.124:1234, 129.229.176.243:22, 129.29.161.23:80, 129.29.161.23:8080, 130.65.24.70:22, 136.10.171.150:80, 136.10.171.150:8080, 144.217.5.204:1234, 149.20.61.138:22, 163.101.57.101:80, 163.101.57.101:8080, 17.212.200.39:2222, 172.232.168.144:22, 175.235.87.235:80, 175.235.87.235:8080, 177.1.141.172:80, 177.1.141.172:8080, 179.108.144.34:80, 179.108.144.34:8080, 181.165.70.81:80, 181.165.70.81:8080, 189.4.213.102:80, 189.4.213.102:8080, 192.51.34.109:80, 192.51.34.109:8080, 2.84.231.29:22, 201.240.228.169:22, 21.15.14.93:80, 21.15.14.93:8080, 21.180.62.79:22, 211.159.109.108:80, 211.159.109.108:8080, 211.161.90.158:1234, 216.110.18.40:80, 216.110.18.40:8080, 23.165.200.235:2222, 29.160.23.12:80, 29.160.23.12:8080, 3.58.45.20:80, 3.58.45.20:8080, 3.76.90.236:80, 3.76.90.236:8080, 33.156.56.41:80, 33.156.56.41:8080, 41.121.16.2:80, 41.121.16.2:8080, 45.11.19.163:1234, 51.94.42.193:80, 51.94.42.193:8080, 53.248.21.157:22, 54.149.92.166:80, 54.149.92.166:8080, 58.213.137.72:80, 58.213.137.72:8080, 58.221.116.178:1234, 60.211.52.200:80, 60.211.52.200:8080, 63.213.149.177:80, 63.213.149.177:8080, 66.189.116.233:2222, 66.22.156.250:80, 66.22.156.250:8080, 75.194.252.218:80, 75.194.252.218:8080, 77.195.232.208:80, 77.195.232.208:8080, 77.60.73.63:2222, 8.223.72.217:2222, 81.68.238.98:1234, 85.6.93.249:22, 93.205.201.111:80 and 93.205.201.111:8080 |
Outgoing Connection |
Process /tmp/apache2 started listening on ports: 1234, 8083 and 8182 |
Listening |
Process /tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
Process /tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
Process /tmp/apache2 scanned port 80 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
Process /tmp/apache2 scanned port 8080 on 32 IP Addresses |
Port 8080 Scan Port 22 Scan Port 80 Scan |
Process /tmp/apache2 attempted to access suspicious domains: kpn.net and sbcglobal.net |
Outgoing Connection Access Suspicious Domain |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed 14 times |
Download and Execute |
The file /tmp/php-fpm was downloaded and executed |
Download and Execute |
/var/tmp/ifconfig |
SHA256: 64cdfd97a3e22fde4245d682910b8c7b130ce93adda909f9cdd90f8c68d92fc1 |
2862704 bytes |