IP Address: 81.70.94.80Previously Malicious
IP Address: 81.70.94.80Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
IP Address |
81.70.94.80 |
|
Domain |
- |
|
ISP |
Tencent Cloud Computing (Beijing) Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2022-03-01 |
Last seen in Akamai Guardicore Segmentation |
2022-04-11 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
/dev/shm/ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
Process /dev/shm/apache2 generated outgoing network traffic to: 1.15.13.216:1234, 104.21.25.86:443, 106.75.109.253:1234, 109.44.99.9:2222, 113.249.21.71:80, 113.249.21.71:8080, 124.115.231.214:1234, 125.182.76.28:80, 125.182.76.28:8080, 129.152.6.35:1234, 131.246.58.12:80, 131.246.58.12:8080, 143.23.168.211:80, 143.23.168.211:8080, 146.225.23.142:22, 147.34.146.105:2222, 152.251.214.106:80, 152.251.214.106:8080, 158.108.98.82:2222, 158.142.233.151:80, 158.142.233.151:8080, 161.13.22.25:80, 161.13.22.25:8080, 162.14.68.185:1234, 166.117.83.113:80, 166.117.83.113:8080, 166.73.1.216:2222, 168.242.57.239:80, 168.242.57.239:8080, 170.148.93.137:80, 170.148.93.137:8080, 170.190.22.182:22, 172.67.133.228:443, 172.73.75.201:80, 172.73.75.201:8080, 173.124.197.230:80, 173.124.197.230:8080, 175.84.77.39:2222, 179.92.167.70:2222, 185.205.95.104:80, 185.205.95.104:8080, 185.78.102.99:80, 185.78.102.99:8080, 190.103.139.159:80, 190.103.139.159:8080, 190.166.186.120:80, 190.166.186.120:8080, 195.25.125.209:80, 195.25.125.209:8080, 199.220.156.77:2222, 202.157.138.46:2222, 205.124.36.124:80, 205.124.36.124:8080, 207.224.230.181:80, 207.224.230.181:8080, 210.99.20.194:1234, 212.14.24.91:22, 212.31.26.222:80, 212.31.26.222:8080, 214.196.58.40:80, 214.196.58.40:8080, 217.56.51.209:80, 217.56.51.209:8080, 223.162.57.21:80, 223.162.57.21:8080, 251.177.62.251:22, 30.197.173.140:80, 30.197.173.140:8080, 31.118.108.151:80, 31.118.108.151:8080, 33.184.78.243:2222, 34.191.253.64:80, 34.191.253.64:8080, 51.75.146.174:443, 54.198.38.172:2222, 55.143.205.197:80, 55.143.205.197:8080, 61.111.20.93:2222, 63.81.235.235:80, 63.81.235.235:8080, 70.10.190.252:80, 70.10.190.252:8080, 72.38.2.193:80, 72.38.2.193:8080, 75.1.130.3:80, 75.1.130.3:8080, 81.70.94.80:1234, 88.110.244.215:22, 89.192.187.23:80 and 89.192.187.23:8080 |
Outgoing Connection |
Process /dev/shm/apache2 started listening on ports: 1234, 8080 and 8188 |
Listening |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 80 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 2222 on 32 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 scanned port 8080 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Process /dev/shm/apache2 attempted to access suspicious domains: as9105.com, az1am5.shop and zut.edu.pl |
Access Suspicious Domain Outgoing Connection |
Process /dev/shm/apache2 scanned port 2222 on 11 IP Addresses |
Port 2222 Scan Port 80 Scan Port 8080 Scan |
Connection was closed due to timeout |
|