IP Address: 81.70.93.65Previously Malicious
IP Address: 81.70.93.65Previously Malicious
This IP address attempted an attack on a machine in our threat sensors network
Role |
Attacker, Connect-Back, Scanner |
Services Targeted |
SCP SSH |
Tags |
Superuser Operation SCP Download and Execute Successful SSH Login SSH Download File Download and Allow Execution |
Associated Attack Servers |
IP Address |
81.70.93.65 |
|
Domain |
- |
|
ISP |
Tencent Cloud Computing (Beijing) Co. |
|
Country |
China |
|
WHOIS |
Created Date |
- |
Updated Date |
- |
|
Organization |
- |
First seen in Akamai Guardicore Segmentation |
2021-12-27 |
Last seen in Akamai Guardicore Segmentation |
2022-03-08 |
What is Akamai Guardicore SegmentationAkamai Guardicore Segmentation is a data center and cloud security solution that protects the organization's core assets, using flexible, quickly deployed and easy to understand micro-segmentation controls. Akamai Guardicore Segmentation generates in-context security incidents, with details on attacker tools and techniques, that help IR teams prioritize incident investigation and reduce dwell time. Learn More
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: White List |
Successful SSH Login |
./ifconfig was downloaded |
Download File |
A user logged in using SSH with the following credentials: root / ****** - Authentication policy: Correct Password |
Successful SSH Login |
A possibly malicious Superuser Operation was detected 2 times |
Superuser Operation |
The file /root/ifconfig was downloaded and executed 6 times |
Download and Execute |
The file /root/apache2 was downloaded and executed 184 times |
Download and Execute |
Process /root/apache2 scanned port 22 on 49 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/apache2 scanned port 22 on 40 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/apache2 scanned port 2222 on 49 IP Addresses |
Port 22 Scan Port 2222 Scan |
Process /root/apache2 started listening on ports: 1234 and 8086 |
Listening |
Process /root/apache2 generated outgoing network traffic to: 1.94.96.209:22, 100.69.157.249:22, 101.100.33.242:22, 102.68.174.239:22, 102.93.29.154:22, 106.69.15.103:2222, 110.114.217.147:2222, 113.21.13.43:2222, 116.68.12.94:2222, 120.85.169.21:22, 123.217.67.110:22, 125.244.143.235:22, 137.136.54.22:22, 138.127.68.249:22, 14.66.28.54:2222, 141.112.75.141:2222, 147.69.151.247:2222, 149.109.220.157:2222, 154.81.162.149:2222, 157.191.196.156:22, 157.245.23.55:22, 158.110.100.167:22, 158.182.72.11:22, 159.166.173.210:22, 159.189.183.67:2222, 161.80.236.84:22, 164.224.197.69:22, 165.132.163.152:2222, 165.83.14.168:2222, 166.2.230.173:22, 166.2.230.173:2222, 172.237.14.251:2222, 173.202.126.126:2222, 174.120.61.171:22, 176.104.33.146:22, 181.26.82.227:2222, 183.144.71.41:2222, 183.84.88.103:2222, 186.47.158.186:22, 187.106.129.97:2222, 19.124.114.114:2222, 19.26.41.158:2222, 194.236.94.41:22, 196.166.18.250:2222, 2.213.210.62:2222, 200.142.134.160:22, 200.173.3.13:22, 201.194.237.198:22, 203.119.29.145:22, 204.52.210.152:22, 205.124.187.10:22, 206.48.238.93:2222, 21.177.93.135:22, 214.156.230.43:22, 215.215.191.177:22, 215.55.196.239:2222, 216.66.148.222:2222, 217.239.109.43:2222, 218.134.249.63:22, 218.226.132.3:22, 22.89.161.69:22, 221.75.173.50:2222, 23.192.47.127:22, 246.17.243.199:2222, 248.148.115.81:22, 25.81.162.117:2222, 250.196.105.156:22, 27.71.180.5:2222, 36.40.59.64:22, 39.46.36.136:22, 40.186.190.195:22, 44.165.91.8:22, 46.53.101.179:22, 51.232.30.106:22, 54.224.47.100:22, 69.205.13.235:22, 70.134.143.31:2222, 73.233.215.125:2222, 76.213.193.34:22, 76.52.86.21:2222, 78.9.239.64:2222, 79.16.76.61:22, 80.83.167.177:2222, 86.141.215.253:2222, 89.190.46.24:2222, 91.98.117.27:2222, 95.174.225.128:2222 and 95.240.181.26:22 |
|
Process /root/apache2 scanned port 2222 on 40 IP Addresses |
Port 22 Scan Port 2222 Scan |
The file /usr/bin/uptime was downloaded and executed |
Download and Execute |
The file /usr/bin/free was downloaded and executed |
Download and Execute |
The file /bin/bash was downloaded and executed |
Download and Execute |
Connection was closed due to timeout |
|