tunnel over ssh

Question

I think I have some shape of security incident somebody looks to be tunneling on my machine from an IP address in china 221.131.165.56

azureuser@www :~$ netstat -na | grep 80
tcp 0 1080 10.0.0.4:22 221.131.165.56:23755 ESTABLISHED
tcp6 0 0 :::80 :::* LISTEN

my apache went down somehow (I don't know when) but looks today
and from the apache access logs attached it seems that they tried a couple of hacks.

Can you run an investigation on this and see what is going on ?
I did not touched much to try to understand what is going on.

The strange thing is that this afternoon (around 14) I received a call from sbdy that stated that he belongs to microsoft azure getting started team etc. and that they wanted to have a chat

phone number is +31 20 500 1500

Tomorrow we booked sometime for him to phone back cause today I was busy.
is this normal procedure and how I can check if this is a genuine microsoft guy ?

103141-access.log

Answer 1

@flyredeagle
Thank you for the detailed post and for your updates!

When it comes to Microsoft reaching out to you via phone call, if you've never opened a support request or had any reason for us to reach out, then from my experience, this wouldn't be normal procedure. However, from your issue description, I believe this should definitely be looked at by our support team so they can take a closer look into your environment and issue.

If you have any other questions, please let me know.
Thank you for your time and patience throughout this issue.

----------

Please remember to "Accept Answer" if any answer/reply helped, so that others in the community facing similar issues can easily find the solution.