Abuse Message [AbuseID:847470:21]: AbuseNormalInfo: Your server 95.217.124.252 has been registered as an attack source

 Dear Provider,


 Im George Egri, the Co-Founder and CEO of BitNinja Server Security. Im writing to inform you that we have detected malicious requests from the IP 95.217.124.252 directed at our clients servers.


 As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients servers.


 Servers are increasingly exposed as the targets of botnet attacks and you might not be aware that your server is being used as a bot to send malicious attacks over the Internet.


 I’ve collected the 3 earliest logs below, and you can find the freshest 100, that may help you disinfect your server, under the link.
http://bitninja.io/incidentReport.php?details=b6bfabf1f2c285d803?utm_source=incident&utm_content=publicpage. The timezone is UTC +1:00.

 <pre style=’padding:10px 20px; background:#e6e6e6;margin-bottom:10px’>{
     «PORT HIT»: «95.217.124.252:54065-&gt;217.78.1.91:3128»,
     «MESSAGES»: «Array
                 (
                     [10:39:34] =&gt; POST http://work.a-poster.info:25000/ HTTP/1.1
                 Connection: close
                 Content-Length: 21
                 Content-Type: application/x-www-form-urlencoded
                 Host: work.a-poster.info:25000
                 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)


                     [10:39:34+1] =&gt; data=acfbbbfdacbfcdff
                 )
                 «
 }</pre><pre style=’padding:10px 20px; background:#e6e6e6;margin-bottom:10px’>{
     «PORT HIT»: «95.217.124.252:40803-&gt;217.78.1.91:3128»,
     «MESSAGES»: «Array
                 (
                     [10:39:35] =&gt; u0004u0001a&uml;%u0001&Ugrave;&not;u0000
                 )
                 «
 }</pre><pre style=’padding:10px 20px; background:#e6e6e6;margin-bottom:10px’>{
     «PORT HIT»: «95.217.124.252:40477-&gt;217.78.1.91:3128»,
     «MESSAGES»: «Array
                 (
                     [10:39:35] =&gt; u0005u0001u0000
                 )
                 «
 }</pre>

 Please keep in mind that after the first intrusion we log all traffic between your server and the BitNinja-protected servers until the IP is removed from the greylist. This means you may see valid logs beside the malicious actions in the link above. If you need help finding the malicious logs, please dont hesitate to contact our incident experts by replying to this e-mail.

 For more information on analyzing and understanding outbound traffic, check out this:
https://doc.bitninja.io/_images/bitninja-incident-report-1.jpg?utm_source=incident&utm_campaign=investigation&utm_content=image

 Weve also dedicated an entire site help people prevent their server from sending malicious attacks:
https://doc.bitninja.io/investigations.html?utm_source=incident&utm_campaign=investigation&utm_content=documentation


 Thank you for helping us make the Internet a safer place!


 Regards,


 George Egri
 CEO at BitNinja.io

 BitNinja.io @ BusinessInsider UK

 BitNinja.io hits the WHIR.com
 BitNinja @ CodeMash conference


 <html><head> <meta http-equiv=»Content-Type» content=»text/html; charset=UTF-8″>
     <title>Incident report — BitNinja.io</title>
 <style type=»text/css»>
  .consview a:link, .consview a:visited {
      color: #2669a3 !important;
  }
  a[class=’consview’], a.consview {
      text-decoration: none !important;
      border-bottom: 1px solid #2669a3 !important;
  }
  a {
      text-decoration: none !important;
  }
 </style>
 </head><body style=»background-color: #ffffff;»>
 <p><meta content=»text/html; charset=UTF-8″ http-equiv=»Content-Type»>
 <title>Incident report — BitNinja.io</title>
 </p>
 <table style=»width: 665px; min-width: 665px; max-width: 665px;» cellspacing=»0″ cellpadding=»0″ border=»0″>
 <tbody>
 <tr>
 <td style=»background-color: #fff; vertical-align: top;» valign=»top» bgcolor=»#fff»>
 <div style=»background: #282C37; padding: 20px; text-align: center;»><img alt=»» src=»cid:part1.6af6d9518894aae1d19b7c794ab98496″ title=»» width=»199″ height=»67″></div>
 </td>
 </tr>
 <tr>
 <td style=»height: 40px; min-height: 40px; max-height: 40px; vertical-align: top; background-color: #ffffff;» valign=»top» height=»40″ bgcolor=»#ffffff»>&nbsp;</td>
 </tr>
 <tr>
 <td style=»vertical-align: top; background-color: #ffffff; height: 20px; min-height: 20px; max-height: 20px;» valign=»top» height=»20″ bgcolor=»#ffffff»>
 <table style=»width: 665px; min-width: 665px; max-width: 665px;» cellspacing=»0″ cellpadding=»0″ border=»0″>
 <tbody>
 <tr>
 <td style=»width: 40px; min-width: 40px; max-width: 40px;» width=»40″>&nbsp;</td>
 <td style=»width: 585px; min-width: 585px; max-width: 585px; text-align: justify;» width=»585″><span style=»font-size: small; font-family: tahoma, arial, helvetica, sans-serif;»><div id=»cons_content_tartalom» aria-hidden=»true» style=»»><p><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>Dear Provider,</span></p>
 <p><br><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>I am Mark Bacsko, Incident Analyst&nbsp;at <a href=»https://bitninja.io?»>BitNinja Server Security</a>. Im writing to inform you that we have detected malicious requests from the IP 95.217.124.252 directed at our clients servers.</span></p>
 <p><br><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients servers.</span></p>
 <p><br><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>Servers are increasingly exposed as the targets of botnet attacks and you might not be aware that your server is being used as a bot to send malicious attacks over the Internet.<br></span></p>
 <p><br><span></span><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>I’ve collected the 3 earliest logs below, and you can find the freshest 100, that may help you disinfect your server, under the link. The timezone is UTC +2:00.</span><br><a href=»http://bitninja.io/incidentReport.php?details=b6bfabf1f2c285d803?utm_source=incident&amp;utm_content=publicpage» target=»_blank»>http://bitninja.io/incidentReport.php?details=b6bfabf1f2c285d803</a><a href=»http://bitninja.io/incidentReport.php?details=b6bfabf1f2c285d803«></a></p>
 <p></p>
 <p><pre style=’padding:10px 20px; background:#e6e6e6;margin-bottom:10px’>{
     «PORT HIT»: «95.217.124.252:54065-&gt;217.78.1.91:3128»,
     «MESSAGES»: «Array
                 (
                     [10:39:34] =&gt; POST http://work.a-poster.info:25000/ HTTP/1.1
                 Connection: close
                 Content-Length: 21
                 Content-Type: application/x-www-form-urlencoded
                 Host: work.a-poster.info:25000
                 User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)


                     [10:39:34+1] =&gt; data=acfbbbfdacbfcdff
                 )
                 «
 }</pre><pre style=’padding:10px 20px; background:#e6e6e6;margin-bottom:10px’>{
     «PORT HIT»: «95.217.124.252:40803-&gt;217.78.1.91:3128»,
     «MESSAGES»: «Array
                 (
                     [10:39:35] =&gt; u0004u0001a&uml;%u0001&Ugrave;&not;u0000
                 )
                 «
 }</pre><pre style=’padding:10px 20px; background:#e6e6e6;margin-bottom:10px’>{
     «PORT HIT»: «95.217.124.252:40477-&gt;217.78.1.91:3128»,
     «MESSAGES»: «Array
                 (
                     [10:39:35] =&gt; u0005u0001u0000
                 )
                 «
 }</pre><br><br></p>
 <p><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>Please keep in mind that after the first intrusion we log all traffic between your server and the BitNinja-protected servers until the IP is removed from the greylist. This means you may see valid logs beside the malicious actions in the link above. If you need help finding the malicious logs, please dont hesitate to contact our incident experts by replying to this e-mail.</span></p>
 <p></p>
 <p><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>For more information on analyzing and understanding outbound traffic, check out this:<br><a href=»https://docs.bitninja.io/wp-content/uploads/2020/08/bitninja-incident-report-1-scaled.jpg«></a><a class=»c-link» href=»https://docs.bitninja.io/wp-content/uploads/2020/08/bitninja-incident-report-1-scaled-1.png» rel=»noopener noreferrer» target=»_blank» data-stringify-link=»https://docs.bitninja.io/wp-content/uploads/2020/08/bitninja-incident-report-1-scaled-1.png» data-sk=»tooltip_parent»>https://docs.bitninja.io/wp-content/uploads/2020/08/bitninja-incident-report-1-scaled-1.png</a><br></span></p>
 <p><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»><a href=»https://bitninja.io/wp-content/uploads/2016/07/bitninja-incident-report-1.jpg«></a></span><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>Weve also dedicated an entire site help people prevent their server from sending malicious attacks:&nbsp;</span></p>
 <p><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»><a href=»https://docs.bitninja.io/serverprotection/doc/«>https://docs.bitninja.io/serverprotection/doc/</a></span><a href=»https://doc.bitninja.io/investigations.html?utm_source=incident&amp;utm_campaign=investigation&amp;utm_content=documentation» style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»><br></a></p>
 <p><br><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>Our incident experts are also happy to help you and can provide detailed logs if needed. Please, feel free to connect me with the administrator or technical team responsible for managing your server.</span></p>
 <p><br><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>Thank you for helping us make the Internet a safer place!</span></p>
 <p><br><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>Regards,</span></p>
 <p><br><span style=»font-family: tahoma, arial, helvetica, sans-serif;»><span style=»font-size: small;»><strong><span style=»font-size: medium;»>Mark Bacsko</span></strong><br></span><span style=»font-size: small;»>Incident Analyst</span></span></p>
 <p><span style=»font-family: tahoma, arial, helvetica, sans-serif;»><span style=»font-size: small;»><span>BitNinja @&nbsp;</span><a href=»https://gbhackers.com/how-to-detect-obfuscated-malware-on-your-server/«><span>GBHackers</span></a><span>&nbsp;</span></span></span></p>
 <p><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>BitNinja.io @ </span><a href=»http://uk.businessinsider.com/cylons-grace-cassy-says-companies-fighting-asymmetric-warfare-against-hackers-2015-12» style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: small;»>BusinessInsider UK</a></p>
 <p></p></div></span></td>
 <td style=»width: 40px; min-width: 40px; max-width: 40px;» width=»40″>&nbsp;</td>
 </tr>
 </tbody>
 </table>
 </td>
 </tr>
 <tr>
 <td style=»vertical-align: top; background-color: #ffffff; height: 40px; min-height: 40px; max-height: 40px;» valign=»top» height=»40″ bgcolor=»#ffffff»>&nbsp;</td>
 </tr>
 <tr>
 <td>
 <div style=»background: #282C37; padding: 20px; text-align: center; color: #fff;»><div id=»cons_content_lablec» aria-hidden=»true» style=»»><p style=»text-align: center;»><span style=»font-family: tahoma, arial, helvetica, sans-serif; font-size: medium;»><br>Partnered by:</span></p>
 <p style=»text-align: center; background: rgba(255,255,255,.4); border-radius: 10px;»><span style=»font-size: small; font-family: tahoma, arial, helvetica, sans-serif;»><img alt=»» height=»146″ src=»cid:part2.6f89c33ce80bc628f8e202d170b170e3″ title=»» width=»534″></span></p>
 <p style=»text-align: center;»><span> 2020 BitNinja Server Security</span></p></div></div>
 </td>
 </tr>
 </tbody>
 </table>
 <p></p>
 <p></p>
 </body></html>