Abuse case #210543 opened for 80.76.43.211, immediate action required!

This is a multi-part message in MIME format.



--_----------=_1701494261306608230

Content-Disposition: inline

Content-Transfer-Encoding: 8bit

Content-Type: text/plain; charset="UTF-8"



Sehr geehrte Damen und Herren!



Sie sind der unmittelbare Upstream-Anbieter einer IP-Adresse, der Brute-Force-Angriffe gegen die folgenden Dienste durchf?hrt:



 * SSH (Secure Shell)



Wir haben mehr als 6 Anmeldeversuche innerhalb von 6 Stunden beobachtet, die von der folgenden IP-Adresse stammen:



80.76.43.211



Wir haben zuletzt um 2023-12-01 23:49:02 UTC einen b?swilligen Anmeldeversuch von dieser IP-Adresse beobachtet.



SSH (Secure Shell) (30 total)

Date	Source IP	Target IP

2023-12-01 23:49:02	80.76.43.211	139.99.233.0/24

2023-12-01 23:47:24	80.76.43.211	139.99.233.0/24

2023-12-01 23:45:45	80.76.43.211	139.99.233.0/24

2023-12-01 23:44:05	80.76.43.211	139.99.233.0/24

2023-12-01 23:42:25	80.76.43.211	139.99.233.0/24

2023-12-01 23:40:46	80.76.43.211	139.99.233.0/24

2023-12-01 23:39:08	80.76.43.211	139.99.233.0/24

2023-12-01 23:37:30	80.76.43.211	139.99.233.0/24

2023-12-01 23:35:50	80.76.43.211	139.99.233.0/24

2023-12-01 23:34:13	80.76.43.211	139.99.233.0/24



Bitte untersuchen Sie die Quelle der b?swilligen Anmeldeversuche und ergreifen Sie Ma?nahmen, um den Angriff so schnell wie m?glich zu stoppen.



Weitere Informationen zum erkannten Problem finden Sie unter https://incident.netcraft.com/e362387148b3/



Mit besten Gr??en,



Netcraft



Telefon: +44(0)1225 447500

Fax: +44(0)1225 448600

Netcraft-Ausgabenummer: 48316518



Um Aktualisierungen ?ber diesen Angriff zu erhalten, antworten Sie bitte auf diese E-Mail. Bitte beachten Sie: Antworten auf diese Adresse werden zwar protokolliert, aber nicht immer gelesen. Wenn Sie mehr Unterst?tzung ben?tigen, oder glauben, Sie haben diese E-Mail irrt?mlich erhalten, kontaktieren Sie bitte: takedown@netcraft.com.



Diese E-Mail kann mit X-ARF-Tools geparsed werden. Weitere Informationen ?ber X-ARF-Tools finden Sie unter http://www.xarf.org/

-------------------

Dear Sir or Madam,



You are the immediate upstream provider of an IP address performing brute force attacks against the following services:



 * SSH (Secure Shell)



We have observed more than 6 login attempts within a 6 hour period originating from the following IP address:



80.76.43.211



We last observed a malicious login attempt from this IP address at 2023-12-01 23:49:02 UTC.



SSH (Secure Shell) (30 total)

Date	Source IP	Target IP

2023-12-01 23:49:02	80.76.43.211	139.99.233.0/24

2023-12-01 23:47:24	80.76.43.211	139.99.233.0/24

2023-12-01 23:45:45	80.76.43.211	139.99.233.0/24

2023-12-01 23:44:05	80.76.43.211	139.99.233.0/24

2023-12-01 23:42:25	80.76.43.211	139.99.233.0/24

2023-12-01 23:40:46	80.76.43.211	139.99.233.0/24

2023-12-01 23:39:08	80.76.43.211	139.99.233.0/24

2023-12-01 23:37:30	80.76.43.211	139.99.233.0/24

2023-12-01 23:35:50	80.76.43.211	139.99.233.0/24

2023-12-01 23:34:13	80.76.43.211	139.99.233.0/24



Please investigate the source of the malicious login attempts and take action to stop the attack as soon as possible.



More information about the detected issue is provided at https://incident.netcraft.com/e362387148b3/



Regards,



Netcraft



Phone: +44(0)1225 447500

Fax: +44(0)1225 448600

Netcraft Issue Number: 48316518



To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com.



This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.

--_----------=_1701494261306608230

Content-Disposition: inline

Content-Transfer-Encoding: 7bit

Content-Type: message/feedback-report

MIME-Version: 1.0

X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)

Date: Sat, 2 Dec 2023 05:17:41 +0000



Feedback-Type: xarf

User-Agent: Netcraft

Version: 1

--_----------=_1701494261306608230

Content-Disposition: attachment; filename="xarf.json"

Content-Transfer-Encoding: base64

Content-Type: application/json; charset=utf-8; name="xarf.json"

MIME-Version: 1.0

X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13)

Date: Sat, 2 Dec 2023 05:17:41 +0000



eyJSZXBvcnRlckluZm8iOnsiUmVwb3J0ZXJPcmciOiJOZXRjcmFmdCIsIlJlcG9ydGVyT3JnRG9t

YWluIjoibmV0Y3JhZnQuY29tIiwiUmVwb3J0ZXJPcmdFbWFpbCI6InRha2Vkb3duLXJlc3BvbnNl

KzQ4MzE2NTE4QG5ldGNyYWZ0LmNvbSJ9LCJWZXJzaW9uIjoiMSIsIkRpc2Nsb3N1cmUiOnRydWUs

IlJlcG9ydCI6eyJSZXBvcnRlckNhc2VJRCI6IjQ4MzE2NTE4IiwiU2FtcGxlcyI6W3siUGF5bG9h

ZCI6IldlIGhhdmUgb2JzZXJ2ZWQgbW9yZSB0aGFuIDYgbG9naW4gYXR0ZW1wdHMgd2l0aGluIGEg

NiBob3VyIHBlcmlvZCBvcmlnaW5hdGluZyBmcm9tIHRoaXMgSVAgYWRkcmVzcy4iLCJEZXNjcmlw

dGlvbiI6IkJydXRlIEZvcmNlIEF0dGFjayBhZ2FpbnN0IG91ciBTU0ggU2VydmljZSIsIkJhc2U2

NEVuY29kZWQiOmZhbHNlLCJDb250ZW50VHlwZSI6InRleHQvcGxhaW4ifV0sIkRhdGUiOiIyMDIz

LTEyLTAxVDIzOjQ5OjAyWiIsIkRlc3RpbmF0aW9uSXAiOiIxMzkuOTkuMjMzLjczIiwiUGFja2V0

Q291bnQiOjMwLCJTb3VyY2VJcCI6IjgwLjc2LjQzLjIxMSIsIkRlc3RpbmF0aW9uUG9ydCI6MjIs

IlJlcG9ydENsYXNzIjoiQWN0aXZpdHkiLCJPbmdvaW5nIjp0cnVlLCJSZXBvcnRUeXBlIjoiTG9n

aW5BdHRhY2siLCJSZXBvcnRlck5vdGVzIjoiU2VlIGh0dHBzOi8vaW5jaWRlbnQubmV0Y3JhZnQu

Y29tL2UzNjIzODcxNDhiMy8gZm9yIG1vcmUgaW5mb3JtYXRpb24ifX0

--_----------=_1701494261306608230--