Hello,
We have detected an attack originating from the IP address 195.133.84.117, which is part of your network AS198037 SPACECORE SOLUTION LTD.
The attack was directed towards our network infrastructure.
The following malicious activity was observed:
2025-02-17T15:06:06.004200 <omitted> sshd[590686]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=195.133.84.117
2025-02-17T15:06:08.435257 <omitted> sshd[590686]: Failed password for invalid user nadia from 195.133.84.117 port 54254 ssh2
2025-02-17T15:10:11.664217 <omitted> sshd[590701]: Invalid user nw from 195.133.84.117 port 45282
…
This incident has been logged in our system under Abuse ID 869a4626. This abuse incident has been logged at 2025-02-17T15:10:12Z.
We kindly request that you investigate the source of this attack and take appropriate action to mitigate the issue.
Please note that we are an organization dedicated to identifying and reporting abuse incidents. If you have received this message in error, or if this incident reported is inappropriate, please contact security@threathouse.com. Please include the entire body of this message.
As a precautionary measure, the abusive IP address has been added to our blacklist database. It will not receive any further abuse complaints from us for a period of 2 weeks. After this period, you may receive additional abuse emails from us if we detect the same abusive behavior. If you prefer not to receive future abuse complaints from us, please reply to this email, and we will add your IP range/ASN to our exclusion list.
Please be assured that a response to this abuse message is not mandatory. Please note that any replies may be recorded and displayed on our website (https://threathouse.com).
Attached is an XARF report and a copy of the log files.
Best regards,
Threat House
