An attempt to brute-force account passwords over SSH/FTP by a machine in your domain or in your network has been detected. Attached are the host who attacks and time / date of activity. Please take the necessary action(s) to stop this activity immediately. If you have any questions please reply to this email.
Host of attacker: 195.133.84.37 => => Responsible email contacts: abuse@spacecore.pro,ripe@interlir.com
Attacked hosts in our Network: 77.75.253.142, 37.228.155.60, 77.75.250.45, 77.75.249.213, 37.228.156.249, 85.158.176.24, 77.75.251.47, 178.250.14.202, 85.158.176.98, 37.228.159.13, 185.39.221.169, 77.75.251.102, 178.250.15.187, 37.228.159.238, 37.228.159.12, 178.250.9.35, 37.228.159.206, 185.39.220.184, 185.39.221.74, 85.158.182.215, 37.228.155.207, 85.158.181.23, 85.158.183.141, 81.88.33.185, 178.250.12.26, 77.75.252.105, 178.250.15.253, 37.228.158.20, 37.228.159.144, 77.75.249.51, 37.228.154.70, 37.228.156.92
Logfile entries (time is CE(S)T):
Thu May 8 00:27:53 2025: user: ss service: ssh target: 77.75.251.47 source: 195.133.84.37
Thu May 8 00:24:45 2025: user: soksuser service: ssh target: 178.250.15.187 source: 195.133.84.37
Thu May 8 00:24:25 2025: user: soksuser service: ssh target: 37.228.154.70 source: 195.133.84.37
Thu May 8 00:24:10 2025: user: soksuser service: ssh target: 37.228.155.207 source: 195.133.84.37
Thu May 8 00:23:23 2025: user: soksuser service: ssh target: 77.75.251.47 source: 195.133.84.37
Thu May 8 00:20:15 2025: user: root service: ssh target: 178.250.15.187 source: 195.133.84.37
Thu May 8 00:19:55 2025: user: root service: ssh target: 37.228.154.70 source: 195.133.84.37
Thu May 8 00:19:50 2025: user: root service: ssh target: 37.228.155.207 source: 195.133.84.37
Thu May 8 00:18:53 2025: user: root service: ssh target: 77.75.251.47 source: 195.133.84.37
Thu May 8 00:13:35 2025: user: jelly service: ssh target: 178.250.15.187 source: 195.133.84.37
Thu May 8 00:12:45 2025: user: jelly service: ssh target: 37.228.154.70 source: 195.133.84.37
Thu May 8 00:12:20 2025: user: jelly service: ssh target: 37.228.155.207 source: 195.133.84.37
Thu May 8 00:10:33 2025: user: jelly service: ssh target: 77.75.251.47 source: 195.133.84.37
Wed May 7 23:13:12 2025: user: root service: ssh target: 37.228.159.12 source: 195.133.84.37
Wed May 7 23:13:12 2025: user: root service: ssh target: 77.75.249.51 source: 195.133.84.37
Wed May 7 23:12:45 2025: user: root service: ssh target: 77.75.253.142 source: 195.133.84.37
Wed May 7 23:11:34 2025: user: root service: ssh target: 85.158.181.23 source: 195.133.84.37
Wed May 7 23:11:08 2025: user: root service: ssh target: 37.228.159.144 source: 195.133.84.37
Wed May 7 23:08:52 2025: user: root service: ssh target: 37.228.159.12 source: 195.133.84.37
Wed May 7 23:08:42 2025: user: root service: ssh target: 77.75.249.51 source: 195.133.84.37
Wed May 7 23:08:15 2025: user: root service: ssh target: 77.75.253.142 source: 195.133.84.37
Wed May 7 23:07:04 2025: user: root service: ssh target: 85.158.181.23 source: 195.133.84.37
Wed May 7 23:06:48 2025: user: root service: ssh target: 37.228.159.144 source: 195.133.84.37
Wed May 7 23:04:32 2025: user: cmk service: ssh target: 37.228.159.12 source: 195.133.84.37
Wed May 7 23:04:22 2025: user: cmk service: ssh target: 77.75.249.51 source: 195.133.84.37
Wed May 7 23:03:55 2025: user: cmk service: ssh target: 77.75.253.142 source: 195.133.84.37
Wed May 7 23:02:54 2025: user: cmk service: ssh target: 85.158.181.23 source: 195.133.84.37
Wed May 7 23:02:28 2025: user: cmk service: ssh target: 37.228.159.144 source: 195.133.84.37
Wed May 7 23:00:12 2025: user: steam service: ssh target: 37.228.159.12 source: 195.133.84.37
Wed May 7 23:00:02 2025: user: steam service: ssh target: 77.75.249.51 source: 195.133.84.37
Wed May 7 22:59:45 2025: user: steam service: ssh target: 77.75.253.142 source: 195.133.84.37
Wed May 7 22:58:34 2025: user: steam service: ssh target: 85.158.181.23 source: 195.133.84.37
Wed May 7 22:58:08 2025: user: steam service: ssh target: 37.228.159.144 source: 195.133.84.37
Wed May 7 22:55:52 2025: user: helloworld service: ssh target: 37.228.159.12 source: 195.133.84.37
Wed May 7 22:55:52 2025: user: helloworld service: ssh target: 77.75.249.51 source: 195.133.84.37
Wed May 7 22:55:25 2025: user: helloworld service: ssh target: 77.75.253.142 source: 195.133.84.37
Wed May 7 22:54:24 2025: user: helloworld service: ssh target: 85.158.181.23 source: 195.133.84.37
Wed May 7 22:53:58 2025: user: helloworld service: ssh target: 37.228.159.144 source: 195.133.84.37
Wed May 7 22:51:42 2025: user: zxg service: ssh target: 37.228.159.12 source: 195.133.84.37
Wed May 7 22:51:42 2025: user: zxg service: ssh target: 77.75.249.51 source: 195.133.84.37
Wed May 7 22:51:15 2025: user: zxg service: ssh target: 77.75.253.142 source: 195.133.84.37
Wed May 7 22:50:04 2025: user: zxg service: ssh target: 85.158.181.23 source: 195.133.84.37
Wed May 7 22:49:38 2025: user: zxg service: ssh target: 37.228.159.144 source: 195.133.84.37
Wed May 7 22:47:22 2025: user: eren service: ssh target: 37.228.159.12 source: 195.133.84.37
Wed May 7 22:47:12 2025: user: eren service: ssh target: 77.75.249.51 source: 195.133.84.37
Wed May 7 22:46:55 2025: user: eren service: ssh target: 77.75.253.142 source: 195.133.84.37
Wed May 7 22:45:44 2025: user: eren service: ssh target: 85.158.181.23 source: 195.133.84.37
Wed May 7 22:45:18 2025: user: eren service: ssh target: 37.228.159.144 source: 195.133.84.37
Wed May 7 22:43:02 2025: user: qsj service: ssh target: 77.75.249.51 source: 195.133.84.37
…
Regards,
Profihost AG Team
