Security incident report
Greetings,
the security team CSIRT-MU has detected involvement of the IP address 80.71.227.62 into the following incident:
Active scanning
Incident type: Active scanning
Detection time window: 2025-09-24T22:20:00+02:00 - 2025-09-24T22:25:08+02:00
Source IP address: 80.71.227.62
Source domain name: ---
Target IP address count: 99
Target IP addresses: 78.128.215.72, 147.251.0.179, 147.251.5.217, 147.251.8.28, 147.251.15.51, 147.251.18.40, 147.251.20.133, 147.251.23.147, 147.251.24.3, 147.251.27.15, ...
Description of the incident: A computer use active scanning to contact other computers in a network to find what services are remotely accessible. Users cannot trigger the scanning by chance and rarely experienced users do so intentionally. This activity most often means that the computer is infected by a virus or other malicious code, or runs some misconfigured service.
Security issue solution
We strongly recommend to check the computer with up-to-date antivirus software and eventually check the configuration of network services.
Because of the severity of the security issue, the IP address 80.71.227.62 was blocked for 1 hour. The block was performed to protect the network and can be lifted earlier only after the security issue that led to it is resolved.
How to communicate with the CSIRT-MU team? [2]
Please review the source of the incident and fix the issue. Inform us about the result within 5 business days.
Best regards,
CSIRT-MU
The security team of Masaryk University
https://csirt.muni.cz
---------------------------------------------------------------------
[1] https://reports.csirt.muni.cz/help/rt_instructions.html
[2] https://reports.csirt.muni.cz/help/rt_instructions.html?lang=EN
