Posted on by

Abuse 89.117.54.74

Received: from LO0P265CU003.outbound.protection.outlook.com (mail-uksouthazrlh10232021.outbound.protection.outlook.com [52.103.165.21])
	by prod-smtp-forward02 (Haraka) with ESMTPS id 134F9FF1-E827-487F-8CCB-123872808B8A.1
	envelope-from <abuse@gctec.com.br>
	tls TLS_AES_256_GCM_SHA384;
	Fri, 20 Jun 2025 07:23:01 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none;
 b=Wn40qgi1xMbGrTNw++DfhKCYaaZt0WbruzDo7jzs0us5H6DwypurXo8F4tsrT1Ddig2U/bHDiau+4i7BpM3wi978DTgtwINBNg4dNDXgirgJbLQcmM1iz0rL/6KaG3nHx2ELxo56pt+/GLmNAgsTYrFLVEI8Cv+UzH6LGGYmy+kMoKY9L4N9TeGYlbr7MVOqgFvPQWA0QiYzbV//qBz2oupC03+G4decTpUg7CXIypk9FMp8QHkoqhOYStBFGZmCPn0QWD0KzDTdYT9peJkzbeB+8Fnrhr1rOtCovMvE4FRjUaA+eSHHVSrK43CmSTYVRIWxsXseBpxABvh48DdpPw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector10001;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=vIfNpLNLWxOf6K7CMSgbINWDT+sjG/2ybD0/+mmOKNc=;
 b=HS0IQLWY/hNQhcYpDKT1NAMPwUSwOtBZVrS+1GlKczOzOhoJ5dGxNmBy98Bt8OQqA9M21dOE2Epn1vXFnuczkv4hvZff2WfUFquXB64B7oQhURx4G81E7B1TEDZdAT4uDp1bMLMTuKAAQoWkHrYj86S48/G7aq0/gcXOSoTpTjqjWLyUXLXddnnNQn8wucKneGETio5496dO8tMVT0yVQ6wjzRAySCXkQWUiDb2tPN0ALuFbh47S2nvKzlvHVHKnmYp2m9L2/+I7BY6gBzM5RCpqq6XIO4+q6e/rmhsoShopvtenNOZlEMnOFbE4Gg+rFxYWJ8CILFf0UIx0IXaLoQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=softfail (sender ip
 is 72.10.163.178) smtp.rcpttodomain=abuseradar.com
 smtp.mailfrom=gctec.com.br; dmarc=fail (p=quarantine sp=quarantine pct=100)
 action=quarantine header.from=gctec.com.br; dkim=none (message not signed);
 arc=none (0)
Received: from LO0P265CA0013.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:355::8)
 by LO0P265MB5976.GBRP265.PROD.OUTLOOK.COM (2603:10a6:600:28f::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8857.20; Fri, 20 Jun
 2025 07:22:59 +0000
Received: from LO1PEPF000028CC.GBRP265.PROD.OUTLOOK.COM
 (2603:10a6:600:355:cafe::d6) by LO0P265CA0013.outlook.office365.com
 (2603:10a6:600:355::8) with Microsoft SMTP Server (version=TLS1_3,
 cipher=TLS_AES_256_GCM_SHA384) id 15.20.8857.25 via Frontend Transport; Fri,
 20 Jun 2025 07:22:58 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning
 gctec.com.br discourages use of 72.10.163.178 as permitted sender)
Received: from bonadea.desvet.com.br (72.10.163.178) by
 LO1PEPF000028CC.mail.protection.outlook.com (10.167.240.36) with Microsoft
 SMTP Server (version=TLS1_3, cipher=TLS_AES_256_GCM_SHA384) id 15.20.8857.21
 via Frontend Transport; Fri, 20 Jun 2025 07:22:57 +0000
Received: from root by bonadea.desvet.com.br with local (Exim 4.98.2)
	(envelope-from <abuse@gctec.com.br>)
	id 1uSW5A-00000005Mu2-2mRy;
	Fri, 20 Jun 2025 04:22:40 -0300
From: abuse@gctec.com.br
To: root@bonadea.desvet.com.br,lir@telecentras.lt,report@abuseradar.com
Auto-Submitted: auto-generated
X-XARF: PLAIN
Content-Type: multipart/mixed;
 boundary="csf-1750404160"
MIME-Version: 1.0
Subject: abuse report about 89.117.54.74 - 2025-06-20T04:22:40-0300
Message-Id: <E1uSW5A-00000005Mu2-2mRy@bonadea.desvet.com.br>
Date: Fri, 20 Jun 2025 04:22:40 -0300
X-DESVET-Scanner-Information: Please contact the ISP for more information
X-DESVET-Scanner-ID: 1uSW5A-00000005Mu2-2mRy
X-DESVET-Scanner: Not scanned: please contact your Internet E-Mail Service Provider for details
X-DESVET-Scanner-SpamCheck: não spam, SpamAssassin (not cached,
	escore=0.801, requerido 2, BAYES_50 0.80, URIBL_BLOCKED 0.00)
X-DESVET-MailScanner-From: abuse@gctec.com.br
X-Spam-Status: No
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - bonadea.desvet.com.br
X-AntiAbuse: Original Domain - abuseradar.com
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-AntiAbuse: Sender Address Domain - gctec.com.br
X-Get-Message-Sender-Via: bonadea.desvet.com.br: sender_ident via received_protocol == local: root/only user confirmed/virtual account not confirmed
X-Authenticated-Sender: bonadea.desvet.com.br: root
X-Source:
X-Source-Args:
X-Source-Dir:
Return-Path: abuse@gctec.com.br
X-EOPAttributedMessage: 0
X-EOPTenantAttributedMessage: 4b06f27d-d0bc-45cd-b169-d61de1bca836:0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: LO1PEPF000028CC:EE_|LO0P265MB5976:EE_
X-MS-Office365-Filtering-Correlation-Id: 7966251d-f350-445e-cfd2-08ddafcb47c1
X-MS-Exchange-SenderADCheck: 0
X-MS-Exchange-AntiSpam-Relay: 1
X-Microsoft-Antispam:
	BCL:0;ARA:13230040|61400799027|376014|9140799003|4053099003|4013099003;
X-Microsoft-Antispam-Message-Info:
	=?utf-8?B?eG9iQy9GamlTU21NQUhjaVNKUWxzUVYwWE1abzViU0tRZFdMVzliQ2FVV1Np?=
 =?utf-8?B?Mlk1aFlCNjRaemJZTG1jNTNRR3dwbk51TFE5b0pKdlZQUllPWjRvZnB4WnA4?=
 =?utf-8?B?VjNJeHJMSnppTHpxS1o5aTFQNUNlbGdBUXpYOW1qYVpoQjZzWWRITmdncU4z?=
 =?utf-8?B?b1kyaWdVREJ3cDkrNzhyWk9PWEJOUVJqSG5sWnZCeXRVMTByaXJZYUNsWVRx?=
 =?utf-8?B?a3FFRGtjYXFUYVQ2R1FmVDRUM1ZKWFZlL0FEV0JjcDdqdUFEZjZRcEM4RE92?=
 =?utf-8?B?SUJJYnRQTldOeng0Z3N0ZVFQSTF1QTBOdkFNajBuZnVOdkhWaWtZa1ZJYTBV?=
 =?utf-8?B?TEZ1a3RDa3poU2hTV3JSY2YxRWFmU1g2aUtiYjc4NzVYRjJKeDlMRUFQWita?=
 =?utf-8?B?d3dFdTZNdXlrR0dlSXdzMjNJaVdGYjVuc3NMZHhJYlBsT3hQQy92N2JMWUE5?=
 =?utf-8?B?YkFINUhvR1krZE5KWG1SdzdZNWEybVNqWlNXU3I0VkhLVG45eDZ3b0llN3lj?=
 =?utf-8?B?enlMNDgzQnVjM2FzOEpHazA3VXdrQUIyS3UrZUM0cjRNREQzMTB5V1ZLUnlB?=
 =?utf-8?B?eWllTnVSQ0FKbUU3ODV5clp6L2ltYUM5NW9NNFM2dzlxVXpzNHZSQXUzekhS?=
 =?utf-8?B?MGtPMnQ2QnRyQ2tLRS96aTBRc0FwMU1HMnlnYWduOVEzRmllK1NVb1ozTlNw?=
 =?utf-8?B?ZURoUUMyaWZTeTdLSElyV1gvdDduZEVjZEZFckdtOTY4L2FnSUNySzEwbjAx?=
 =?utf-8?B?ZER4bEZCQUcrWGxBby9KQWdLcXNFL2F5ckkxY3BSRnFIUFNzUTRlOEFQQ2NI?=
 =?utf-8?B?dGdqMFUrZFBQWlQ3TkpRQUZJTmE5c0oyMy9pWDRQdDJUOVkwLzN4VU9SL0k4?=
 =?utf-8?B?WGFwWW9NNHJUd0cwYjgyQ0M1OHJNTkc1RzBSNFQ4WW5oNUsyVHFnSVNTRnZM?=
 =?utf-8?B?ck1SYVlKeUhnN3F5QWVUK0VlSnhYYUdla3R2akRlUzFWYUhMOFdiWDVXakxk?=
 =?utf-8?B?S1FwK2lvMXZnRzhnS1RhTTJPS2xMbHk0dm53WUNtSTJkWnorWXZOTXRNdWFy?=
 =?utf-8?B?SzI0bVBGVHAvRGJXdTVLTEdYWjlYb2QyU2RBelRlWGl5eng4Q0taZGhMaFNB?=
 =?utf-8?B?endTdDZ6d1cyVmxaY1BkYXg3UXVaeUtYYW8wbGd6SjgrbENtajFqZmVuVEZS?=
 =?utf-8?B?Q1ArNy9lM1hEOW5BcEwvWTBGeE1aeTVlbmp0ZFRvN0FheUhiWlRnREdhTVZL?=
 =?utf-8?B?VEhVYVJDUXh1b2xySUVxNUQ5WGNySHB1L3FRNVhvSnJENmhkeWFUa1FsQ3dH?=
 =?utf-8?B?QXlRWWpvNlpGZkd3UFR1OEZleUNqRUJMVDcwS2NFUHZCSGx1SEp5NVRSKzVW?=
 =?utf-8?B?WGVSckpiS3lsY09ZTjR0bVdHLysxVmNRTlQxOXk5NHBUWU9SYXRYL0ZYK1ow?=
 =?utf-8?B?Vk5DZU0yOS94MFhOaWkvaFVOQnJzdmFpY1lMTElKWitYYUtsV3Z3SGNDaFp0?=
 =?utf-8?B?UXVpRmxJTEVjN0NMM1kwNTdOaE4rR3RQMVhwb1RvNGVTaHRXODVXcnZRSkNH?=
 =?utf-8?B?dHVIQ3MzNEVhWlpERm5LeGxRQVRobjRlZW96aFZzUEpYUWlENmtxSGxjQmFK?=
 =?utf-8?B?OGJ2MGdxVk9uT2FDSG5rZ29zR1VsQ3FsTllnWjRNM2xWZ2pmK2JQcisrTEx4?=
 =?utf-8?B?QVVaK3RxL1VETXd6K2crcXprNnhaanYyaytZNFErUm4yRFBvNUJwdmxzdWhh?=
 =?utf-8?B?UC9yZW5WZk9PNTJFeEUrYjZJU1NtbVZjN0JmMG9OdVUvcmREelo5OTM0RklL?=
 =?utf-8?B?SmtieGxNcStQL1BxTkhVYlB3dU9iaDh0dmNMZXhTRWJjZU9SS3M3OXY3NWo3?=
 =?utf-8?B?SnRYckNraUg4VGE0Q04wNDFHNGxnWDkxV1N0QmhNQVlFZFBTYzloSlZPaXpD?=
 =?utf-8?B?dDZ0Mkg3RU5NRTZpQ1JKT0pGMmZ4ck1DYjgzQVk0KzJMMzVuNXd2SXJ3dERJ?=
 =?utf-8?B?WnhmZTNuT3VPeTNhb2lOVGROSWI0czZOemc2MGZNUEFFLzN5V2RlSFI2MXEy?=
 =?utf-8?B?dXllNmFTSWhjQWUrSlJ4UGZlZHlOSmlydzJwckJUVm5rcmFXQmZIc0pEL1BG?=
 =?utf-8?B?eUlTVCtPZ3RMTE9NYjRYbjlSMGZWaEsvTGZ3T0tSY01vdzZxN0V3bmFmeWkv?=
 =?utf-8?B?cHNZVEdsaHo4Yy9JUHFqREx2cjJ4OWFsVlFlVjg0SE1qZ2Q3dldEeVZJeDhn?=
 =?utf-8?B?VUdnbDgwQTBPVHpwL0ZhZzJMbHgzNE5Va2lJVHM1OVhrelpSMXVMSHJqMzEw?=
 =?utf-8?B?YXIvT0poN2NKVndoVTJ0U1RiSzZDOXZ0enc5eDdia21UY1hkMXJXK1JTanFn?=
 =?utf-8?B?SjJ3NUtianZpYSs3TUMzK0FBVEthdENRMytSaHJKSURaeFVzR1pRN1ZBMDFw?=
 =?utf-8?B?RlRrOHpvV29nc1YxY1RMTzZueS9lcXFZVW8wS1JRbFAzQW92blpNN1h6aVUw?=
 =?utf-8?B?YTVBbnZjRnVFRGhjN08valJ4ekNZSDArcitQWGxramQrZERZRmZOc2xETWlB?=
 =?utf-8?B?MTVJSUlRZlBDT00yeERZMzBYMzIvMzFObk14RzJ5U0hrYWtlQ2szWWl0Rkgv?=
 =?utf-8?B?UWlicERFNHlpdnVGUFVLSWl3VEYyYW50N1Vkb0pkaENWdGZ2eXR6aDRlWC9K?=
 =?utf-8?B?dUtLTUZMd0pDYzRMTWxzL0NYbG1YbnZXNGFFT2VFNG9adWRXUUsvNWtGNkZw?=
 =?utf-8?B?K0hzL21UTjkyQ2dKR2xiTDV0RDZDdzRoZm1tb0FFWHNIVGlXOHpIenZaLzVp?=
 =?utf-8?Q?NdrOH7Cv42kCuNiAqbWEuY3tWiiUJyEgnd3QbymdwU?=
X-Forefront-Antispam-Report:
	CIP:72.10.163.178;CTRY:CA;LANG:en;SCL:5;SRV:;IPV:NLI;SFV:SPM;H:bonadea.desvet.com.br;PTR:bonadea.desvet.com.br;CAT:OSPM;SFS:(13230040)(61400799027)(376014)(9140799003)(4053099003)(4013099003);DIR:OUT;SFP:1023;
X-ExternalRecipientOutboundConnectors: 4b06f27d-d0bc-45cd-b169-d61de1bca836
X-OriginatorOrg: netutils.io
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Jun 2025 07:22:57.1454
 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 7966251d-f350-445e-cfd2-08ddafcb47c1
X-MS-Exchange-CrossTenant-Id: 4b06f27d-d0bc-45cd-b169-d61de1bca836
X-MS-Exchange-CrossTenant-AuthSource: LO1PEPF000028CC.GBRP265.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: Internet
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LO0P265MB5976
Original-Authentication-Results: spf=softfail (sender IP is 72.10.163.178)
 smtp.mailfrom=gctec.com.br; dkim=none (message not signed)
 header.d=none;dmarc=fail action=quarantine header.from=gctec.com.br;

This is a multi-part message in MIME format.
--csf-1750404160
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf-8

The IP address 89.117.54.74 (US/United States/Virginia/Norfolk/vmi2639060.contaboserver.net) was found attacking firewall on bonadea.desvet.com.br 11 times in the last 3600 seconds.

Attached is an X-ARF report (see http://www.xarf.org/specification.html) and the original log report that triggered this block.

Abuse Contact for 89.117.54.74: [lir@telecentras.lt,report@abuseradar.com]

The Abuse Contact of this report was provided by the Abuse Contact DB by abusix.com. abusix.com does not maintain the content of the database. All information which we pass out, derives from the RIR databases and is processed for ease of use. If you want to change or report non working abuse contacts please contact the appropriate RIR. If you have any further question, contact abusix.com directly via email (info@abusix.com). Information about the Abuse Contact Database can be found here:

https://abusix.com/global-reporting/abuse-contact-db

abusix.com is neither responsible nor liable for the content or accuracy of this message.

--csf-1750404160
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="report.txt"
Content-Type: text/plain; charset=utf8; name="report.txt";

Reported-From: abuse@gctec.com.br
Report-ID: 1750404160@bonadea.desvet.com.br
Category: abuse
Report-Type: login-attack
Service: firewall
User-Agent: csf v14.24
Date: 2025-06-20T04:22:40-0300
Source: 89.117.54.74
Source-Type: ipv4
Attachment: text/plain
Schema-URL: https://download.configserver.com/abuse_login-attack_0.2.json

--csf-1750404160
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="logfile.log"
Content-Type: text/plain; charset=utf8; name="logfile.log";

Jun 20 04:22:04 bonadea kernel: Firewall: *TCP_IN Blocked* IN=enp8s0f0 OUT= MAC=0c:c4:7a:ab:82:64:00:1c:73:9c:3b:5d:08:00 SRC=89.117.54.74 DST=72.10.163.182 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=37762 PROTO=TCP SPT=27709 DPT=73 WINDOW=53270 RES=0x00 SYN URGP=0 
Jun 20 04:22:05 bonadea kernel: Firewall: *TCP_IN Blocked* IN=enp8s0f0 OUT= MAC=0c:c4:7a:ab:82:64:00:1c:73:9c:3b:5d:08:00 SRC=89.117.54.74 DST=72.10.163.182 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=16836 PROTO=TCP SPT=35125 DPT=73 WINDOW=53270 RES=0x00 SYN URGP=0 
Jun 20 04:22:07 bonadea kernel: Firewall: *TCP_IN Blocked* IN=enp8s0f0 OUT= MAC=0c:c4:7a:ab:82:64:00:1c:73:9c:3b:5d:08:00 SRC=89.117.54.74 DST=72.10.163.182 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=31993 PROTO=TCP SPT=54880 DPT=73 WINDOW=53270 RES=0x00 SYN URGP=0 
Jun 20 04:22:07 bonadea kernel: Firewall: *TCP_IN Blocked* IN=enp8s0f0 OUT= MAC=0c:c4:7a:ab:82:64:00:1c:73:9c:3b:5d:08:00 SRC=89.117.54.74 DST=72.10.163.182 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=56972 PROTO=TCP SPT=48278 DPT=73 WINDOW=53270 RES=0x00 SYN URGP=0 
Jun 20 04:22:23 bonadea kernel: Firewall: *TCP_IN Blocked* IN=enp8s0f0 OUT= MAC=0c:c4:7a:ab:82:64:00:1c:73:9c:3b:5d:08:00 SRC=89.117.54.74 DST=72.10.163.178 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=17339 PROTO=TCP SPT=43531 DPT=73 WINDOW=53270 RES=0x00 SYN URGP=0 
Jun 20 04:22:27 bonadea kernel: Firewall: *TCP_IN Blocked* IN=enp8s0f0 OUT= MAC=0c:c4:7a:ab:82:64:00:1c:73:9c:3b:5d:08:00 SRC=89.117.54.74 DST=72.10.163.178 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=35057 PROTO=TCP SPT=11972 DPT=73 WINDOW=53270 RES=0x00 SYN URGP=0 
Jun 20 04:22:28 bonadea kernel: Firewall: *TCP_IN Blocked* IN=enp8s0f0 OUT= MAC=0c:c4:7a:ab:82:64:00:1c:73:9c:3b:5d:08:00 SRC=89.117.54.74 DST=72.10.163.179 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=65410 PROTO=TCP SPT=53547 DPT=73 WINDOW=53270 RES=0x00 SYN URGP=0 
Jun 20 04:22:28 bonadea kernel: Firewall: *TCP_IN Blocked* IN=enp8s0f0 OUT= MAC=0c:c4:7a:ab:82:64:00:1c:73:9c:3b:5d:08:00 SRC=89.117.54.74 DST=72.10.163.178 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=48691 PROTO=TCP SPT=30376 DPT=73 WINDOW=53270 RES=0x00 SYN URGP=0 
Jun 20 04:22:32 bonadea kernel: Firewall: *TCP_IN Blocked* IN=enp8s0f0 OUT= MAC=0c:c4:7a:ab:82:64:00:1c:73:9c:3b:5d:08:00 SRC=89.117.54.74 DST=72.10.163.179 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=61776 PROTO=TCP SPT=36171 DPT=73 WINDOW=53270 RES=0x00 SYN URGP=0 
Jun 20 04:22:32 bonadea kernel: Firewall: *TCP_IN Blocked* IN=enp8s0f0 OUT= MAC=0c:c4:7a:ab:82:64:00:1c:73:9c:3b:5d:08:00 SRC=89.117.54.74 DST=72.10.163.179 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=4433 PROTO=TCP SPT=28227 DPT=73 WINDOW=53270 RES=0x00 SYN URGP=0 
Jun 20 04:22:37 bonadea kernel: Firewall: *TCP_IN Blocked* IN=enp8s0f0 OUT= MAC=0c:c4:7a:ab:82:64:00:1c:73:9c:3b:5d:08:00 SRC=89.117.54.74 DST=72.10.163.180 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=6699 PROTO=TCP SPT=23039 DPT=73 WINDOW=53270 RES=0x00 SYN URGP=0 


--csf-1750404160--

Published by SpaceCore