========== X-ARF Style Summary ==========
Date: 2025-09-24T23:55:12+02:00
Source: 80.71.227.62
Type of Abuse: Portscan/Malware/Intrusion Attempts
Logs: 23:55:07.979262 rule 0/0(match): block in on vtnet0: 80.71.227.62.44570 > 91.190.98.152.23: Flags [S], seq 2970401857, win 0, options [mss 1460], length 0
-----------------------------------------
To whom it may concern,
80.71.227.62 is reported to you for performing unwanted activities toward our server(s).
=============================================================================
Current records of unwanted activities toward our server(s) on file;
the second field designates our server that received the unwanted connection;
if this is a webserver log, the [VirtualHost] designates the visited website.
-----------------------------------------------------------------------------
Source IP / Targeted host / Issue processed @ / Log entry
-----------------------------------------------------------------------------
* 80.71.227.62 tpc-003.mach3builders.nl 2025-09-24T23:55:12+02:00 23:55:07.979262 rule 0/0(match): block in on vtnet0: 80.71.227.62.44570 > 91.190.98.152.23: Flags [S], seq 2970401857, win 0, options [mss 1460], length 0
* 80.71.227.62 tpc-031.mach3builders.nl 2025-09-24T23:48:38+02:00 23:48:34.785264 rule 0/0(match): block in on vtnet0: 80.71.227.62.52466 > 91.190.98.94.23: Flags [S], seq 2155586307, win 0, options [mss 1460], length 0
* 80.71.227.62 tpc-024.mach3builders.nl 2025-09-24T23:45:37+02:00 23:45:32.471852 rule 0/0(match): block in on vtnet0: 80.71.227.62.60760 > 91.190.98.122.23: Flags [S], seq 1485210256, win 0, options [mss 1460], length 0
* 80.71.227.62 tpc-032.mach3builders.nl 2025-09-24T23:29:25+02:00 23:29:21.602058 rule 0/0(match): block in on vtnet0: 80.71.227.62.56300 > 91.190.98.61.23: Flags [S], seq 1024758855, win 0, options [mss 1460], length 0
* 80.71.227.62 tpc-031.mach3builders.nl 2025-09-24T22:46:34+02:00 22:46:31.409268 rule 0/0(match): block in on vtnet0: 80.71.227.62.51068 > 91.190.98.145.23: Flags [S], seq 382949351, win 0, options [mss 1460], length 0
=============================================================================
Notes:
-----------------------------------------------------------------------------
* Unsolicited connections to well-known ports (e.g. FTP, SSH, Telnet, and others), and attempted database queries/injections/extractions are considered especially toxic; associated IP addresses are blocklisted on sight.
* Connections must have completed the three-way handshake before being logged and processed; spoofed connection attemtps are not logged and not blocklisted.
* Any line containing a "GET" or a "POST" request refers to an attempt to access, exploit, or test for, a vulnerability or an attack vector on one of our webservers.
* The most prevalent attempts are 'wp-login' and 'wp-admin', and Joomla/Drupal equivalents. We host zero WordPress/Joomla/Drupal installations. This is usually a sign of a computer that is itself infected with a trojan or other malware, and is looking to infect other machines. Scan the server at the reported IP address for outdated WordPress installations, trojans, and other malware.
* Please do not ask us which "outbound domain" an attack came from, or which "website" instigated the attack: we cannot know this. We can only give you the connecting IP address, the connected IP address, extremely accurate timestamps, and source/destination port numbers. If this is not enough information for you, YOU will have to increase or improve your tracing and logging to mitigate future attacks.
* A NOTE TO RESEARCH AND SECURITY SCANNERS: https://cloudblock.espresso-gridpoint.net/scanners.html
