This is a multi-part message in MIME format. --_----------=_1701494261306608230 Content-Disposition: inline Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="UTF-8" Sehr geehrte Damen und Herren! Sie sind der unmittelbare Upstream-Anbieter einer IP-Adresse, der Brute-Force-Angriffe gegen die folgenden Dienste durchf?hrt: * SSH (Secure Shell) Wir haben mehr als 6 Anmeldeversuche innerhalb von 6 Stunden beobachtet, die von der folgenden IP-Adresse stammen: 80.76.43.211 Wir haben zuletzt um 2023-12-01 23:49:02 UTC einen b?swilligen Anmeldeversuch von dieser IP-Adresse beobachtet. SSH (Secure Shell) (30 total) Date Source IP Target IP 2023-12-01 23:49:02 80.76.43.211 139.99.233.0/24 2023-12-01 23:47:24 80.76.43.211 139.99.233.0/24 2023-12-01 23:45:45 80.76.43.211 139.99.233.0/24 2023-12-01 23:44:05 80.76.43.211 139.99.233.0/24 2023-12-01 23:42:25 80.76.43.211 139.99.233.0/24 2023-12-01 23:40:46 80.76.43.211 139.99.233.0/24 2023-12-01 23:39:08 80.76.43.211 139.99.233.0/24 2023-12-01 23:37:30 80.76.43.211 139.99.233.0/24 2023-12-01 23:35:50 80.76.43.211 139.99.233.0/24 2023-12-01 23:34:13 80.76.43.211 139.99.233.0/24 Bitte untersuchen Sie die Quelle der b?swilligen Anmeldeversuche und ergreifen Sie Ma?nahmen, um den Angriff so schnell wie m?glich zu stoppen. Weitere Informationen zum erkannten Problem finden Sie unter https://incident.netcraft.com/e362387148b3/ Mit besten Gr??en, Netcraft Telefon: +44(0)1225 447500 Fax: +44(0)1225 448600 Netcraft-Ausgabenummer: 48316518 Um Aktualisierungen ?ber diesen Angriff zu erhalten, antworten Sie bitte auf diese E-Mail. Bitte beachten Sie: Antworten auf diese Adresse werden zwar protokolliert, aber nicht immer gelesen. Wenn Sie mehr Unterst?tzung ben?tigen, oder glauben, Sie haben diese E-Mail irrt?mlich erhalten, kontaktieren Sie bitte: takedown@netcraft.com. Diese E-Mail kann mit X-ARF-Tools geparsed werden. Weitere Informationen ?ber X-ARF-Tools finden Sie unter http://www.xarf.org/ ------------------- Dear Sir or Madam, You are the immediate upstream provider of an IP address performing brute force attacks against the following services: * SSH (Secure Shell) We have observed more than 6 login attempts within a 6 hour period originating from the following IP address: 80.76.43.211 We last observed a malicious login attempt from this IP address at 2023-12-01 23:49:02 UTC. SSH (Secure Shell) (30 total) Date Source IP Target IP 2023-12-01 23:49:02 80.76.43.211 139.99.233.0/24 2023-12-01 23:47:24 80.76.43.211 139.99.233.0/24 2023-12-01 23:45:45 80.76.43.211 139.99.233.0/24 2023-12-01 23:44:05 80.76.43.211 139.99.233.0/24 2023-12-01 23:42:25 80.76.43.211 139.99.233.0/24 2023-12-01 23:40:46 80.76.43.211 139.99.233.0/24 2023-12-01 23:39:08 80.76.43.211 139.99.233.0/24 2023-12-01 23:37:30 80.76.43.211 139.99.233.0/24 2023-12-01 23:35:50 80.76.43.211 139.99.233.0/24 2023-12-01 23:34:13 80.76.43.211 139.99.233.0/24 Please investigate the source of the malicious login attempts and take action to stop the attack as soon as possible. More information about the detected issue is provided at https://incident.netcraft.com/e362387148b3/ Regards, Netcraft Phone: +44(0)1225 447500 Fax: +44(0)1225 448600 Netcraft Issue Number: 48316518 To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com. This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf. --_----------=_1701494261306608230 Content-Disposition: inline Content-Transfer-Encoding: 7bit Content-Type: message/feedback-report MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Sat, 2 Dec 2023 05:17:41 +0000 Feedback-Type: xarf User-Agent: Netcraft Version: 1 --_----------=_1701494261306608230 Content-Disposition: attachment; filename="xarf.json" Content-Transfer-Encoding: base64 Content-Type: application/json; charset=utf-8; name="xarf.json" MIME-Version: 1.0 X-Mailer: MIME::Lite 3.030 (F2.85; T2.17; A2.20; B3.15; Q3.13) Date: Sat, 2 Dec 2023 05:17:41 +0000 eyJSZXBvcnRlckluZm8iOnsiUmVwb3J0ZXJPcmciOiJOZXRjcmFmdCIsIlJlcG9ydGVyT3JnRG9t YWluIjoibmV0Y3JhZnQuY29tIiwiUmVwb3J0ZXJPcmdFbWFpbCI6InRha2Vkb3duLXJlc3BvbnNl KzQ4MzE2NTE4QG5ldGNyYWZ0LmNvbSJ9LCJWZXJzaW9uIjoiMSIsIkRpc2Nsb3N1cmUiOnRydWUs IlJlcG9ydCI6eyJSZXBvcnRlckNhc2VJRCI6IjQ4MzE2NTE4IiwiU2FtcGxlcyI6W3siUGF5bG9h ZCI6IldlIGhhdmUgb2JzZXJ2ZWQgbW9yZSB0aGFuIDYgbG9naW4gYXR0ZW1wdHMgd2l0aGluIGEg NiBob3VyIHBlcmlvZCBvcmlnaW5hdGluZyBmcm9tIHRoaXMgSVAgYWRkcmVzcy4iLCJEZXNjcmlw dGlvbiI6IkJydXRlIEZvcmNlIEF0dGFjayBhZ2FpbnN0IG91ciBTU0ggU2VydmljZSIsIkJhc2U2 NEVuY29kZWQiOmZhbHNlLCJDb250ZW50VHlwZSI6InRleHQvcGxhaW4ifV0sIkRhdGUiOiIyMDIz LTEyLTAxVDIzOjQ5OjAyWiIsIkRlc3RpbmF0aW9uSXAiOiIxMzkuOTkuMjMzLjczIiwiUGFja2V0 Q291bnQiOjMwLCJTb3VyY2VJcCI6IjgwLjc2LjQzLjIxMSIsIkRlc3RpbmF0aW9uUG9ydCI6MjIs IlJlcG9ydENsYXNzIjoiQWN0aXZpdHkiLCJPbmdvaW5nIjp0cnVlLCJSZXBvcnRUeXBlIjoiTG9n aW5BdHRhY2siLCJSZXBvcnRlck5vdGVzIjoiU2VlIGh0dHBzOi8vaW5jaWRlbnQubmV0Y3JhZnQu Y29tL2UzNjIzODcxNDhiMy8gZm9yIG1vcmUgaW5mb3JtYXRpb24ifX0 --_----------=_1701494261306608230--
