MIME-Version: 1.0 Reply-To: "Abuse-Team" From: "Abuse-Team" Sender: noreply@Domain1.tld Errors-To: noreply@Domain1.tld Auto-Submitted: auto-generated Content-Transfer-Encoding: 7bit Subject: abuse report about 89.149.xxx.xxx - Tue, 18 Feb 2025 00:48:09 +0100 Content-Type: multipart/mixed; boundary="Abuse-c2454e3419c29ea97b2d5b8f3e50f4b1"; X-XARF: yes --Abuse-c2454e3419c29ea97b2d5b8f3e50f4b1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=utf-8; Hello Abuse-Team, your Server with the IP: 89.149.xxx.xxx has attacked one of our server on the service: "ssh" on Time: Tue, 18 Feb 2025 00:48:09 +0100 The IP was automatically blocked for more than 10 minutes. To block an IP, it needs 3 failed Logins, one match for "invalid user" or a 5xx-Error-Code (eg. Blacklist)! Please check the machine behind the IP 89.149.xxx.xxx (geht auch mit gethostbyaddr($ip)) and fix the problem. You can parse this Mail with X-ARF-Tools (1. attachment = Details, 2. attachment = Logs). You found more Information about X-Arf under http://www.x-arf.org/specification.html In the attachment of this mail you can find the original protocols of our systems. footer with pgp-signature and more stuff --Abuse-c2454e3419c29ea97b2d5b8f3e50f4b1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=utf-8; name="report.txt"; Reported-From: noreply@Domain1.tld Category: abuse Report-Type: login-attack Service: ssh Version: 0.2 User-Agent: V0.0.1 domain.tld Date: Tue, 18 Feb 2025 00:48:09 +0100 Source-Type: Source: 89.149.xxx.xxx Port: 22 Report-ID: 173983608947518101@Domain1.tld Schema-URL: http://www.x-arf.org/schema/abuse_login-attack_0.1.2.json Attachment: text/plain --Abuse-c2454e3419c29ea97b2d5b8f3e50f4b1 MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=utf-8; name="logfile.log"; logfiles/Spam-Mail/Header.... --Abuse-c2454e3419c29ea97b2d5b8f3e50f4b1--