MIME-Version: 1.0
Reply-To: "Abuse-Team"
From: "Abuse-Team"
Sender: noreply@Domain1.tld
Errors-To: noreply@Domain1.tld
Auto-Submitted: auto-generated
Content-Transfer-Encoding: 7bit
Subject: abuse report about 89.149.xxx.xxx - Tue, 18 Feb 2025 00:48:09 +0100
Content-Type: multipart/mixed;
boundary="Abuse-c2454e3419c29ea97b2d5b8f3e50f4b1";
X-XARF: yes
--Abuse-c2454e3419c29ea97b2d5b8f3e50f4b1
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf-8;
Hello Abuse-Team,
your Server with the IP: 89.149.xxx.xxx has attacked one of our server on the service:
"ssh" on Time: Tue, 18 Feb 2025 00:48:09 +0100
The IP was automatically blocked for more than 10 minutes. To block an IP, it needs
3 failed Logins, one match for "invalid user" or a 5xx-Error-Code (eg. Blacklist)!
Please check the machine behind the IP 89.149.xxx.xxx (geht auch mit gethostbyaddr($ip)) and fix the problem.
You can parse this Mail with X-ARF-Tools (1. attachment = Details, 2. attachment = Logs).
You found more Information about X-Arf under http://www.x-arf.org/specification.html
In the attachment of this mail you can find the original protocols of our systems.
footer with pgp-signature and more stuff
--Abuse-c2454e3419c29ea97b2d5b8f3e50f4b1
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf-8; name="report.txt";
Reported-From: noreply@Domain1.tld
Category: abuse
Report-Type: login-attack
Service: ssh
Version: 0.2
User-Agent: V0.0.1 domain.tld
Date: Tue, 18 Feb 2025 00:48:09 +0100
Source-Type:
Source: 89.149.xxx.xxx
Port: 22
Report-ID: 173983608947518101@Domain1.tld
Schema-URL: http://www.x-arf.org/schema/abuse_login-attack_0.1.2.json
Attachment: text/plain
--Abuse-c2454e3419c29ea97b2d5b8f3e50f4b1
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=utf-8; name="logfile.log";
logfiles/Spam-Mail/Header....
--Abuse-c2454e3419c29ea97b2d5b8f3e50f4b1--