Abuse 5.188.119.209

Здравствуйте.

В наш адрес поступила жалоба на Ваш сервер с адресом 5.188.119.209. Просим принять меры по устранению причин данной жалобы.

Текст жалобы:

I am Mark Bacsko, Incident Analyst at BitNinja Server Security. I’m writing to inform you that we have detected malicious requests from the IP 5.188.119.209 directed at our clients’ servers.

As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients’ servers.

Servers are increasingly exposed as the targets of botnet attacks and you might not be aware that your server is being used as a “bot” to send malicious attacks over the Internet.

I’ve collected the 3 earliest logs below, and you can find the freshest 100, that may help you disinfect your server, under the link. The timezone is UTC +2:00.
http://bitninja.io/incidentReport.php?details=27c2da6731f13c0b90

tcp 0 18919 150.95.55.159:80 5.188.119.209:60871 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60665 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:61047 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60791 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60997 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60750 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60764 ESTABLISHED
tcp 0 18107 150.95.55.159:80 5.188.119.209:60978 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60784 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60702 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60944 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60820 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60646 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60900 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60690 ESTABLISHED
tcp 0 0 150.95.55.158:443 5.188.119.209:60755 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60612 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60767 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:61041 ESTABLISHED
tcp 0 0 150.95.55.159:80 5.188.119.209:60746 ESTABLISHED
..197 more lines.
]
Url: [noguchi1234321.info/]
Remote connection: [5.188.119.209:62025]
Headers: [array (
‘Host’ => ‘noguchi1234321.info’,
‘Accept’ => ‘image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, /‘,
‘User-Agent’ => ‘Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko’,
‘UA-CPU’ => ‘AMD64’,
‘Accept-Encoding’ => ‘gzip, deflate’,
‘Connection’ => ‘Keep-Alive’,
‘Cache-Control’ => ‘no-cache’,
)]
Url: [tuuhanlife.info/]
Remote connection: [5.188.119.209:62045]
Headers: [array (
‘Host’ => ‘tuuhanlife.info’,
‘Accept’ => ‘image/gif, image/jpeg, image/pjpeg, image/pjpeg, application/x-shockwave-flash, application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-application, /‘,
‘User-Agent’ => ‘Mozilla/5.0 (Windows NT 6.2; WOW64; Trident/7.0; rv:11.0) like Gecko’,
‘UA-CPU’ => ‘AMD64’,
‘Accept-Encoding’ => ‘gzip, deflate’,
‘Connection’ => ‘Keep-Alive’,
‘Cache-Control’ => ‘no-cache’,
)]

Please keep in mind that after the first intrusion we log all traffic between your server and the BitNinja-protected servers until the IP is removed from the greylist. This means you may see valid logs beside the malicious actions in the link above. If you need help finding the malicious logs, please don’t hesitate to contact our incident experts by replying to this e-mail.

For more information on analyzing and understanding outbound traffic, check out this:
https://docs.bitninja.io/wp-content/uploads/2020/08/bitninja-incident-report-1-scaled-1.png

We’ve also dedicated an entire site help people prevent their server from sending malicious attacks:

https://docs.bitninja.io/serverprotection/doc/

Our incident experts are also happy to help you and can provide detailed logs if needed. Please, feel free to connect me with the administrator or technical team responsible for managing your server.

Thank you for helping us make the Internet a safer place!

Добавить комментарий

Ваш адрес email не будет опубликован.