Abuse Message [AbuseID:96FFE4:30]: AbuseNormalMail: [Autoreporter 79203205-3080-4924-90ae-e008153069ee] Summary of your network security incidents (Hetzner)

We have received information regarding spam and/or abuse from ncsc-fi-autoreporter@traficom.fi.
Please would you take all necessary measures to avoid this in the future.

We also request that you send a short response within 24 hours. This response should contain information about how this could have happened and what you intend to do about it.

Information:
NCSC-FI has received information regarding IP-addresses in your network which may have security problems. The information regarding the problems is included as an attachment in CSV format. Data lines have the following format:
asn|ip|source time|domain name|cc|type|uuid|info

Here cc refers to the country code, type to the type of the security problem, and uuid is the unique identifier of the event in Autoreporter. The info column is reserved for any additional information. The column always includes an anonymous identifier for the datasource that is used in the report. All timestamps are given in UTC.

This report is electronically signed using the PGP-key of Autoreporter. The key is available at
https://www.kyberturvallisuuskeskus.fi/sites/default/files/media/file/NCSC-FI_AUTOREPORTER_2019-2024.txt

For more information on the reported events please contact NCSC-FI at cert@traficom.fi.

Network:
— — asn: 24940
— — ip range:

Report:
— — start UTC time: 2021-10-31 06:00:06Z
— — end UTC time: 2021-11-01 07:00:05Z


asn|ip|source time|domain name|mail cc|type|uuid|info


24940|95.216.32.35|2021-10-31 00:01:40Z||FI|bot|d69107e6-fe12-4519-9d69-eac799bbf1a3|Datasource: b, C&C Dns: autoconfig.torpig-sinkhole.org, C&C Ip: 87.106.18.122, C&C Port: 80, Http Request: /mail/config-v1.1.xml?emailaddress=test%40torpig-sinkhole.org, Source Port: 63339

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *