Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Fwd: [6.18.2018 41838585] Suspicious Activity Originating from Your Cox. net IP Address
- ---------- Forwarded message ---------
- From: Cox Customer Safety <abuse@cox.net>
- Date: Mon, Jun 18, 2018, 7:36 AM
- Subject: [6.18.2018 41838585] Suspicious Activity Originating from Your Cox. net IP Address
- To: <REDACTED@cox.net>, <REDACTED@gmail.com>
- Dear Subscriber,
- We have received data or complaints showing a possible attack, probe or trojan-generated spam activity originating from your Cox.net IP address. Details of this activity are included below.
- If you are unaware of how this occurred, we suggest that you speak with any other persons whom you may share your Cox Internet Service with. If you are operating a wireless network, we recommend enabling encryption to prevent unauthorized parties from using your service. You should also update your anti-virus software and run a full scan on your systems.
- You might also try scanning your systems with these free trojan removal tools:
- Malware Bytes
- http://www.malwarebytes.org/
- Microsoft Safety Scanner
- http://www.microsoft.com/security/scanner/
- Thank you for your prompt attention to this matter.
- - Cox Customer Safety
- * Periodically Cox sends emails about changes in our service that affect you. Please note that if you unsubscribe from promotional emails, we will continue to send you important or time sensitive email messages about your service such as this. Cox will never send you an email asking for your personal information, such as passwords.
- --- The following material was provided to us as evidence ---
- [Part 0:0 (plain text)]
- Dear Provider,
- I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to inform you that we have detected malicious requests from the IP 72.195.209.215 directed at our clients’ servers.
- As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients’ servers.
- Servers are increasingly exposed as the targets of botnet attacks and you might not be aware that your server is being used as a “bot” to send malicious attacks over the Internet.
- I've collected the 3 earliest logs below, and you can find the freshest 100, that may help you disinfect your server, under the link.
- http://bitninja.io/incidentReport.php?details=a224f06adb808375e5?utm_source=incident&utm_content=publicpage. The timezone is UTC +1:00.
- <pre style='padding:10px 20px; background:#e6e6e6;margin-bottom:10px'>{
- "PORT HIT": "72.195.209.215:47300->X.X.X.X:23",
- "MESSAGES": "Array
- (
- [09:56:08] => enable
- system
- shell
- sh
- [09:56:08+1] => cat /proc/mounts; /bin/busybox ANTCU
- )
- "
- }</pre><pre style='padding:10px 20px; background:#e6e6e6;margin-bottom:10px'>{
- "PORT HIT": "72.195.209.215:39173->X.X.X.X:23",
- "MESSAGES": "Array
- (
- [17:04:52] => enable
- system
- shell
- sh
- [17:04:52+1] => cat /proc/mounts; /bin/busybox UYUNA
- )
- "
- }</pre><pre style='padding:10px 20px; background:#e6e6e6;margin-bottom:10px'>{
- "PORT HIT": "72.195.209.215:55960->X.X.X.X:23",
- "MESSAGES": "Array
- (
- [12:03:38] => enable
- system
- shell
- sh
- [12:03:38+1] => cat /proc/mounts; /bin/busybox EBGBL
- )
- "
- }</pre>
- Please keep in mind that after the first intrusion we log all traffic between your server and the BitNinja-protected servers until the IP is removed from the greylist. This means you may see valid logs beside the malicious actions in the link above. If you need help finding the malicious logs, please don’t hesitate to contact our incident experts by replying to this e-mail.
- For more information on analyzing and understanding outbound traffic, check out this:
- https://doc.bitninja.io/_images/bitninja-incident-report-1.jpg?utm_source=incident&utm_campaign=investigation&utm_content=image
- We’ve also dedicated an entire site help people prevent their server from sending malicious attacks:
- https://doc.bitninja.io/investigations.html?utm_source=incident&utm_campaign=investigation&utm_content=documentation
- Thank you for helping us make the Internet a safer place!
- Regards,
- George Egri
- CEO at BitNinja.io
- BitNinja.io @ BusinessInsider UK
- BitNinja.io hits the WHIR.com
- BitNinja @ CodeMash conference
- [Part 0:1:0 (html text)]
- <html><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
- <title>Incident report - BitNinja.io</title>
- <style type="text/css">
- .consview a:link, .consview a:visited {
- color: #2669a3 !important;
- }
- a[class='consview'], a.consview {
- text-decoration: none !important;
- border-bottom: 1px solid #2669a3 !important;
- }
- a {
- text-decoration: none !important;
- }
- </style>
- </head><body style="background-color: #ffffff;">
- <p><meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
- <title>Incident report - BitNinja.io</title>
- </p>
- <table style="width: 665px; min-width: 665px; max-width: 665px;" cellspacing="0" cellpadding="0" border="0">
- <tbody>
- <tr>
- <td style="background-color: #fff; vertical-align: top;" valign="top" bgcolor="#fff">
- <div style="background: #282C37; padding: 20px; text-align: center;"><img alt="" src="cid:part1.6af6d9518894aae1d19b7c794ab98496" title="" width="199" height="67"></div>
- </td>
- </tr>
- <tr>
- <td style="height: 40px; min-height: 40px; max-height: 40px; vertical-align: top; background-color: #ffffff;" valign="top" height="40" bgcolor="#ffffff"> </td>
- </tr>
- <tr>
- <td style="vertical-align: top; background-color: #ffffff; height: 20px; min-height: 20px; max-height: 20px;" valign="top" height="20" bgcolor="#ffffff">
- <table style="width: 665px; min-width: 665px; max-width: 665px;" cellspacing="0" cellpadding="0" border="0">
- <tbody>
- <tr>
- <td style="width: 40px; min-width: 40px; max-width: 40px;" width="40"> </td>
- <td style="width: 585px; min-width: 585px; max-width: 585px; text-align: justify;" width="585"><span style="font-size: small; font-family: tahoma, arial, helvetica, sans-serif;"><div id="cons_content_tartalom" aria-hidden="true" style=""><p><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">Dear Provider,</span></p>
- <p><br><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to inform you that we have detected malicious requests from the IP 72.195.209.215 directed at our clients’ servers.</span></p>
- <p><br><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients’ servers.</span></p>
- <p><br><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">Servers are increasingly exposed as the targets of botnet attacks and you might not be aware that your server is being used as a “bot” to send malicious attacks over the Internet.<br></span></p>
- <p><br><span></span><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">I've collected the 3 earliest logs below, and you can find the freshest 100, that may help you disinfect your server, under the link. The timezone is UTC +2:00.</span><br><a href="http://bitninja.io/incidentReport.php?details=a224f06adb808375e5?utm_source=incident&utm_content=publicpage" target="_blank">http://bitninja.io/incidentReport.php?details=a224f06adb808375e5</a><a href="http://bitninja.io/incidentReport.php?details=a224f06adb808375e5"></a></p>
- <p></p>
- <p><pre style='padding:10px 20px; background:#e6e6e6;margin-bottom:10px'>{
- "PORT HIT": "72.195.209.215:47300->X.X.X.X:23",
- "MESSAGES": "Array
- (
- [09:56:08] => enable
- system
- shell
- sh
- [09:56:08+1] => cat /proc/mounts; /bin/busybox ANTCU
- )
- "
- }</pre><pre style='padding:10px 20px; background:#e6e6e6;margin-bottom:10px'>{
- "PORT HIT": "72.195.209.215:39173->X.X.X.X:23",
- "MESSAGES": "Array
- (
- [17:04:52] => enable
- system
- shell
- sh
- [17:04:52+1] => cat /proc/mounts; /bin/busybox UYUNA
- )
- "
- }</pre><pre style='padding:10px 20px; background:#e6e6e6;margin-bottom:10px'>{
- "PORT HIT": "72.195.209.215:55960->X.X.X.X:23",
- "MESSAGES": "Array
- (
- [12:03:38] => enable
- system
- shell
- sh
- [12:03:38+1] => cat /proc/mounts; /bin/busybox EBGBL
- )
- "
- }</pre><br><br></p>
- <p><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">Please keep in mind that after the first intrusion we log all traffic between your server and the BitNinja-protected servers until the IP is removed from the greylist. This means you may see valid logs beside the malicious actions in the link above. If you need help finding the malicious logs, please don’t hesitate to contact our incident experts by replying to this e-mail.</span></p>
- <p></p>
- <p><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">For more information on analyzing and understanding outbound traffic, check out this:<br><a href="https://doc.bitninja.io/_images/bitninja-incident-report-1.jpg?utm_source=incident&utm_campaign=investigation&utm_content=image" title="https://doc.bitninja.io/_images/bitninja-incident-report-1.jpg">https://doc.bitninja.io/_images/bitninja-incident-report-1.jpg?</a></span></p>
- <p><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;"><a href="https://bitninja.io/wp-content/uploads/2016/07/bitninja-incident-report-1.jpg"></a></span><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">We’ve also dedicated an entire site help people prevent their server from sending malicious attacks: <br></span><a href="https://doc.bitninja.io/investigations.html?utm_source=incident&utm_campaign=investigation&utm_content=documentation" style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">https://doc.bitninja.io/investigations.html</a></p>
- <p><br><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">Our incident experts are also happy to help you and can provide detailed logs if needed. Please, feel free to connect me with the administrator or technical team responsible for managing your server.</span></p>
- <p><br><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">Thank you for helping us make the Internet a safer place!</span></p>
- <p><br><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">Regards,</span></p>
- <p><br><span style="font-family: tahoma, arial, helvetica, sans-serif;"><span style="font-size: small;"><strong><span style="font-size: medium;">George Egri</span></strong><br></span><span style="font-size: small;">CEO at BitNinja.io</span></span></p>
- <p><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">BitNinja.io @ </span><a href="http://uk.businessinsider.com/cylons-grace-cassy-says-companies-fighting-asymmetric-warfare-against-hackers-2015-12" style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;">BusinessInsider UK</a></p>
- <p><span style="font-size: small; font-family: tahoma, arial, helvetica, sans-serif;">BitNinja.io hits the <a href="http://www.thewhir.com/web-hosting-news/canadian-web-hosting-partners-with-bitninja-for-security">WHIR.com<br></a>BitNinja @ <a href="https://www.youtube.com/watch?v=fomS_3Q7520">CodeMash conference</a></span></p>
- <p><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;"> </span></p></div></span></td>
- <td style="width: 40px; min-width: 40px; max-width: 40px;" width="40"> </td>
- </tr>
- </tbody>
- </table>
- </td>
- </tr>
- <tr>
- <td style="vertical-align: top; background-color: #ffffff; height: 40px; min-height: 40px; max-height: 40px;" valign="top" height="40" bgcolor="#ffffff"> </td>
- </tr>
- <tr>
- <td>
- <div style="background: #282C37; padding: 20px; text-align: center; color: #fff;"><div id="cons_content_lablec" aria-hidden="true" style=""><p style="text-align: center;"><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: medium;">Partnered by:</span></p>
- <p style="text-align: center; background: rgba(255,255,255,.4); border-radius: 10px;"><span style="font-size: small; font-family: tahoma, arial, helvetica, sans-serif;"><img alt="" height="146" src="cid:part2.2876a67dba1708bff791ca2736d50afe" title="" width="534"></span></p>
- <p style="text-align: center;"><span style="font-family: tahoma, arial, helvetica, sans-serif; font-size: small;"><span style="color: #ffffff;"></span></span></p></div></div>
- </td>
- </tr>
- </tbody>
- </table>
- <p></p>
- <p></p>
- </body></html>
- [Part 0:1:1 (png image)] Not displayed
- [Part 0:1:2 (png image)] Not displayed
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement