Dear Provider

I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to inform you that we have detected malicious requests from the IP 188.xxx.xxx.220 directed at our clients’ servers.

As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients’ servers.
Servers are increasingly the target of botnet attacks and you might not be aware that your server is being used as a “bot” to send malicious attacks over the Internet.

I’ve collected some detailed logs of the traffic that may help you disinfect your server

tcp 0 17349 212.#.#.110:80 188.xxx.xxx.220:4042 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3974 ESTABLISHED
tcp 0 23528 212.#.#.110:80 188.xxx.xxx.220:4046 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3976 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3980 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4049 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3997 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4032 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4051 ESTABLISHED
tcp 0 41850 212.#.#.110:80 188.xxx.xxx.220:4034 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3975 ESTABLISHED
tcp 0 3752 212.#.#.110:80 188.xxx.xxx.220:3992 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4010 ESTABLISHED
tcp 0 30278 212.#.#.110:80 188.xxx.xxx.220:4068 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3967 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3985 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4006 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3983 ESTABLISHED
tcp 0 15303 212.#.#.110:80 188.xxx.xxx.220:4037 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4011 ESTABLISHED
..76 more lines.

We have enabled new firewall rules to filter out traffic of this nature. Once the responsible party is identified they will have their account terminated.

Also Read

Brute Force Attempt
Dear Client, We have received the below abuse message regarding your services. Please deal with...
California - Open Resolver DDoS
You appear to be running an open recursive resolver at IP address 199.241.145.147 that...
IP addresses(es) were blacklisted from the PlayStation Network
To whom it may concern, Pursuant to Sony Network Entertainment International LLC ("SNEI")...
Network attack received from an IP on your network
Hi, We have detected a network attack from an IP ( Redacted ) from your network, a computer...
New Jersey - DDOS from 108.61.1xx.xxx
Recently, we have detected a DDOS attack from 108.61.1xx.xxx:53. Based on the source port number,...