Dear Provider

I’m George Egri, the Co-Founder and CEO of BitNinja Server Security. I’m writing to inform you that we have detected malicious requests from the IP 188.xxx.xxx.220 directed at our clients’ servers.

As a result of these attacks, we have added your IP to our greylist to prevent it from attacking our clients’ servers.
Servers are increasingly the target of botnet attacks and you might not be aware that your server is being used as a “bot” to send malicious attacks over the Internet.

I’ve collected some detailed logs of the traffic that may help you disinfect your server

tcp 0 17349 212.#.#.110:80 188.xxx.xxx.220:4042 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3974 ESTABLISHED
tcp 0 23528 212.#.#.110:80 188.xxx.xxx.220:4046 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3976 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3980 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4049 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3997 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4032 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4051 ESTABLISHED
tcp 0 41850 212.#.#.110:80 188.xxx.xxx.220:4034 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3975 ESTABLISHED
tcp 0 3752 212.#.#.110:80 188.xxx.xxx.220:3992 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4010 ESTABLISHED
tcp 0 30278 212.#.#.110:80 188.xxx.xxx.220:4068 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3967 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3985 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4006 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:3983 ESTABLISHED
tcp 0 15303 212.#.#.110:80 188.xxx.xxx.220:4037 ESTABLISHED
tcp 0 0 212.#.#.110:80 188.xxx.xxx.220:4011 ESTABLISHED
..76 more lines.

We have enabled new firewall rules to filter out traffic of this nature. Once the responsible party is identified they will have their account terminated.

Also Read

IDS Alert
our IDS found suspicious activity from 178.162.197.1, please investigate! The packets form a...
UK SPAM Complaints phone4profit.com
Received: from [149.255.111.222] (HELO phone4profit.com)by inbound.appriver.com (CommuniGate Pro...
IP address(es) were blacklisted from the PlayStation Network
To whom it may concern, Pursuant to Sony Network Entertainment International LLC ("SNEI")...
Dorkbot Malware Infection
Sir/Ma’am, US-CERT Received a report from a trusted third party of a possible malicious...
brute force attempt
> Your IP address [162.253.128.212] has been blocked for attacking sshd > on our network....