26/06/2014 [DMCA] @ United Kingdom 1 (80)
> your Server/Customer with the IP: *220.127.116.11* has attacked one of our servers/partners.
> The attackers used the method/service: *regbot* on: *Tue, 24 Jun 2014 21:46:32 +0100*.
> The time listed is from the server-time of the Blocklist-user who submitted the report.
> The attack was reported to the Blocklist.de-System on: *Tue, 24 Jun 2014 21:46:46 +0200*
> The IP has been automatically blocked for a period of time. For an IP to be blocked, it needs
> to have made several failed logins (ssh, imap....), tried to log in for an "invalid user", or have
> triggered several 5xx-Error-Codes (eg. Blacklist on email...), all during a short period of time.
> The Server-Owner configures the number of failed attempts, and the time period they have
> to occur in, in order to trigger a ban and report. Blocklist has no control over these settings.
> He has registered automatically on a honeypot Wiki/Forum/Blog-System....
> At the site there is a notice that all postings and registrations will be reported.
> He used xrumer or other Tools or had a false configured mod_rewrite/mod_proxy who is abused:
> If the IP is a Tor-Server: http://blog.blocklist.de/tor-server-owner/
> Please check the machine behind the IP 18.104.22.168 (relay.lusovps.com) and fix the problem.
> This is the 2 Attack (reported: 2) from this IP; see:
> If you need the logs in another format (rather than an attachment), please let us know.
> You can see the Logfiles online again: https://www.blocklist.de/en/logs.html?rid=521610877&ip=22.214.171.124
> You can parse this abuse report mail with X-ARF-Tools from http://www.x-arf.org/tools.html e.g. validatexarf-php.tar.gz.
> You can find more information about X-Arf V0.2 at http://www.x-arf.org/specification.html
> This message will be sent again in one day if more attacks are reported to Blocklist.
> In the attachment of this message you can find the original logs from the attacked system.
> To pause this message for one week, you can use our "Stop Reports" feature on Blocklist.de to submit
> the IP you want to stop recieving emails about, and the email you want to stop receiving them on.
> If more attacks from your network are recognized after the seven day grace period, the reports will start
> being sent again.
> To pause these reports for one week:
> We found this abuse email address in the Whois-Data from the IP under the SearchString "abuse-mailbox (own-db)"
> Reply to this message to let us know if you want us to send future reports to a different email. (e.g. to abuse-quiet or a special address)
> blocklist.de Abuse-Team
> This message was sent automatically. For questions please use our Contact-Form (autogenerated@ is not monitored!):
> Logfiles: https://www.blocklist.de/en/logs.html?rid=521610877&ip=126.96.36.199
> Reported-From: email@example.com
> Category: abuse
> Report-Type: regbot
> Service: regbot
> Version: 0.2
> User-Agent: Fail2BanFeedBackScript blocklist.de V0.2
> Date: Tue, 24 Jun 2014 21:46:32 +0100
> Source-Type: ip-address
> Source: 188.8.131.52
> Port: 80
> Report-ID: firstname.lastname@example.org
> Schema-URL: http://www.blocklist.de/downloads/schema/info_0.1.1.json
> Attachment: text/plain
> 184.108.40.206 - - [24/Jun/2014:21:46:32 +0100] "POST /profile.php HTTP/1.0" 200 790 "-" "-"
> Username: juiceart29
> User Email: Gladisbwzgmj@outlook.com
> User ICQ:
> User AIM:
> User MSN:
> User Yahoo:
> Location: Washington
> User Signature:
Action that has been taken from Proxy.sh: Because the server is located in a jurisdiction with precise intellectual property laws, we have reset accounts who forwarded port 80 (nothing may identify a single account) and we have blocked port 80 via Firewall.