12/10/2015 [DMCA] Webiron @ (80)
--- WE DO NOT RESPOND TO REPORT REPLIES - Please read the entire e-mail ---
=== You are receiving this e-mail in regard to abuse issues against our clients coming from the host at IP 22.214.171.124. ===
Webiron is a security service and this e-mail is being sent on behalf of our clients. We do not control how our clients configure their protection and as a result do not control how blocks and bans are generated.
We are committed to providing useful information on abuse issues on behalf of our clients to help stop issues related to issues that seem to originate from within your network.
We also understand and value your time and have built in queues to ensure these e-mails are informative and not overwhelming in volume.
If you are responsible for abuse issues however the IP being reported does not belong to you, please open a ticket or email us to let us know of the error and we'll correct it as soon as possible. However if you're not and this reached you in error, please reply with the word REMOVE (in all caps) in the subject line and you will be placed on our "do not e-mail" list for abuse issues.
Please note due to he retaliatory nature of attackers and the abundance of internet abuse havens out there, we do not give out the exact IP of our clients. If you require further assistance we will be more than happy to to work with you. Just open a ticket our contact us with the details below.
If you run a VPN, anonymizer service (like a TOR exit or proxy node), or business intelligence not contracted with the site owner, then we request that the targeted range be blocked from your service. If it is being blocked, then it's at the right and choice of our clients to refuse access.
Tor exit operators and/or upstream provides please see our guide on blocking traffic from exit nodes.
A little about our service. Our bans are very short (30s seconds to a few minutes depending on client configs) and removed automatically once abuse has stopped. We are a server protection solution designed to help administrators, enterprises and hosting services secure their end points and reduce SOC resources.
To get a current status on the offending IP visit our lookup
Please feel free to sent us your comments or responses. If you are inquiring for more information you must disclosed the offending IP. to contact us via e-mail, use email@example.com, however if you require a ticket tracked response you can open one at Webiron.com
--- Blacklist Warning ---
Failure to handle abuse issues will increase your chances of ending up on our public Real-Time Abuse Response Blacklist (WARB)
For further details on WARB see: WARB
*** Note *** - All times are in America/Phoenix (-07:00) as denoted in the time stamp as '-07:00' on the end.
Unwanted and or Abusive Web Requests:
Offending/Source IP: 126.96.36.199
- Issue: Source has attempted the following botnet activity: WordPress Login Brute Force
- Block Type: New Ban
- Time: 2015-10-10 12:24:19-07:00
- Port: 80
- Service: http
- Report ID: c6b46ca8-9cbe-4c70-b734-9078a607a268
- Bot Fingerprint: 03bb1a043d189522c4df25c77592268c
- Bot Node Feed: https://www.webiron.com/bot_feed/03bb1a043d189522c4df25c77592268c
- Targeted Range: 188.8.131.52/24
- Targeted URL: http://[Site Host Removed For Privacy]/wp-login.php
- User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
- GET/POST Arguments Sent: pwd, wp-submit, testcookie, log, redirect_to
Action that has been taken from Proxy.sh: Because the server is located in a jurisdiction with precise intellectual property laws, we have reset accounts who forwarded port 80 (nothing may identify a single account) and we have blocked port 80 via Firewall.