Once you received the Malicious Activity abuse report on your web hosting service, you have to check that abuse report, there we will be mentioning the detailed information about abuse activity on the VPS, then you start investigating it as per the malicious logs in the report.
Example of Malicious Activity:
The following table of IP addresses, dates, and times should help you correlate the origin of the abusive activity. The time stamps are approximate from our logs. The actual timing of the events depend on the signature matched. It is very likely to have occurred both before, during and following the times listed.
Approximate Time Range (UTC), IP Address, Reason
2017-07-10 06:13 ~ 2017-07-10 06:43 (UTC), 81.171.*.***, Account Takeover Attempts
2017-07-10 15:46 ~ 2017-07-10 16:16 (UTC), ***CENSORED***, Account Takeover Attempts
2017-07-10 19:34 ~ 2017-07-10 20:04 (UTC), ***CENSORED***, Account Takeover Attempts
2017-07-10 20:34 ~ 2017-07-10 21:04 (UTC), ***CENSORED***, Account Takeover Attempts
It is most likely the attack traffic is directed at one of the following endpoints:
account.example.com
auth.np.ac.example1.net
auth.api.example2.com
auth.api.np.ac.example1.net
These endpoints on our network are resolved by Geo DNS, so the IP addresses they resolve to will depend on the originating IP address.
We request you to take appropriate action to ensure that the reported content is removed and/or the reported activity is ceased before the following deadline: [ 01 hours as per IST]
Please note that failure to take timely action may, without any further warning, result in an IP block of the reported IP address or a complete suspension and/or termination of your account with ScopeHosts
If you feel that the notification is not valid, or if you need assistance from someone in the Abuse Prevention department, please contact us at [email protected] and [email protected]
- 0 Uživatelům pomohlo
