<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
        {font-family:"Cambria Math";
        panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:"Source Sans Pro";
        panose-1:2 11 5 3 3 4 3 2 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:#0563C1;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:#954F72;
        text-decoration:underline;}
p.MsoPlainText, li.MsoPlainText, div.MsoPlainText
        {mso-style-priority:99;
        mso-style-link:"Plain Text Char";
        margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri",sans-serif;
        color:windowtext;}
span.PlainTextChar
        {mso-style-name:"Plain Text Char";
        mso-style-priority:99;
        mso-style-link:"Plain Text";
        font-family:"Calibri",sans-serif;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri",sans-serif;
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-AU" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi UCC,<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We’ve received numerous alerts and reports from abusix regarding login-attack abuse originated from IP 130.95.13.140<o:p></o:p></p>
<p class="MsoNormal">I need to get in touch with an admin looking after the system. Are you able to contact me ASAP?
<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">----------------------------------------------<o:p></o:p></p>
<p class="MsoNormal"><i>Reported-From: admin@hostingru.net<o:p></o:p></i></p>
<p class="MsoNormal"><i>Report-ID: 1581246427@s7.hostingru.net<o:p></o:p></i></p>
<p class="MsoNormal"><i>Category: abuse<o:p></o:p></i></p>
<p class="MsoNormal"><i>Report-Type: login-attack<o:p></o:p></i></p>
<p class="MsoNormal"><i>Service: sshd<o:p></o:p></i></p>
<p class="MsoNormal"><i>User-Agent: csf v14.01<o:p></o:p></i></p>
<p class="MsoNormal"><i>Date: 2020-02-09T14:07:07+0300<o:p></o:p></i></p>
<p class="MsoNormal"><i>Source: 130.95.13.140<o:p></o:p></i></p>
<p class="MsoNormal"><i>Source-Type: ipv4<o:p></o:p></i></p>
<p class="MsoNormal"><i>Attachment: text/plain<o:p></o:p></i></p>
<p class="MsoNormal"><i>Schema-URL: https://download.configserver.com/abuse_login-attack_0.2.json<o:p></o:p></i></p>
<p class="MsoNormal">----------------------------------------------<o:p></o:p></p>
<p class="MsoNormal"><i>Feb  9 14:03:20 s7 sshd[210605]: Invalid user cay from 130.95.13.140<o:p></o:p></i></p>
<p class="MsoNormal"><i>Feb  9 14:03:20 s7 sshd[210605]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.95.13.140
<o:p></o:p></i></p>
<p class="MsoNormal"><i>Feb  9 14:03:23 s7 sshd[210605]: Failed password for invalid user cay from 130.95.13.140 port 48399 ssh2<o:p></o:p></i></p>
<p class="MsoNormal"><i>Feb  9 14:07:05 s7 sshd[215548]: Invalid user nzp from 130.95.13.140<o:p></o:p></i></p>
<p class="MsoNormal"><i>Feb  9 14:07:05 s7 sshd[215548]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=130.95.13.140
<o:p></o:p></i></p>
<p class="MsoNormal">----------------------------------------------<o:p></o:p></p>
<p class="MsoPlainText"><i>An attempt to brute-force account passwords over SSH/FTP by a machine in your domain or in your network has been detected. Attached are the host who attacks and time / date of activity. Please take the necessary action(s) to stop
 this activity immediately. If you have any questions please reply to this email.<o:p></o:p></i></p>
<p class="MsoPlainText"><i><o:p> </o:p></i></p>
<p class="MsoPlainText"><i>Host of attacker: 130.95.13.140 => mpw.ucc.gu.uwa.edu.au => mpw.ucc.gu.uwa.edu.au Responsible email contacts:
<a href="mailto:abuse@uwa.edu.au">abuse@uwa.edu.au</a> Attacked hosts in our Network: 77.75.250.74, 178.250.15.156, 37.228.154.132, 77.75.249.212, 77.75.253.74, 37.228.154.97, 178.250.12.36, 178.250.12.154, 37.228.155.59, 37.228.156.7, 37.228.154.45, 85.158.183.120,
 85.158.183.205, 178.250.15.80, 178.250.10.54, 37.228.156.61<o:p></o:p></i></p>
<p class="MsoPlainText"><i><o:p> </o:p></i></p>
<p class="MsoPlainText"><i>Logfile entries (time is MET / GMT+1):<o:p></o:p></i></p>
<p class="MsoPlainText"><i>Sun Feb  9 01:07:19 2020: user: fiz service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 01:04:19 2020: user: pfs service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 01:01:29 2020: user: php service:
 ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:58:39 2020: user: zvr service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:55:49 2020: user: wz service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:53:09 2020:
 user: yna service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:50:19 2020: user: bzj service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:47:29 2020: user: huz service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun
 Feb  9 00:44:39 2020: user: nwt service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:41:49 2020: user: mdj service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:39:09 2020: user: czb service: ssh target: 37.228.154.97 source:
 130.95.13.140 Sun Feb  9 00:36:19 2020: user: soe service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:33:29 2020: user: lg service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:30:39 2020: user: uhj service: ssh target:
 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:27:59 2020: user: qpv service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:25:19 2020: user: guu service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:22:29 2020: user: eqe
 service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:19:39 2020: user: vzw service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:16:59 2020: user: iij service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:14:29
 2020: user: tsm service: ssh target: 37.228.154.97 source: 130.95.13.140 Sun Feb  9 00:12:09 2020: user: uxm service: ssh target: 37.228.154.97 source: 130.95.13.140 Sat Feb  8 23:55:29 2020: user: jhw service: ssh target: 37.228.154.97 source: 130.95.13.140
 Sat Feb  8 23:46:37 2020: user: ung service: ssh target: 37.228.156.61 source: 130.95.13.140 Sat Feb  8 23:46:00 2020: user: ung service: ssh target: 178.250.12.154 source: 130.95.13.140 Sat Feb  8 23:45:23 2020: user: ung service: ssh target: 85.158.183.205
 source: 130.95.13.140 Sat Feb  8 23:39:03 2020: user: ung service: ssh target: 77.75.253.74 source: 130.95.13.140 Sat Feb  8 23:37:34 2020: user: ung service: ssh target: 37.228.155.59 source: 130.95.13.140 Sat Feb  8 23:36:28 2020: user: ung service: ssh
 target: 77.75.249.212 source: 130.95.13.140 Sat Feb  8 23:34:46 2020: user: ung service: ssh target: 178.250.10.54 source: 130.95.13.140 Sat Feb  8 23:31:46 2020: user: ung service: ssh target: 85.158.183.120 source: 130.95.13.140 Sat Feb  8 23:22:12 2020:
 user: bvt service: ssh target: 178.250.15.156 source: 130.95.13.140 Sat Feb  8 23:20:50 2020: user: bvt service: ssh target: 178.250.12.36 source: 130.95.13.140 Sat Feb  8 23:13:45 2020: user: uni service: ssh target: 37.228.156.7 source: 130.95.13.140 Sat
 Feb  8 17:30:19 2020: user: eqj service: ssh target: 77.75.250.74 source: 130.95.13.140 Sat Feb  8 17:25:04 2020: user: eqj service: ssh target: 178.250.15.80 source: 130.95.13.140 Sat Feb  8 17:24:38 2020: user: eqj service: ssh target: 37.228.154.132 source:
 130.95.13.140 Sat Feb  8 17:18:13 2020: user: eqj service: ssh target: 37.228.154.45 source: 130.95.13.140<o:p></o:p></i></p>
<p class="MsoNormal">----------------------------------------------<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Thanks.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal" style="background:white"><b><span style="font-family:"Arial",sans-serif;color:#27348B;mso-fareast-language:EN-AU">Owen Que</span></b><b><span style="font-size:12.0pt;font-family:"Arial",sans-serif;color:#27348B;mso-fareast-language:EN-AU"><o:p></o:p></span></b></p>
<p class="MsoNormal" style="background:white"><b><span style="font-family:"Arial",sans-serif;color:#27348B;mso-fareast-language:EN-AU">Cyber Security Analyst, Cyber Security Technology Risk<o:p></o:p></span></b></p>
<p class="MsoNormal" style="background:white"><b><span style="font-family:"Arial",sans-serif;color:#27348B;mso-fareast-language:EN-AU"><o:p> </o:p></span></b></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Arial",sans-serif;color:#4C4C4E;mso-fareast-language:EN-AU">University IT</span><span style="font-family:"Arial",sans-serif;color:#27348B;mso-fareast-language:EN-AU">  • </span><span style="font-family:"Arial",sans-serif;color:#4C4C4E;mso-fareast-language:EN-AU"> M463, 35
 Stirling Hwy, Perth WA 6009<o:p></o:p></span></p>
<p class="MsoNormal"><b><span style="font-family:"Arial",sans-serif;color:#27348B;mso-fareast-language:EN-AU">T </span></b><span style="font-family:"Arial",sans-serif;color:#4C4C4E;mso-fareast-language:EN-AU">+61 8 6488 2092
</span><span style="font-family:"Arial",sans-serif;color:#27348B;mso-fareast-language:EN-AU">• </span><span style="font-family:"Arial",sans-serif;color:#4C4C4E;mso-fareast-language:EN-AU"> </span><b><span style="font-family:"Arial",sans-serif;color:#27348B;mso-fareast-language:EN-AU">E </span></b><span style="color:#1F497D;mso-fareast-language:EN-AU"><a href="mailto:owen.que@uwa.edu.au"><span style="font-family:"Arial",sans-serif;color:#0563C1">owen.que@uwa.edu.au</span></a></span><span style="color:#44546A;mso-fareast-language:EN-AU"><o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Arial",sans-serif;color:#4C4C4E;mso-fareast-language:EN-AU"><o:p> </o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Arial",sans-serif;color:#4C4C4E;mso-fareast-language:EN-AU">For guidance on how to stay safe online visit:
</span><span style="color:#1F497D;mso-fareast-language:EN-AU"><a href="http://cybersecurity.it.uwa.edu.au/"><span style="font-family:"Arial",sans-serif;color:blue">http://cybersecurity.it.uwa.edu.au</span></a></span><span style="font-family:"Arial",sans-serif;color:#4C4C4E;mso-fareast-language:EN-AU">
<o:p></o:p></span></p>
<p class="MsoNormal" style="background:white"><span style="font-family:"Arial",sans-serif;color:#4C4C4E;mso-fareast-language:EN-AU"><o:p> </o:p></span></p>
<table class="MsoNormalTable" border="0" cellspacing="0" cellpadding="0" width="100%" style="width:100.0%;background:white;border-collapse:collapse">
<tbody>
<tr>
<td width="170" valign="bottom" style="width:127.5pt;border:none;border-bottom:solid #27348B 6.0pt;padding:0cm 0cm 0cm 0cm">
<p class="MsoNormal"><a href="http://www.uwa.edu.au/university-campaigns-resources/emailsig2015/uwa-logo/"><span style="font-family:"Source Sans Pro",sans-serif;color:#2734AB;mso-fareast-language:EN-AU;text-decoration:none"><img border="0" width="170" height="76" style="width:1.7708in;height:.7916in" id="Picture_x0020_23" src="cid:image001.gif@01D5DFF4.2D143150" alt="The University of Western Australia"></span></a><span style="font-size:12.0pt;font-family:"Source Sans Pro",sans-serif;color:#262626;mso-fareast-language:EN-AU"><o:p></o:p></span></p>
</td>
<td valign="bottom" style="border:none;border-bottom:solid #E2B600 6.0pt;padding:0cm 0cm 0cm 15.0pt">
<p class="MsoNormal"><a href="http://www.uwa.edu.au/university-campaigns-resources/emailsig2015/pursue"><span style="font-family:"Source Sans Pro",sans-serif;color:#2734AB;mso-fareast-language:EN-AU;text-decoration:none"><img border="0" width="194" height="31" style="width:2.0208in;height:.3229in" id="Picture_x0020_22" src="cid:image002.gif@01D5DFF4.2D143150" alt="Pursue Impossible"></span></a><span style="font-family:"Source Sans Pro",sans-serif;color:#262626;mso-fareast-language:EN-AU"> </span><a href="http://www.uwa.edu.au/university-campaigns-resources/emailsig2015/facebook"><span style="font-family:"Source Sans Pro",sans-serif;color:#2734AB;mso-fareast-language:EN-AU;text-decoration:none"><img border="0" width="29" height="34" style="width:.302in;height:.3541in" id="Picture_x0020_21" src="cid:image003.gif@01D5DFF4.2D143150" alt="Facebook"></span></a><span style="font-family:"Source Sans Pro",sans-serif;color:#262626;mso-fareast-language:EN-AU"> </span><a href="http://www.uwa.edu.au/university-campaigns-resources/emailsig2015/twitter"><span style="font-family:"Source Sans Pro",sans-serif;color:#2734AB;mso-fareast-language:EN-AU;text-decoration:none"><img border="0" width="33" height="34" style="width:.3437in;height:.3541in" id="Picture_x0020_20" src="cid:image004.gif@01D5DFF4.2D143150" alt="Twitter"></span></a><span style="font-family:"Source Sans Pro",sans-serif;color:#262626;mso-fareast-language:EN-AU"> </span><a href="http://www.uwa.edu.au/university-campaigns-resources/emailsig2015/youtube"><span style="font-family:"Source Sans Pro",sans-serif;color:#2734AB;mso-fareast-language:EN-AU;text-decoration:none"><img border="0" width="53" height="30" style="width:.552in;height:.3125in" id="Picture_x0020_19" src="cid:image005.gif@01D5DFF4.2D143150" alt="Youtube"></span></a><span style="font-family:"Source Sans Pro",sans-serif;color:#262626;mso-fareast-language:EN-AU"><o:p></o:p></span></p>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span style="mso-fareast-language:EN-AU"><o:p> </o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>