Mail/web server abuse from 192.238.141.66 on 21 June 2025
Dear Abuse Team
The following abusive behavior from IP address under your constituency
192.238.141.66 has been detected:
2025-06-21 08:43:04 CEST, 192.238.141.66, old decay: 21600, prob: 3.13%, SMTP auth dictionary attack, target 185.199.25.198 :587
2025-06-21 22:58:28 CEST, 192.238.141.66, old decay: 21600, prob: 3.13%, SMTP auth dictionary attack, target 185.199.25.198 :587
192.238.141.66 was caught 3 times since Sat Jun 14 10:44:37 2025
original data from the mail log:
2025-06-21 08:43:00 CEST courieresmtpd: started,ip=[::ffff:192.238.141.66],port=[46198]
2025-06-21 08:43:04 CEST courieresmtpd: error,relay=::ffff:192.238.141.66,port=46198,msg="535 Authentication failed.",cmd: AUTH LOGIN info@montepu.it
2025-06-21 22:58:24 CEST courieresmtpd: started,ip=[::ffff:192.238.141.66],port=[37118]
2025-06-21 22:58:28 CEST courieresmtpd: error,relay=::ffff:192.238.141.66,port=37118,msg="535 Authentication failed.",cmd: AUTH LOGIN admin@upsidedown.it
This data is transmitted in the hope that it may help sanitizing hosts
connected to the Internet. Please feel free to forward it to whomever
it may concern.
This is an automated report. No thank-you messages are needed.
Data in this message is an automatic extraction from the log files.
Legend: https://www.tana.it/firewall_info.html
See also: https://www.abuseipdb.com/check/192.238.141.66
Recipient(s) found in http://rdap.arin.net/registry/ip/192.238.141.66