[adminFFM 00057] [jan at jluehr.de: Fwd: Abuse-Message [AbuseID:34AF7D:25]: AbuseInfoMail: IP address(es) were blacklisted from the PlayStation Network [201706076972]]

Christof Schulze christof.schulze at gmx.net
So Jun 11 13:12:01 CEST 2017 

----- Forwarded message from Jan Lühr <jan at jluehr.de> -----

Date: Sun, 11 Jun 2017 12:41:44 +0200
From: Jan Lühr <jan at jluehr.de>
To: Christof Schulze <christof.schulze at gmx.net>
Subject: Fwd: Abuse-Message [AbuseID:34AF7D:25]: AbuseInfoMail: IP address(es) were blacklisted from the
	PlayStation Network [201706076972]
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.1.1

Hallo,

mir fehlt da gerade ein wenig die Erklärung ... geht da wieder irgendwas
von ffm raus?

Danke,
Gruß, Jan



-------- Weitergeleitete Nachricht --------
Betreff: 	Abuse-Message [AbuseID:34AF7D:25]: AbuseInfoMail: IP
address(es) were blacklisted from the PlayStation Network [201706076972]
Datum: 	Thu, 08 Jun 2017 09:09:47 +0200
Von: 	abuse at hetzner.de
Antwort an: 	abuse at hetzner.de
An: 	



Sehr geehrte(r) Herr Jan Lühr,

wir haben einen Spam- bzw. Abuse-Hinweis von no-reply at snei.sony.com erhalten.

Die Weiterleitung dieser Beschwerde dient nur als Information für Sie.
Es steht Ihnen frei, ob Sie dem Grund der Beschwerde nachgehen.
Wir erwarten bezüglich dieser Beschwerde keine Rückmeldung Ihrerseits

Informationen:
To whom it may concern,

Pursuant to Sony Interactive Entertainment LLC ("SIE") corporate policy, the below IP addresses were blacklisted from using our services because SIE detected activity that is abusive to our network services. In our determination, the abusive activity was not related to velocity or volume (many users behind the same IP address, i.e. NAT), but matched the specific patterns of known abuse of our publicly available services. This abuse may be the result of a computer on your network that has been compromised and is participating in a botnet abuse of our services.

The following table of IP addresses, dates and times should help you correlate the origin of the abusive activity.  The time stamps are approximate from our logs.  The actual timing of the events depend on the signature matched.  It is very likely to have occurred both before, during and following the times listed.

It is most likely the attack traffic is directed at one of the following endpoints:

account.sonyentertainmentnetwork.com
auth.np.ac.playstation.net
auth.api.sonyentertainmentnetwork.com
auth.api.np.ac.playstation.net

These endpoints on our network are resolved by Geo DNS, so the IP addresses they resolve to will depend on the originating IP address.

The destination port will be TCP 443.

Please take the necessary measures to correct the malicious activity from the above-listed IP addresses as soon as possible to avoid any further disruptions. If we were to remove any of these IP addresses from the blacklist and subsequent abusive activity is detected, the IP address will be promptly blacklisted again.

We thank you for your prompt attention to this matter. If you require assistance or additional information please contact snei-noc-abuse at am.sony.com and include the IP address in question.

--------------------------------------------------------------------

Approximate Time Range (UTC),      IP Address, Reason


2017-06-07 20:48 ~ 2017-06-07 21:18 (UTC),       5.9.31.99, Account Takeover Attempts


Wichtiger Hinweis:
Wenn Sie uns antworten, lassen Sie bitte die Abuse-ID [AbuseID:34AF7D:25] im Betreff unverändert.

Mit freundlichen Grüßen

Sandra Betz

Hetzner Online GmbH
Industriestr. 25
91710 Gunzenhausen
Tel: +49 9831 505-0
Fax: +49 9831 505-3
abuse at hetzner.de
www.hetzner.de

Registergericht Ansbach, HRB 6089
Geschäftsführer: Martin Hetzner





----- End forwarded message -----

-- 
()  ascii ribbon campaign - against html e-mail
/\  against proprietary attachments

-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 181 bytes
Beschreibung: Digital signature
URL         : <http://lists.freifunk.net/mailman/private/admin-ffm-freifunk.net/attachments/20170611/f4d7e818/attachment.sig>

Mehr Informationen über die Mailingliste admin-ffm