1. Forum
  2. Usenet
  3. NEWS.ADMIN.NET-ABUSE.EMAI

  • 141.98.83.80/24 (AS209588) strait from Panama ... SQL injection attacks

    From Randolf Richardson =?UTF-8?B?5by15p@21:1/5 to All on Mon Jul 29 09:29:01 2024
    The SQL injection attacks that were coming from Russia have
    moved to Panama, and are now making more attempts (thousands
    more that are targeting a few different clients who are not
    in related professions and don't know each other), possibly
    because Panama has a better internet connection for them? :D

    For anyone who wants to be preventive, I do hope that this IP
    address will be helpful for outright blocking (I suspect that
    it's only one compromised host in their netblock as I'm not
    seeing any connections from other addresses in their /24, so
    I don't recommend blocking their entire network). Cheers!

    WHOIS output for 141.98.83.80...

    % Abuse contact for '141.98.83.0 - 141.98.83.255' is
    'abuse@global-host.net'

    inetnum: 141.98.83.0 - 141.98.83.255
    netname: GLOBALHOST-NET
    country: PA
    admin-c: GNO15-RIPE
    abuse-c: GNO15-RIPE
    tech-c: GNO15-RIPE
    mnt-routes: GLOBAL-HOST
    mnt-lower: GLOBAL-HOST
    status: ASSIGNED PA
    mnt-by: mnt-pa-flyservers-1
    created: 2019-01-28T18:46:44Z
    last-modified: 2019-03-21T16:54:07Z
    source: RIPE

    role: GLOBAL-HOST NETWORK OPERATIONS
    address: Calle 76 Este San Francisco y Via Porras
    abuse-mailbox: abuse@global-host.net
    admin-c: SD12186-RIPE
    tech-c: SD12186-RIPE
    nic-hdl: GNO15-RIPE
    mnt-by: GLOBAL-HOST
    created: 2019-01-28T18:37:18Z
    last-modified: 2019-01-28T18:40:51Z
    source: RIPE # Filtered

    % Information related to '141.98.83.0/24AS209588'

    route: 141.98.83.0/24
    origin: AS209588
    mnt-by: GLOBAL-HOST
    created: 2021-01-11T18:51:05Z
    last-modified: 2021-01-11T18:51:05Z
    source: RIPE

    % This query was served by the RIPE Database Query Service
    version 1.113.2 (ABERDEEN)

    --
    Randolf Richardson 張文道, CNA - noc@inter-corporate.com
    Inter-Corporate Computer & Network Services, Inc.
    Beautiful British Columbia, Canada
    https://www.inter-corporate.com/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Mon Jul 29 20:34:58 2024
    On 29.07.2024 um 09:29 Uhr Randolf Richardson 張文道 wrote:

    The SQL injection attacks that were coming from Russia have
    moved to Panama,

    I doubt that the machine with this IP resides in Panama.

    From Germany, AS8820
    64 bytes from 141.98.83.80: icmp_seq=1 ttl=47 time=42.0 ms

    A traceroute goes through 109.101.126.178, assigned to Orange Romania.

    The peers also reside in Europe according to HE: https://bgp.he.net/AS209588#_peers6
    https://bgp.he.net/AS209588#_peers

    --
    kind regards
    Marco

    Send spam to 1722238141muell@cartoonies.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randolf Richardson =?UTF-8?B?5by15p@21:1/5 to Marco Moock on Tue Jul 30 10:50:17 2024
    On Mon, 29 Jul 2024 20:34:58 +0200
    Marco Moock <mm+usenet-es@dorfdsl.de> wrote:
    On 29.07.2024 um 09:29 Uhr Randolf Richardson 張文道 wrote:

    The SQL injection attacks that were coming from Russia have
    moved to Panama,

    I doubt that the machine with this IP resides in Panama.

    From Germany, AS8820
    64 bytes from 141.98.83.80: icmp_seq=1 ttl=47 time=42.0 ms

    A traceroute goes through 109.101.126.178, assigned to Orange Romania.

    The peers also reside in Europe according to HE: https://bgp.he.net/AS209588#_peers6
    https://bgp.he.net/AS209588#_peers

    Thanks Marco. Is the WHOIS information outdated, or is
    there a known problem with certain regions not keeping
    the information accurate?

    --
    Randolf Richardson 張文道, CNA - noc@inter-corporate.com
    Inter-Corporate Computer & Network Services, Inc.
    Beautiful British Columbia, Canada
    https://www.inter-corporate.com/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From D@21:1/5 to noc@inter-corporate.com on Tue Jul 30 22:50:15 2024
    On Mon, 29 Jul 2024 09:29:01 -0700, Randolf Richardson ??? <noc@inter-corporate.com> wrote:
    The SQL injection attacks that were coming from Russia have
    moved to Panama, and are now making more attempts (thousands
    more that are targeting a few different clients who are not
    in related professions and don't know each other), possibly
    because Panama has a better internet connection for them? :D
    For anyone who wants to be preventive, I do hope that this IP
    address will be helpful for outright blocking (I suspect that
    it's only one compromised host in their netblock as I'm not
    seeing any connections from other addresses in their /24, so
    I don't recommend blocking their entire network). Cheers!
    WHOIS output for 141.98.83.80...
    % Abuse contact for '141.98.83.0 - 141.98.83.255' is
    'abuse@global-host.net'
    inetnum: 141.98.83.0 - 141.98.83.255
    netname: GLOBALHOST-NET
    country: PA
    admin-c: GNO15-RIPE
    abuse-c: GNO15-RIPE
    tech-c: GNO15-RIPE
    mnt-routes: GLOBAL-HOST
    mnt-lower: GLOBAL-HOST
    status: ASSIGNED PA
    mnt-by: mnt-pa-flyservers-1
    created: 2019-01-28T18:46:44Z
    last-modified: 2019-03-21T16:54:07Z
    source: RIPE
    role: GLOBAL-HOST NETWORK OPERATIONS
    address: Calle 76 Este San Francisco y Via Porras
    abuse-mailbox: abuse@global-host.net
    admin-c: SD12186-RIPE
    tech-c: SD12186-RIPE
    nic-hdl: GNO15-RIPE
    mnt-by: GLOBAL-HOST
    created: 2019-01-28T18:37:18Z
    last-modified: 2019-01-28T18:40:51Z
    source: RIPE # Filtered
    % Information related to '141.98.83.0/24AS209588'
    route: 141.98.83.0/24
    origin: AS209588
    mnt-by: GLOBAL-HOST
    created: 2021-01-11T18:51:05Z
    last-modified: 2021-01-11T18:51:05Z
    source: RIPE
    % This query was served by the RIPE Database Query Service
    version 1.113.2 (ABERDEEN)

    (using Tor Browser 13.5.1)
    https://duckduckgo.com/?q=flyservers+s.a.
    ...
    https://www.speedguide.net/ip/141.98.83
    Home >> IP lookup >> 141.98.83.*
    Search IP address or hostname: go
    Your IP address: ###.###.###.###
    IP Address Location Details
    The SG IP locator combines IP/hostname geographic location tracking with >useful network tools, such as WHOIS, traceroute, real time spam blacklist >check (a.k.a. Multi-RBL, or Multi-DNSBL check), extended client browser >details and more. Just choose an IP address or a hostname to retreive >detailed network information and access the associated network tools. >141.98.83.0 ~ 141.98.83.255 (141.98.83.0 /24)
    Please select the next octet for 141.98.83.*
    141.98.83.0
    ...
    141.98.83.255
    Notes:
    Computers connected to a network are assigned a unique number known as >Internet Protocol (IP) Address. IP (version 4) addresses consist of four >numbers in the range 0-255 separated by periods (i.e. 127.0.0.1). A
    computer may have either a permanent (static) IP address, or one that is >dynamically assigned/leased to it.
    Most IP addresses can be mapped to host/domain names (i.e. >www.speedguide.net). Resolution between domain names and IP addresses is >handled by Domain Name Servers (DNS).
    forum top
    ...
    https://www.speedguide.net/ip/141.98.83.0
    Home >> IP lookup >> 141.98.83.* >> 141.98.83.0
    Search IP address or hostname: go
    Your IP address: ###.###.###.###
    141.98.83.0 IP address Information
    The IP address 141.98.83.0 was found in Panama, Panama. It is allocated
    to Flyservers S.A.. Additional IP location information, as well as network >tools are available below.
    IP address: 141.98.83.0
    hostname: 141.98.83.0
    ISP: Flyservers S.A.
    ASN: AS209588
    Region: Panama
    Country: Panama (PA) flag
    latitude: 9.0053
    longitude: -79.9988
    ...
    [end quoted excerpts]

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Wed Jul 31 21:35:44 2024
    On 30.07.2024 um 10:50 Uhr Randolf Richardson 張文道 wrote:

    Is the WHOIS information outdated, or is
    there a known problem with certain regions not keeping
    the information accurate?

    I assume the owner of the IP addresses didn't update it - either by
    forgetting it or intentionally. Abusers don't like to be identified. :-)

    --
    kind regards
    Marco

    Send spam to 1722329417muell@cartoonies.org

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Randolf Richardson =?UTF-8?B?5by15p@21:1/5 to Marco Moock on Thu Aug 8 22:01:31 2024
    On Wed, 31 Jul 2024 21:35:44 +0200
    Marco Moock <mm+usenet-es@dorfdsl.de> wrote:

    On 30.07.2024 um 10:50 Uhr Randolf Richardson 張文道 wrote:

    Is the WHOIS information outdated, or is
    there a known problem with certain regions not keeping
    the information accurate?

    I assume the owner of the IP addresses didn't update it - either by forgetting it or intentionally. Abusers don't like to be identified. :-)

    Ah, of course -- some spammers may own some netblocks.

    --
    Randolf Richardson 張文道, CNA - noc@inter-corporate.com
    Inter-Corporate Computer & Network Services, Inc.
    Beautiful British Columbia, Canada
    https://www.inter-corporate.com/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)