Newsportal USENET - 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts

Sujet : 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts
De : noc (at) *nospam* inter-corporate.com (Randolf Richardson 張文道)
Groupes : news.admin.net-abuse.email
Date : 11. Jul 2024, 19:04:23

Autres entêtes

Organisation : Inter-Corporate Computer & Network Services, Inc. -- Simplifying complexity
Message-ID : <20240711110423.dc39985a3c80150255b8247a@inter-corporate.com>
User-Agent : Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu)

While only a few failed SMTP AUTH attempts came from
95.51.2.78/24, there are thousands of SQL Injection
attempts being submitted on web-based contact forms
on various web sites, which are all failing due to
sanitization or direct Postfix SMTP queue injection.

95.51.2.78 is in our block-and-forget list now.

I'm wondering, has anyone encountered attacks from
any other IP addresses in this /24? I'm not finding
anything aside from 95.51.2.78 in our logs.

Thanks.

WHOIS output for 95.51.2.78...

% Abuse contact for '92.51.2.0 - 92.51.2.255' is
'abuse@digi-cloud.net'

inetnum: 92.51.2.0 - 92.51.2.255
netname: DIGICLOUD-NET
org: ORG-AHL11-RIPE
country: EU
admin-c: IG2940-RIPE
admin-c: DCN26-RIPE
tech-c:    DCN26-RIPE
status:    ASSIGNED PA
mnt-routes:    DIGI
mnt-domains: DIGI
mnt-by:    ru-permtelecom-1-mnt
created: 2023-05-12T12:01:35Z
last-modified: 2023-05-29T12:27:39Z
source:    RIPE

organisation:   ORG-AHL11-RIPE
org-name:    Alviva Holding Limited
country: SC
org-type:    OTHER
address: Suite 1, Second Floor,
Sound & Vision House,
Francis Rachel Str.,
Victoria, Mahe, Seychelles
abuse-c: DCN26-RIPE
mnt-ref: IVC-MNT
admin-c: DCN26-RIPE
tech-c:    DCN26-RIPE
mnt-ref: mnt-ru-am-1
mnt-ref: ru-permtelecom-2-mnt
mnt-ref: DIGI
mnt-by:    DIGI
created: 2019-02-20T20:32:02Z
last-modified: 2024-06-12T13:57:15Z
source:    RIPE # Filtered

role:    DIGI CLOUD NOC
abuse-mailbox: abuse@digi-cloud.net
address: Suite 1, Second Floor,
Sound & Vision House,
Francis Rachel Str.,
Victoria, Mahe, Seychelles
nic-hdl: DCN26-RIPE
mnt-by:    DIGI
created: 2019-02-20T20:29:47Z
last-modified: 2019-05-22T08:55:01Z
source:    RIPE # Filtered

person:    Igor Gilmutdinov
address: Malkova, 12
address: 614087
address: Perm
address: RUSSIAN FEDERATION
phone: +73422000289
nic-hdl: IG2940-RIPE
mnt-by:    ru-permtelecom-1-mnt
created: 2016-04-01T13:54:40Z
last-modified: 2016-04-01T13:54:40Z
source:    RIPE

% Information related to '92.51.2.0/24AS209588'

route: 92.51.2.0/24
origin:    AS209588
mnt-by:    ru-permtelecom-1-mnt
created: 2023-05-12T12:04:13Z
last-modified: 2023-05-12T12:04:13Z
source:    RIPE

% This query was served by the RIPE Database Query
Service version 1.113.2 (ABERDEEN)

--
Randolf Richardson 張文道, CNA - noc@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/

Date	Sujet	#	Auteur
11 Jul 24	92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts	7	Randolf Richardson 張文道
12 Jul 24	Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts	4	tjoen
12 Jul 24	Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts	2	Sirius
12 Jul 24	Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts	1	D
12 Jul 24	Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts	1	Marco Moock
12 Jul 24	Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts	2	Marco Moock
12 Jul 24	Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts	1	Randolf Richardson 張文道