92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts

Liste des GroupesRevenir à nan email 
Sujet : 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts
De : noc (at) *nospam* inter-corporate.com (Randolf Richardson 張文道)
Groupes : news.admin.net-abuse.email
Date : 11. Jul 2024, 19:04:23
Autres entêtes
Organisation : Inter-Corporate Computer & Network Services, Inc. -- Simplifying complexity
Message-ID : <20240711110423.dc39985a3c80150255b8247a@inter-corporate.com>
User-Agent : Sylpheed 3.7.0 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
While only a few failed SMTP AUTH attempts came from
95.51.2.78/24, there are thousands of SQL Injection
attempts being submitted on web-based contact forms
on various web sites, which are all failing due to
sanitization or direct Postfix SMTP queue injection.

95.51.2.78 is in our block-and-forget list now.

I'm wondering, has anyone encountered attacks from
any other IP addresses in this /24?  I'm not finding
anything aside from 95.51.2.78 in our logs.

Thanks.

WHOIS output for 95.51.2.78...

% Abuse contact for '92.51.2.0 - 92.51.2.255' is
  'abuse@digi-cloud.net'

inetnum:        92.51.2.0 - 92.51.2.255
netname:        DIGICLOUD-NET
org:            ORG-AHL11-RIPE
country:        EU
admin-c:        IG2940-RIPE
admin-c:        DCN26-RIPE
tech-c:         DCN26-RIPE
status:         ASSIGNED PA
mnt-routes:     DIGI
mnt-domains:    DIGI
mnt-by:         ru-permtelecom-1-mnt
created:        2023-05-12T12:01:35Z
last-modified:  2023-05-29T12:27:39Z
source:         RIPE

organisation:   ORG-AHL11-RIPE
org-name:       Alviva Holding Limited
country:        SC
org-type:       OTHER
address:        Suite 1, Second Floor,
                Sound & Vision House,
                Francis Rachel Str.,
                Victoria, Mahe, Seychelles
abuse-c:        DCN26-RIPE
mnt-ref:        IVC-MNT
admin-c:        DCN26-RIPE
tech-c:         DCN26-RIPE
mnt-ref:        mnt-ru-am-1
mnt-ref:        ru-permtelecom-2-mnt
mnt-ref:        DIGI
mnt-by:         DIGI
created:        2019-02-20T20:32:02Z
last-modified:  2024-06-12T13:57:15Z
source:         RIPE # Filtered

role:           DIGI CLOUD NOC
abuse-mailbox:  abuse@digi-cloud.net
address:        Suite 1, Second Floor,
                Sound & Vision House,
                Francis Rachel Str.,
                Victoria, Mahe, Seychelles
nic-hdl:        DCN26-RIPE
mnt-by:         DIGI
created:        2019-02-20T20:29:47Z
last-modified:  2019-05-22T08:55:01Z
source:         RIPE # Filtered

person:         Igor Gilmutdinov
address:        Malkova, 12
address:        614087
address:        Perm
address:        RUSSIAN FEDERATION
phone:          +73422000289
nic-hdl:        IG2940-RIPE
mnt-by:         ru-permtelecom-1-mnt
created:        2016-04-01T13:54:40Z
last-modified:  2016-04-01T13:54:40Z
source:         RIPE

% Information related to '92.51.2.0/24AS209588'

route:          92.51.2.0/24
origin:         AS209588
mnt-by:         ru-permtelecom-1-mnt
created:        2023-05-12T12:04:13Z
last-modified:  2023-05-12T12:04:13Z
source:         RIPE

% This query was served by the RIPE Database Query
  Service version 1.113.2 (ABERDEEN)

--
Randolf Richardson 張文道, CNA - noc@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/

Date Sujet#  Auteur
11 Jul 24 * 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts7Randolf Richardson 張文道
12 Jul 24 +* Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts4tjoen
12 Jul 24 i+* Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts2Sirius
12 Jul 24 ii`- Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts1D
12 Jul 24 i`- Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts1Marco Moock
12 Jul 24 `* Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts2Marco Moock
12 Jul 24  `- Re: 92.51.2.78/24 (AS209588) from Russia with love ... for SQL injection attempts1Randolf Richardson 張文道

Haut de la page

Les messages affichés proviennent d'usenet.

NewsPortal