Sujet : Re: 141.98.83.80/24 (AS209588) strait from Panama ... SQL injection attacks source moved away from Russia
De : noreply (at) *nospam* mixmin.net (D)
Groupes : news.admin.net-abuse.emailDate : 30. Jul 2024, 22:50:15
Autres entêtes
Organisation : dizum.com - The Internet Problem Provider
Message-ID : <20240730.225015.fe3cadbf@mixmin.net>
References : 1
On Mon, 29 Jul 2024 09:29:01 -0700, Randolf Richardson ??? <
noc@inter-corporate.com> wrote:
The SQL injection attacks that were coming from Russia have
moved to Panama, and are now making more attempts (thousands
more that are targeting a few different clients who are not
in related professions and don't know each other), possibly
because Panama has a better internet connection for them? :D
For anyone who wants to be preventive, I do hope that this IP
address will be helpful for outright blocking (I suspect that
it's only one compromised host in their netblock as I'm not
seeing any connections from other addresses in their /24, so
I don't recommend blocking their entire network). Cheers!
WHOIS output for 141.98.83.80...
% Abuse contact for '141.98.83.0 - 141.98.83.255' is
'abuse@global-host.net'
inetnum: 141.98.83.0 - 141.98.83.255
netname: GLOBALHOST-NET
country: PA
admin-c: GNO15-RIPE
abuse-c: GNO15-RIPE
tech-c: GNO15-RIPE
mnt-routes: GLOBAL-HOST
mnt-lower: GLOBAL-HOST
status: ASSIGNED PA
mnt-by: mnt-pa-flyservers-1
created: 2019-01-28T18:46:44Z
last-modified: 2019-03-21T16:54:07Z
source: RIPE
role: GLOBAL-HOST NETWORK OPERATIONS
address: Calle 76 Este San Francisco y Via Porras
abuse-mailbox: abuse@global-host.net
admin-c: SD12186-RIPE
tech-c: SD12186-RIPE
nic-hdl: GNO15-RIPE
mnt-by: GLOBAL-HOST
created: 2019-01-28T18:37:18Z
last-modified: 2019-01-28T18:40:51Z
source: RIPE # Filtered
% Information related to '141.98.83.0/24AS209588'
route: 141.98.83.0/24
origin: AS209588
mnt-by: GLOBAL-HOST
created: 2021-01-11T18:51:05Z
last-modified: 2021-01-11T18:51:05Z
source: RIPE
% This query was served by the RIPE Database Query Service
version 1.113.2 (ABERDEEN)
(using Tor Browser 13.5.1)
https://duckduckgo.com/?q=flyservers+s.a.
...
https://www.speedguide.net/ip/141.98.83Home >> IP lookup >> 141.98.83.*
Search IP address or hostname: go
Your IP address: ###.###.###.###
IP Address Location Details
The SG IP locator combines IP/hostname geographic location tracking with
useful network tools, such as WHOIS, traceroute, real time spam blacklist
check (a.k.a. Multi-RBL, or Multi-DNSBL check), extended client browser
details and more. Just choose an IP address or a hostname to retreive
detailed network information and access the associated network tools.
141.98.83.0 ~ 141.98.83.255 (141.98.83.0 /24)
Please select the next octet for 141.98.83.*
141.98.83.0
...
141.98.83.255
Notes:
Computers connected to a network are assigned a unique number known as
Internet Protocol (IP) Address. IP (version 4) addresses consist of four
numbers in the range 0-255 separated by periods (i.e. 127.0.0.1). A
computer may have either a permanent (static) IP address, or one that is
dynamically assigned/leased to it.
Most IP addresses can be mapped to host/domain names (i.e.
www.speedguide.net). Resolution between domain names and IP addresses is
handled by Domain Name Servers (DNS).
forum top
...
https://www.speedguide.net/ip/141.98.83.0
Home >> IP lookup >> 141.98.83.* >> 141.98.83.0
Search IP address or hostname: go
Your IP address: ###.###.###.###
141.98.83.0 IP address Information
The IP address 141.98.83.0 was found in Panama, Panama. It is allocated
to Flyservers S.A.. Additional IP location information, as well as network
tools are available below.
IP address: 141.98.83.0
hostname: 141.98.83.0
ISP: Flyservers S.A.
ASN: AS209588
Region: Panama
Country: Panama (PA) flag
latitude: 9.0053
longitude: -79.9988
...
[end quoted excerpts]
141.98.83.80/24 (AS209588) strait from Panama ... SQL injection attacks source moved away from Russia
Re: 141.98.83.80/24 (AS209588) strait from Panama ... SQL injection attacks source moved away from Russia