Discussion:
141.98.83.80/24 (AS209588) strait from Panama ... SQL injection attacks source moved away from Russia
(too old to reply)
Randolf Richardson 張文道
2024-07-29 16:29:01 UTC
Permalink
The SQL injection attacks that were coming from Russia have
moved to Panama, and are now making more attempts (thousands
more that are targeting a few different clients who are not
in related professions and don't know each other), possibly
because Panama has a better internet connection for them? :D

For anyone who wants to be preventive, I do hope that this IP
address will be helpful for outright blocking (I suspect that
it's only one compromised host in their netblock as I'm not
seeing any connections from other addresses in their /24, so
I don't recommend blocking their entire network). Cheers!

WHOIS output for 141.98.83.80...

% Abuse contact for '141.98.83.0 - 141.98.83.255' is
'***@global-host.net'

inetnum: 141.98.83.0 - 141.98.83.255
netname: GLOBALHOST-NET
country: PA
admin-c: GNO15-RIPE
abuse-c: GNO15-RIPE
tech-c: GNO15-RIPE
mnt-routes: GLOBAL-HOST
mnt-lower: GLOBAL-HOST
status: ASSIGNED PA
mnt-by: mnt-pa-flyservers-1
created: 2019-01-28T18:46:44Z
last-modified: 2019-03-21T16:54:07Z
source: RIPE

role: GLOBAL-HOST NETWORK OPERATIONS
address: Calle 76 Este San Francisco y Via Porras
abuse-mailbox: ***@global-host.net
admin-c: SD12186-RIPE
tech-c: SD12186-RIPE
nic-hdl: GNO15-RIPE
mnt-by: GLOBAL-HOST
created: 2019-01-28T18:37:18Z
last-modified: 2019-01-28T18:40:51Z
source: RIPE # Filtered

% Information related to '141.98.83.0/24AS209588'

route: 141.98.83.0/24
origin: AS209588
mnt-by: GLOBAL-HOST
created: 2021-01-11T18:51:05Z
last-modified: 2021-01-11T18:51:05Z
source: RIPE

% This query was served by the RIPE Database Query Service
version 1.113.2 (ABERDEEN)
--
Randolf Richardson 張文道, CNA - ***@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/
Marco Moock
2024-07-29 18:34:58 UTC
Permalink
Post by Randolf Richardson 張文道
The SQL injection attacks that were coming from Russia have
moved to Panama,
I doubt that the machine with this IP resides in Panama.

From Germany, AS8820
64 bytes from 141.98.83.80: icmp_seq=1 ttl=47 time=42.0 ms

A traceroute goes through 109.101.126.178, assigned to Orange Romania.

The peers also reside in Europe according to HE:
https://bgp.he.net/AS209588#_peers6
https://bgp.he.net/AS209588#_peers
--
kind regards
Marco

Send spam to ***@cartoonies.org
Randolf Richardson 張文道
2024-07-30 17:50:17 UTC
Permalink
On Mon, 29 Jul 2024 20:34:58 +0200
Post by Marco Moock
Post by Randolf Richardson 張文道
The SQL injection attacks that were coming from Russia have
moved to Panama,
I doubt that the machine with this IP resides in Panama.
From Germany, AS8820
64 bytes from 141.98.83.80: icmp_seq=1 ttl=47 time=42.0 ms
A traceroute goes through 109.101.126.178, assigned to Orange Romania.
https://bgp.he.net/AS209588#_peers6
https://bgp.he.net/AS209588#_peers
Thanks Marco. Is the WHOIS information outdated, or is
there a known problem with certain regions not keeping
the information accurate?
--
Randolf Richardson 張文道, CNA - ***@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/
Marco Moock
2024-07-31 19:35:44 UTC
Permalink
Post by Randolf Richardson 張文道
Is the WHOIS information outdated, or is
there a known problem with certain regions not keeping
the information accurate?
I assume the owner of the IP addresses didn't update it - either by
forgetting it or intentionally. Abusers don't like to be identified. :-)
--
kind regards
Marco

Send spam to ***@cartoonies.org
Randolf Richardson 張文道
2024-08-09 05:01:31 UTC
Permalink
On Wed, 31 Jul 2024 21:35:44 +0200
Post by Marco Moock
Post by Randolf Richardson 張文道
Is the WHOIS information outdated, or is
there a known problem with certain regions not keeping
the information accurate?
I assume the owner of the IP addresses didn't update it - either by
forgetting it or intentionally. Abusers don't like to be identified. :-)
Ah, of course -- some spammers may own some netblocks.
--
Randolf Richardson 張文道, CNA - ***@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Beautiful British Columbia, Canada
https://www.inter-corporate.com/
D
2024-07-30 21:50:15 UTC
Permalink
Post by Randolf Richardson 張文道
The SQL injection attacks that were coming from Russia have
moved to Panama, and are now making more attempts (thousands
more that are targeting a few different clients who are not
in related professions and don't know each other), possibly
because Panama has a better internet connection for them? :D
For anyone who wants to be preventive, I do hope that this IP
address will be helpful for outright blocking (I suspect that
it's only one compromised host in their netblock as I'm not
seeing any connections from other addresses in their /24, so
I don't recommend blocking their entire network). Cheers!
WHOIS output for 141.98.83.80...
% Abuse contact for '141.98.83.0 - 141.98.83.255' is
inetnum: 141.98.83.0 - 141.98.83.255
netname: GLOBALHOST-NET
country: PA
admin-c: GNO15-RIPE
abuse-c: GNO15-RIPE
tech-c: GNO15-RIPE
mnt-routes: GLOBAL-HOST
mnt-lower: GLOBAL-HOST
status: ASSIGNED PA
mnt-by: mnt-pa-flyservers-1
created: 2019-01-28T18:46:44Z
last-modified: 2019-03-21T16:54:07Z
source: RIPE
role: GLOBAL-HOST NETWORK OPERATIONS
address: Calle 76 Este San Francisco y Via Porras
admin-c: SD12186-RIPE
tech-c: SD12186-RIPE
nic-hdl: GNO15-RIPE
mnt-by: GLOBAL-HOST
created: 2019-01-28T18:37:18Z
last-modified: 2019-01-28T18:40:51Z
source: RIPE # Filtered
% Information related to '141.98.83.0/24AS209588'
route: 141.98.83.0/24
origin: AS209588
mnt-by: GLOBAL-HOST
created: 2021-01-11T18:51:05Z
last-modified: 2021-01-11T18:51:05Z
source: RIPE
% This query was served by the RIPE Database Query Service
version 1.113.2 (ABERDEEN)
(using Tor Browser 13.5.1)
Post by Randolf Richardson 張文道
https://duckduckgo.com/?q=flyservers+s.a.
...
https://www.speedguide.net/ip/141.98.83
Post by Randolf Richardson 張文道
Home >> IP lookup >> 141.98.83.*
Search IP address or hostname: go
Your IP address: ###.###.###.###
IP Address Location Details
The SG IP locator combines IP/hostname geographic location tracking with
useful network tools, such as WHOIS, traceroute, real time spam blacklist
check (a.k.a. Multi-RBL, or Multi-DNSBL check), extended client browser
details and more. Just choose an IP address or a hostname to retreive
detailed network information and access the associated network tools.
141.98.83.0 ~ 141.98.83.255 (141.98.83.0 /24)
Please select the next octet for 141.98.83.*
141.98.83.0
...
141.98.83.255
Computers connected to a network are assigned a unique number known as
Internet Protocol (IP) Address. IP (version 4) addresses consist of four
numbers in the range 0-255 separated by periods (i.e. 127.0.0.1). A
computer may have either a permanent (static) IP address, or one that is
dynamically assigned/leased to it.
Most IP addresses can be mapped to host/domain names (i.e.
www.speedguide.net). Resolution between domain names and IP addresses is
handled by Domain Name Servers (DNS).
forum top
...
https://www.speedguide.net/ip/141.98.83.0
Home >> IP lookup >> 141.98.83.* >> 141.98.83.0
Search IP address or hostname: go
Your IP address: ###.###.###.###
141.98.83.0 IP address Information
The IP address 141.98.83.0 was found in Panama, Panama. It is allocated
to Flyservers S.A.. Additional IP location information, as well as network
tools are available below.
IP address: 141.98.83.0
hostname: 141.98.83.0
ISP: Flyservers S.A.
ASN: AS209588
Region: Panama
Country: Panama (PA) flag
latitude: 9.0053
longitude: -79.9988
...
[end quoted excerpts]
Loading...