Den 2017-06-30 kl. 07:53, skrev ox:
Hi All,
Frequently I see new exploits, old exploits, plain old brute force and all scans from the same weird shell corporations. (of course I collect exploits, specially 0day, as they are very useful)
Usually when I report hacking/security abuse (like a main bot, etc) most ISP's actually take a look and clean up, as it is bad for their network to have this there anyway....
But there are 'bullet proof' hackers as complaints never do anything, no matter how much logs and evidence is submitted.
These are your government hackers, USA, China, Russia, etc.
But, one of these bullet proof hackers is so k1dD13 that I have no clue what it could be (as the stuff they run, will never work, even on non patched servers/devices) - Yet complaints also have no result and the modus operandi is always the same... They have distributed small delegations, like /29 /28 /27 and on rare occasions a /26 and always registered to Kansas, USA
For example IP number 69.30.255.107
We've had our fare share of spam from them. The announcement spree seems to have started more or less in 2017 although the earlier announcements in 2005-2006 seems to have same pattern. Smaller prefixes also seems to be way back. Check the json-file for that. https://stat.ripe.net/widget/routing-history#w.resource=69.30.192.0/18 https://stat.ripe.net/data/routing-history/data.json?min_peers=0&resource=69.30.192.0%2F18
Has anyone experienced anything similar and does anyone know what type of silly operation this is or what their goals could possibly be?
Is it some AI learning thing? or a bit eater? or what?
Due to the price model https://www.wholesaleinternet.net/ has I see it as just a heaven for spammers and black hats. Buy a virtual server for $10/month no question asked. Cheers, -- Bengt Gördén Resilans AB