Lesetipps: Hacker Jobs, Angriffswellen auf die Fritz!Box und ein "toter Gaul"

Kommentare zu folgendem Beitrag: Lesetipps: Hacker Jobs, Angriffswellen auf die Fritz!Box und ein „toter Gaul“

Thema: Angriffswellen auf Fritz!Box

Angreifender Server
IP = 185.232.52.55

Address = 185.232.52.55
Network = 185.232.52.55 / 32
Netmask = 255.255.255.255

HOST: web01 Loss% Snt Last Avg Best Wrst StDev
1.|-- 45.79.12.201 0.0% 2 0.6 0.7 0.6 0.7 0.0
2.|-- 45.79.12.0 0.0% 2 0.5 0.6 0.5 0.6 0.0
3.|-- hu0-7-0-7.ccr41.dfw03.atlas.cogentco.com 0.0% 2 1.6 1.6 1.5 1.6 0.1
4.|-- be2764.ccr32.dfw01.atlas.cogentco.com 0.0% 2 2.1 1.9 1.8 2.1 0.2
5.|-- be2433.ccr22.mci01.atlas.cogentco.com 0.0% 2 11.7 11.8 11.7 11.8 0.1
6.|-- be2832.ccr42.ord01.atlas.cogentco.com 0.0% 2 23.5 23.4 23.2 23.5 0.2
7.|-- be2718.ccr22.cle04.atlas.cogentco.com 0.0% 2 29.9 30.0 29.9 30.1 0.2
8.|-- be2994.ccr32.yyz02.atlas.cogentco.com 0.0% 2 36.9 36.9 36.9 37.0 0.1
9.|-- be3260.ccr22.ymq01.atlas.cogentco.com 0.0% 2 44.8 44.9 44.8 45.1 0.2
10.|-- be3043.ccr22.lpl01.atlas.cogentco.com 0.0% 2 114.1 114.1 114.1 114.1 0.0
11.|-- be2183.ccr42.ams03.atlas.cogentco.com 0.0% 2 123.1 123.0 122.9 123.1 0.1
12.|-- be3458.ccr21.ams04.atlas.cogentco.com 0.0% 2 119.5 119.5 119.5 119.5 0.0
13.|-- 149.11.39.186 0.0% 2 121.5 121.5 121.5 121.5 0.0
14.|-- 178.21.17.2 0.0% 2 123.5 123.5 123.5 123.5 0.0
15.|-- 185.8.179.39 0.0% 2 123.0 123.2 123.0 123.4 0.2
16.|-- 185.53.163.41 0.0% 2 121.7 121.9 121.7 122.1 0.3
17.|-- ??? 100.0 2 0.0 0.0 0.0 0.0 0.0
18.|-- gamblermooz.prohoster.unfo 0.0% 2 123.7 123.8 123.7 123.9 0.1

ISP Internet IT Company Inc
Usage Type Data Center/Web Hosting/Transit
Hostname gamblermooz.prohoster.unfo
Domain Name prohoster.info
Country
City Amsterdam, Noord-Holland

Sämtliche DNS-Resolver machen keine Auflösung zur Domain des Host, da nunmal eine *.unfo Domain

  • Absichtlicher Syntax-Error !!

  • ProHoster.info = russischer Hosting-Provider, der aber auch IPs vermietet !!!

  • Provider arbeitet mit dem russ. Provider-Board „hostdb.ru“

  • Die IP soll einen Zugriff von den Seychellen aus suggerieren

    % Information related to ‚185.232.52.0 - 185.232.55.255‘
    inetnum: 185.232.52.0 - 185.232.55.255
    netname: SC-INTERNET-INC6-20171115
    country: NL
    org: ORG-IICI17-RIPE
    admin-c: IM5378-RIPE
    tech-c: IM5378-RIPE
    status: ALLOCATED PA
    mnt-by: sc-internet-it-1-mnt
    mnt-by: RIPE-NCC-HM-MNT
    created: 2020-05-04T15:31:04Z
    last-modified: 2020-06-09T12:45:18Z
    source: RIPE
    organisation: ORG-IICI17-RIPE
    org-name: INTERNET IT COMPANY INC
    country: SC
    org-type: LIR
    address: Global Gateway 8, Rue De La Perle, Providence
    address: 0000
    address: Mahe
    address: SEYCHELLES

Die Büchse steht aber definitiv in Holland (siehe oben) / The IP you mentioned is a Tor IP.

Starting Nmap 7.70 ( https://nmap.org ) at 2021-03-01 20:15 UTC
Nmap scan report for gamblermooz.prohoster.unfo (185.232.52.55)
Host is up (0.077s latency).

PORT STATE SERVICE:
21/tcp filtered ftp
22/tcp open ssh
23/tcp filtered telnet
80/tcp filtered http
110/tcp filtered pop3
143/tcp filtered imap
443/tcp filtered https
3389/tcp filtered ms-wbt-server

Nmap done: 1 IP address (1 host up) scanned in 1.26 seconds