Re: What is this?

Wed, 26 Feb 2020 03:06:52 -0800 

On Wed, Feb 26, 2020 at 11:54:31AM +0100, Jaroslaw Rafa wrote:

> Feb 26 11:43:41 rafa postfix/submission/smtpd[13829]: connect from 
> unknown[92.118.38.42]
> Feb 26 11:43:52 rafa postfix/submission/smtpd[13829]: disconnect from 
> unknown[92.118.38.42]
> Feb 26 11:44:04 rafa postfix/submission/smtpd[13829]: warning: hostname 
> ip-38-42.ZervDNS does not resolve to address 92.118.38.42: Name or service 
> not known
> 
> This repeats over and over (I already blocked this IP on firewall). I wonder
> what this attacker(?) is trying to do - the client doesn't attempt AUTH or
> anything (it would be logged). It just connects and disconnects. And so on
> and on...

This appears to be a network registered in Britain with a yandex.ru
abuse contact: <internethosting-...@yandex.ru> and a netblock whose
GeoIP appears to be in Romania:

    92.118.38.42: RO, Romania

If anyone is going to give an answer, the yandex abuse contact be the
first place to ask, but I wouldn't hold out much hope.

    inetnum:        92.118.38.0 - 92.118.38.255
    org:            ORG-IA1699-RIPE
    netname:        INTERNET-HOSTING
    country:        GB
    admin-c:        ACRO26375-RIPE
    tech-c:         ACRO26375-RIPE
    status:         ASSIGNED PA
    mnt-by:         Internet-Hosting
    created:        2019-06-25T12:24:07Z
    last-modified:  2019-11-02T10:34:55Z
    source:         RIPE

    organisation:   ORG-IA1699-RIPE
    phone:          +447501520497
    org-name:       InternetHosting-LTD
    org-type:       OTHER
    address:        26 New kent Road ,SE16TJ
    address:        London
    abuse-c:        ACRO26375-RIPE
    mnt-ref:        Internet-Hosting
    mnt-by:         Internet-Hosting
    mnt-by:         InternetHosting
    created:        2019-08-12T12:49:00Z
    last-modified:  2019-10-27T09:46:20Z
    source:         RIPE # Filtered

    role:           Abuse contact role object
    phone:          +447501520497
    address:        London
    address:        26 New kent Road ,SE16TJ
    abuse-mailbox:  internethosting-...@yandex.ru
    c-hdl:          ACRO26375-RIPE
    mnt-by:         InternetHosting
    mnt-by:         Internet-Hosting
    created:        2019-08-12T12:48:42Z
    last-modified:  2019-10-27T09:45:35Z
    source:         RIPE # Filtered

    % Information related to &#39;92.118.38.0/24AS50360&#39;

    route:          92.118.38.0/24
    origin:         AS50360
    mnt-by:         ZervDNS
    created:        2019-06-09T19:03:29Z
    last-modified:  2019-06-09T19:03:29Z
    source:         RIPE

-- 
    Viktor.

Reply via email to