Abuse Reporting

**        This is an automatic message.          **

** Please carefully read the information below.  **

You have contacted LACNIC due to some abuse activity (spam, hacking, etc), from an IP address allocated or assigned by LACNIC.

LACNIC is an RIR (Regional Internet Registry) for Latin America and the Caribbean region. What that means is that LACNIC is responsible for the IP address space and ASN allocation/assignment in this region.

As mentioned, the IP address in question was allocated by LACNIC to some other organization or ISP in the region. So the abuse activity originated in that organization’s network, not in LACNIC.

You should query our whois database to get information about the source of this abuse activity and the appropriate network contact.

LACNIC’s whois is available at: http://lacnic.net/cgi-bin/lacnic/whois  or via the command line: whois -h whois.lacnic.net [IP ADDRESS]

Important Note:

———————————————————————-

Addresses allocated to “Comite Gestor da Internet no Brasil” are those allocated to the Brazilian NIR (Registro BR), and in this case you might want to query their Whois database: http://registro.br/cgi-bin/nicbr/whois or whois -h whois.nic.br [IP ADDRESS]

———————————————————————

Please note that LACNIC has no authority to investigate spam, hacking or any other kind of network abuse activity committed by other organizations. Nor can we punish other organizations’ users.

More details are available at: http://lacnic.net/abuse

If this information did not help you, please reply this message to hostmaster@lacnic.net and keep the subject line.

Regards,

LACNIC Hostmaster

Dec 16 14:39:36 mx sshd[15901]: Invalid user test from 148.208.199.2
Dec 16 14:39:40 mx sshd[15903]: Invalid user info from 148.208.199.2

OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Rambla Republica de Mexico 6125
City: Montevideo
StateProv:
PostalCode: 11400
Country: UY

ReferralServer: whois://whois.lacnic.net

NetRange: 148.201.0.0 - 148.250.255.255
CIDR: 148.201.0.0/16, 148.202.0.0/15, 148.204.0.0/14, 148.208.0.0/12, 148.224.0.0/12, 148.240.0.0/13, 148.248.0.0/15, 148.250.0.0/16
NetName: LACNIC-ERX-148-201-0-0
NetHandle: NET-148-201-0-0-1
Parent: NET-148-0-0-0-0
NetType: Transferred to LACNIC
Comment: This IP address range is under LACNIC responsibility
Comment: for further allocations to users in LACNIC region.
Comment: Please see http://www.lacnic.net/ for further details,
Comment: or check the WHOIS server located at whois.lacnic.net
RegDate: 2003-10-29
Updated: 2003-10-29

OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Whois Info
OrgTechPhone:
OrgTechEmail: whois-contact@lacnic.net

# ARIN WHOIS database, last updated 2007-12-15 19:10
# Enter ? for additional hints on searching ARIN’s WHOIS database.

Found a referral to whois.lacnic.net.

% Joint Whois - whois.lacnic.net
% This server accepts single ASN, IPv4 or IPv6 queries

% Copyright LACNIC lacnic.net
% The data below is provided for information purposes
% and to assist persons in obtaining information about or
% related to AS and IP numbers registrations
% By submitting a whois query, you agree to use this data
% only for lawful purposes.
% 2007-12-16 15:54:49 (BRST -02:00)

inetnum: 148.208/16
status: reallocated
owner: Secretaria de Educacion e Investigacion Tecnologic
ownerid: MX-SEIT1-LACNIC
address: Argentina No. 68 Col. Centro
address: Cd. de Mexico, Distrito Federal
country: MX
owner-c: EC1018-ARIN
inetrev: 148.208/16
nserver: NS.RTN.NET.MX
nsstat: 20071215 AA
nslastaa: 20071215
nserver: NS2.RTN.NET.MX [lame - not published]
nsstat: 20071215 UDN
nslastaa: 20050614
created: 19990903
changed: 20000411
inetnum-up: 148.208/12
source: ARIN-HISTORIC

nic-hdl: EC1018-ARIN
person: Esoj Carrasco
e-mail: eccmy@ZEUS.RTN.NET.MX
address: Secretaria de Educacion e Investigacion Tecnologic
country: US
phone: +52 5 624 28 00
source: ARIN-HISTORIC

% whois.lacnic.net accepts only direct match queries.
% Types of queries are: POCs, ownerid, CIDR blocks, IP
% and AS numbers.

Dec 16 12:39:37 mx sshd[15508]: Invalid user test from 217.31.52.112
Dec 16 12:39:38 mx sshd[15510]: Invalid user guest from 217.31.52.112
Dec 16 12:39:39 mx sshd[15512]: Invalid user admin from 217.31.52.112

inetnum: 217.31.48.0 - 217.31.52.255
netname: IGNUM-CZ
org: ORG-Is1-RIPE
descr: Ignum s.r.o
country: CZ
admin-c: ICR6-RIPE
tech-c: ICR6-RIPE
status: ASSIGNED PA
mnt-by: IGNUM-MNT
source: RIPE # Filtered

organisation: ORG-Is1-RIPE
org-name: Ignum s.r.o.
org-type: LIR
address: Thamova 18
address: 186 00
address: Praha 8
address: Czech Republic
phone: +420 296 33 22 11
fax-no: +420 296 33 22 22
admin-c: ICR6-RIPE
mnt-ref: IGNUM-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered

role: IGNUM CONTACT ROLE
org: ORG-Is1-RIPE
mnt-by: IGNUM-MNT
address: Thamova 18
18600 Praha 8
Czech Republic
abuse-mailbox: abuse@ignum.cz
phone: +420.296332211
fax-no: +420.296332222
admin-c: RP6279-RIPE
admin-c: ME7412-RIPE
tech-c: TH7411-RIPE
nic-hdl: ICR6-RIPE
source: RIPE # Filtered

% Information related to ‘217.31.48.0/20AS29134′

route: 217.31.48.0/20
descr: Network of Ignum s.r.o.
descr: http://www.ignum.cz/
origin: AS29134
mnt-by: IGNUM-MNT
source: RIPE # Filtered

Dec 15 12:39:42 mx sshd[10186]: Did not receive identification string from 87.230.10.251
Dec 15 13:08:17 mx sshd[10285]: Invalid user staff from 87.230.10.251
Dec 15 13:08:19 mx sshd[10287]: Invalid user sales from 87.230.10.251
Dec 15 13:08:20 mx sshd[10289]: Invalid user recruit from 87.230.10.251

inetnum: 87.230.0.0 - 87.230.15.255
netname: HER-DE-VPS-CGN2
descr: Hosteurope GmbH
descr: koeln@hosteurope.de
country: DE
admin-c: HER4-RIPE
tech-c: HER
status: ASSIGNED PA
mnt-by: ONE2ONE-MNT
source: RIPE # Filtered

role: Host Europe Ripehandle
address: Hansestr. 109
address: 51149 Koeln
phone: +49 2203 1045 0
abuse-mailbox: net-abuse@hosteurope.de
admin-c: DART
admin-c: FLX
admin-c: WIRR
admin-c: SHAF
tech-c: DART
tech-c: FLX
tech-c: WIRR
tech-c: SHAF
nic-hdl: HER
mnt-by: ONE2ONE-MNT
source: RIPE # Filtered

person: Uwe Braun
address: Hansestr. 109
address: 51149 Koeln
phone: +49 2203 1045 7000
nic-hdl: HER4-RIPE
source: RIPE # Filtered
mnt-by: ONE2ONE-MNT

% Information related to ‘87.230.0.0/20AS20773′

route: 87.230.0.0/20
descr: DE-HER-CGN2-87-230-0
origin: AS20773
member-of: AS20773:RS-HOSTEUROPE
mnt-by: ONE2ONE-MNT
source: RIPE # Filtered

% Information related to ‘87.230.0.0/17AS20773′

route: 87.230.0.0/17
descr: DE-HER-87-230-SLASH-17
origin: AS20773
member-of: AS20773:RS-HOSTEUROPE
mnt-by: ONE2ONE-MNT
source: RIPE # Filtered

  **        This is an automatic message.          **

  ** Please carefully read the information below.  **

You have contacted LACNIC due to some abuse activity (spam, hacking, etc), from an IP address allocated or assigned by LACNIC.

LACNIC is an RIR (Regional Internet Registry) for Latin America and the Caribbean region. What that means is that LACNIC is responsible for the IP address space and ASN allocation/assignment in this region. As mentioned, the IP address in question was allocated by LACNIC to some other organization or ISP in the region. So the abuse activity originated in that organization’s network, not in LACNIC.

You should query our whois database to get information about the source of this abuse activity and the appropriate network contact. LACNIC’s whois is available at: http://lacnic.net/cgi-bin/lacnic/whois or via the command line:

whois -h whois.lacnic.net [IP ADDRESS]

Important Note:

———————————————————————-

Addresses allocated to “Comite Gestor da Internet no Brasil” are those allocated to the Brazilian NIR (Registro BR), and in this case you might want to query their Whois database: http://registro.br/cgi-bin/nicbr/whois

whois -h whois.nic.br [IP ADDRESS]

———————————————————————

Please note that LACNIC has no authority to investigate spam, hacking or any other kind of network abuse activity committed by other organizations. Nor can we punish other organizations’ users.

More details are available at: http://lacnic.net/abuse

If this information did not help you, please reply this message to hostmaster@lacnic.net and keep the subject line.

Regards,

LACNIC Hostmaster

Dec 14 19:28:44 mx sshd[6672]: Did not receive identification string from 200.32.160.40
Dec 14 20:14:58 mx sshd[6912]: Invalid user admin from 200.32.160.40
Dec 14 20:15:00 mx sshd[6914]: Invalid user admin from 200.32.160.40

inetnum:     200.32.160/21
status:      reallocated
owner:       Smartcompcs S.A.
ownerid:     CL-SMSA4-LACNIC
responsible: Claudio Varela
address:     Av. del Condor, 820, Huechuraba
address:     - - Santiago -
country:     CL
phone:       +56 2 4445102 []
owner-c:     AIC2
tech-c:      AIC2
created:     20060302
changed:     20060302
inetnum-up:  200.32.160/19

nic-hdl:     AIC2
person:      Core Internet Telmex Chile
e-mail:      netadmin@IP.TELMEXCHILE.CL
address:     Rinconada el Salto, 202, Huechuraba
address:     — - Santiago -
country:     CL
phone:       +56 2 5825365 []
created:     20030314
changed:     20070417

Dec 14 10:22:24 mx sshd[4512]: Did not receive identification string from 168.243.14.11
Dec 14 10:56:38 mx sshd[4682]: Invalid user admin from 168.243.14.11
Dec 14 10:56:39 mx sshd[4684]: Invalid user admin from 168.243.14.11
Dec 14 10:56:39 mx sshd[4686]: Invalid user admin from 168.243.14.11
Dec 14 10:56:40 mx sshd[4688]: Invalid user admin from 168.243.14.11
Dec 14 10:56:40 mx sshd[4690]: Invalid user admin from 168.243.14.11

OrgName:    Latin American and Caribbean IP address Regional Registry
OrgID:      LACNIC
Address:    Rambla Republica de Mexico 6125
City:       Montevideo
StateProv:
PostalCode: 11400
Country:    UY

ReferralServer: whois://whois.lacnic.net

NetRange:   168.243.0.0 - 168.243.255.255
CIDR:       168.243.0.0/16
NetName:    LACNIC-ERX-168-243-0-0
NetHandle:  NET-168-243-0-0-1
Parent:     NET-168-0-0-0-0
NetType:    Transferred to LACNIC
Comment:    This IP address range is under LACNIC responsibility
Comment:    for further allocations to users in LACNIC region.
Comment:    Please see http://www.lacnic.net/ for further details,
Comment:    or check the WHOIS server located at whois.lacnic.net
RegDate:    2003-08-20
Updated:    2003-08-20

OrgTechHandle: LACNIC-ARIN
OrgTechName:   LACNIC Whois Info
OrgTechPhone:
OrgTechEmail:  whois-contact@lacnic.net

# ARIN WHOIS database, last updated 2007-12-13 19:10
# Enter ? for additional hints on searching ARIN’s WHOIS database.
Found a referral to whois.lacnic.net.
% Joint Whois - whois.lacnic.net
%  This server accepts single ASN, IPv4 or IPv6 queries
% Copyright LACNIC lacnic.net
%  The data below is provided for information purposes
%  and to assist persons in obtaining information about or
%  related to AS and IP numbers registrations
%  By submitting a whois query, you agree to use this data
%  only for lawful purposes.
%  2007-12-14 19:09:43 (BRST -02:00)

inetnum:     168.243/16
status:      assigned
owner:       SVNet
ownerid:     SV-SVNE1-LACNIC
responsible: Rafael Ibarra
address:     Bulevar Los Pr▒ceres, 1,
address:     0 - San Salvador - SS
country:     SV
phone:       +503  2106636 []
owner-c:     RLI
tech-c:      RLI
inetrev:     168.243/16
nserver:     CIR.RED.SV
nsstat:      20071213 AA
nslastaa:    20071213
created:     19940920
changed:     19960708

nic-hdl:     RLI
person:      Rafael Ibarra
e-mail:      ribarra@DI.UCA.EDU.SV
address:     Bulevar Los Pr▒ceres, 0,
address:     0 - San Salvador - SS
country:     SV
phone:       +503  2106636 []
created:     20040422
changed:     20040422

Dec 14 02:13:34 mx sshd[2789]: Did not receive identification string from 200.111.54.82
Dec 14 04:13:39 mx sshd[3355]: Invalid user staff from 200.111.54.82
Dec 14 04:13:41 mx sshd[3357]: Invalid user sales from 200.111.54.82

inetnum:     200.111.0/18
status:      allocated
owner:       ENTEL CHILE S.A.
ownerid:     CL-ECSA-LACNIC
responsible: ENTEL CHILE S.A.
address:     Andr▒s Bello, 2687,
address:     56 - Santiago -
country:     CL
phone:       +56 2 3600123 []
owner-c:     BRM
tech-c:      BRM
inetrev:     200.111.0/18
nserver:     POLUX.ENTELCHILE.NET
nsstat:      20071210 AA
nslastaa:    20071210
nserver:     CASTOR.ENTELCHILE.NET
nsstat:      20071210 AA
nslastaa:    20071210
created:     20030624
changed:     20030624

nic-hdl:     BRM
person:      ENTEL CHILE S.A.
e-mail:      enteladminip@ENTEL.CL
address:     Amunategui, 20, piso 10
address:     4254 - Santiago -
country:     CL
phone:       +56 2 3600123 []
created:     20030317
changed:     20060728

Dec 13 17:15:28 mx sshd[917]: Did not receive identification string from 85.234.133.53
Dec 14 02:56:15 mx sshd[2878]: Invalid user aaliyah from 85.234.133.53
Dec 14 02:56:16 mx sshd[2880]: Invalid user aaliyah from 85.234.133.53
Dec 14 02:56:17 mx sshd[2882]: Invalid user aaron from 85.234.133.53

inetnum:        85.234.133.0 - 85.234.133.255
netname:        PH-NETWORK-VASERV
descr:          www.Vaserv.com
country:        GB
admin-c:        MM5420-RIPE
tech-c:         MM5420-RIPE
status:         ASSIGNED PA
mnt-by:         POUNDHOST
source:         RIPE # Filtered

person:         Matthew Munson
address:        Euroconnex Networks LLP,
              BlueSquare House,
              Priors Way,
              Maidenhead, UK
phone:          +44 870 744 1700
e-mail:         matthew@euroconnex.net
nic-hdl:        MM5420-RIPE
remarks:        ******************************************************
remarks:        Please contact abuse@euroconnex.net for any abuse issues
remarks:        E-mail sent to other addresses may not be acted upon.
remarks:        ******************************************************
mnt-by:         EUROCONNEX
source:         RIPE # Filtered
% Information related to ‘85.234.128.0/19AS29550′

route:          85.234.128.0/19
descr:          PH-Network Europe, operated by Euroconnex Networks LLP
origin:         AS29550
remarks:        *********************************************
remarks:        For Peering and more info: www.euroconnex.net
remarks:        *********************************************
mnt-by:         POUNDHOST
source:         RIPE # Filtered