Contabo GmbH: Hosting Spammers and Hacking Scripts

Contabo GmbH

Summer 2017: We have been seriously attacked by their IP 80.241.221.214 and ALL our complains were totally ignored and none has been answered. Other sites were also attacked from that IP for days, targeting Osclass installations.

We had a few thousands per hour of this:

80.241.221.214 – – [22/Jul/2017:02:53:20 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 301 1147 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”

80.241.221.214 – – [20/Jul/2017:00:17:00 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:00 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:00 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:00 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:00 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:01 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:01 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:01 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:03 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:00 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:02 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:03 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:04 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:04 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:05 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:05 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:05 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:05 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:05 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:05 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:06 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:06 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:06 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:06 +0200] “POST /_captcha.php HTTP/1.1” 403 355
80.241.221.214 – – [20/Jul/2017:00:17:06 +0200] “GET /oc-admin/index.php?page=login HTTP/1.1” 302 583
80.241.221.214 – – [20/Jul/2017:00:17:07 +0200] “GET /_captcha.php HTTP/1.1” 200 2947
80.241.221.214 – – [20/Jul/2017:00:17:07 +0200] “POST /_captcha.php HTTP/1.1” 403 355


 

80.241.221.214 – – [25/Jul/2017:16:01:28 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3989 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:28 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3990 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:28 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3990 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:28 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3989 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:28 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3990 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:28 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3990 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:28 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3990 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:28 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3988 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:30 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 31 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:30 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 30 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:30 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 30 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:30 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 30 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:30 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 30 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:30 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 30 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:30 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 30 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:30 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 30 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:30 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3988 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:30 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3990 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:31 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3990 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:31 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3989 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:31 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3990 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:31 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3990 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:31 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3989 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:31 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3989 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:33 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3989 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:33 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 31 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:33 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3988 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:34 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3989 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:34 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 31 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:01:34 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3990 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:02:16 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3989 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:02:17 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 30 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:02:18 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3989 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:02:50 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3989 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:02:51 -0400] “POST /oc-admin/index.php?page=login HTTP/1.1” 302 30 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”
80.241.221.214 – – [25/Jul/2017:16:02:51 -0400] “GET /oc-admin/index.php?page=login HTTP/1.1” 200 3989 “-” “Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.13) Gecko/20101206 Ubuntu/10.10 (maverick) Firefox/3.6.13”

Related Articles

One thought on “Contabo GmbH: Hosting Spammers and Hacking Scripts”

  1. Editor says:

    Recently we have been bombarded with spam email from Contabo.com and their customer’s IPs:

    173.212.237.102

    173.212.237.102 (Administrator of network where email originates)

    To: abuse#contabo.de@devnull.spamcop.net (Notes)
    To: abuse@m-online.net (Notes)
    To: postmaster#contabo.de@devnull.spamcop.net (Notes)
    To: abuse#contabo.com@devnull.spamcop.net (Notes)

    http://www.fixme.gr/emailer/index.php/lists/bz5… (Administrator of network hosting website referenced in spam)

    To: abuse#contabo.com@devnull.spamcop.net (Notes)
    To: postmaster#contabo.de@devnull.spamcop.net (Notes)
    To: abuse@m-online.net (Notes)
    To: abuse#contabo.de@devnull.spamcop.net (Notes)

    All our abuse reports have been totally ignored and we never got any answer. Also they refuse to get any reports from Spamcop.net.

    https://www.valueweb.gr/wp-content/uploads/2017/12/Contabo_spam.png

Comments are closed.