Happy Valentine’s Day, and someone loves me out there on the Internet, because they used a botnet to try to break into my site. You are very welcome, whomever you are, but I am trying to find out who is my secret admirer.
There are 12 IPs involved. The each try 2 times.
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.89 Safari/537.36
5.135.150.169 login ovh, risk 5.7/10, spam
50.192.194.29 login Comcast
52.203.157.25 login Amazon Web Services AWS
66.180.167.17 login Netsonic, risk 4.3/10, logged in another brute force login attack on me
75.126.113.162 login Softlayer, risk 4.3/10
89.96.157.10 login Fastweb IT, risk 1/10, spam
104.207.234.88 login NEXCESS.NET Us, risk 1/10, spam, malware: Zip.Suspect.MacroDoubleExtension-zippwd
121.200.60.28 login Drik BD, risk 4.3/10, bots
162.243.16.219 login Digital Ocean
168.83.5.1 login Red Cientifica y Tecnologica Nacional Ar, risk 1/10, bots
188.166.217.238 login Digital Ocean
188.226.188.163 login Digital Ocean dubrovnikcharter.com, risk 1/10, bots, scanning IPs
212.56.195.66 login Relsoft Orange Moldova, risk 1/10, bots
Your IPs are all banned.
2017 Feb 16-21
UA: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.89 Safari/537.36
103.27.77.52 HostUS
158.251.7.130 Universidad Catolica de Valparaiso CL, risk 1.4/10, spam, scanning IPs
183.181.2.99 FreeBit Jp
213.112.210.156 Bredbandsbolaget Se
213.179.193.24 SolidHost Nl
219.94.162.240 SAKURA Internet Jp
222.165.133.142 IDC, Sri Lanka Telecom, risk 1/10, bots
49.212.180.224 SAKURA Internet Jp
74.208.133.235 1&1 internet
It continues again today, 2017 Feb 17. I have contacted Sakura and asked them to stop these login attacks from their IPs.
UA: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.89 Safari/537.36
103.16.198.173 s Jupiter Jala Arta In
112.78.125.209 s Sakura Jp
118.178.126.99 s Alisoft Cn
219.94.162.188 s Sakura jp Risk 5.7/10, spam, bots
220.134.119.203 s Hinet Tw repeat
27.254.36.215 s CSLOXINFO TH Risk 1.4/10, spam, malware: Spam Zero-Day
31.179.191.155 s UPC Pl
5.145.175.80 s CubeNode Es
50.93.249.65 s s US Internet
52.76.32.20 s Amazon Web Services AWS, risk 1/10, bots
2017 Feb 18
123.63.124.186 login Vodeafone IT
217.70.186.133 login Gandi Fr
2017 Feb 19
185.4.29.223 login Green Web Samaneh Novin IR
87.106.234.62 login 1&1 SCHLUND de
87.118.74.28 login KEYWEB BORNDATA DK
93.95.228.203 login The 1984 ehf Autonomous System Mordur Ingolfsson