It is always warming to see the two Chinas, the PRC and Taiwan, getting along. Today they ganged up and tried to break into my site.
184.108.40.206 s China Unicom Shandong, level 10 risk, malware Spam Zero-Day
220.127.116.11 s Hinet Chunghwa Tel Taiwan, known for bots and infected zombie computers
18.104.22.168 s Chinanet Anhui, level 10 risk, malware Spam Zero-Day
22.214.171.124 s Dou shi-BAR Yin chuan Ningxia, level 10 risk, malware Spam Zero-Day
The last one, from Ningxia, looks surprisingly small as compared to the usually huge number of IP addresses for Chinanet or China Unicom, but they are part of Chinanet Ningxia, which is large.
This guy hn.kd.ny.adsl seems innocent enough, until I tried to look him up, only to find no positive IP address. Others have posted that they, too, cannot find his IP address in order to ban him. Hmmm, let me track him down.
This hacker is prolific in that he rarely repeats the third octet, making it harder to ban by a narrower range. You’ll need to go up to the second octet to cover his IP ranges. He uses predominantly China Unicom Henan. Only once did he go to China Unicon Fujian, which might just be an outlier data point.
midex.zomro.com scrapes my site for awstat tags. I do not know why, and they do it multiple times. It is very annoying.
There is a ransomware listing for crasher121.zomro.com 126.96.36.199. There are other comments such as “188.8.131.52 is involved in malware incidents, spamming activity, ssh attacks, ddos” so caution is required. I did not research zomro.net, as I do not know if the .com and .net sites are related.
184.108.40.206 anconsul.ru 2016-nov-06 zomro
midex.zomro.com 220.127.116.11 18.104.22.168 – 22.214.171.124 126.96.36.199/23
midex.zomro.com 188.8.131.52 184.108.40.206/24
zuahbbazek1.zomro.com 220.127.116.11 18.104.22.168/24