Rogue IP Addresses and Sites

[LesPalenikParticipant]

Lately, I noticed an increased activity in attempted logins as Admin.

Most of them coming from Russia.
I thought, it might be useful, to report such addresses and keep them in one place. Maybe we can create a separate group devoted to Security and collect any dangerous IP addresses, sites, and user names there..

I blocked them now through the Wordfence. Here are some of those IP addresses:

Russian Federation Moscow, Russian Federation attempted a failed login as “admin”.
IP: 83.166.233.14 [unblock]
Hostname: antratek.gate-net.ru

Russian Federation Moscow, Russian Federation attempted a failed login as “admin”.
IP: 83.166.232.56 [unblock]

Russian Federation Moscow, Russian Federation attempted a failed login as “admin”.
IP: 83.166.232.19 [unblock]

An unknown location at IP 176.123.0.49 attempted a failed login as “admin”.
An unknown location at IP 176.123.1.20 attempted a failed login as “admin”.
An unknown location at IP 176.123.12.8 attempted a failed login as “admin”.
An unknown location at IP 176.123.6.32 attempted a failed login as “admin”.
An unknown location at IP 176.123.6.32 attempted a failed login as “admin”.
An unknown location at IP 176.123.2.7 attempted a failed login as “admin”.
An unknown location at IP 176.123.9.11 attempted a failed login as “admin”.
An unknown location at IP 176.123.31.26 attempted a failed login as “admin”.

Saudi Arabia Riyadh, Saudi Arabia attempted a failed login as “PhilippPace”.
IP: 188.248.204.169 [block]

United States Dulles, United States attempted a failed login using an invalid username “ReginaldJenning”.
IP: 174.140.168.201 [block]
Hostname: host18.servicodesaude.com.br

China Beijing, China attempted a failed login using an invalid username “YMIElinori”.
IP: 183.207.228.14 [block]

An unknown location at IP 172.245.32.136 attempted a failed login as “DarioBrumfield”.
IP: 172.245.32.136 [block]
Hostname: host.colocrossing.com

United States Santa Clara, United States attempted a failed login using an invalid username “Tamara5916”.
IP: 198.143.144.74 [block]
Hostname: host14.server9.vpn999.com

China Beijing, China attempted a failed login using an invalid username “KathlenWeller”.
IP: 36.250.228.84 [block]

United States United States attempted a failed login as “ThurmanCantu”.
IP: 108.178.54.44 [block]
Hostname: host2.server2.vpn2buy.com

An unknown location at IP 5.135.121.246 attempted a failed login as “DylanPickrell”.
IP: 5.135.121.246 [block]

An unknown location at IP 107.161.182.152 attempted a failed login as “Ryan77Cnhh”.
IP: 107.161.182.152 [block]
Hostname: 107-161-182-152.static.dimenoc.com

An unknown location at IP 107.161.81.12 attempted a failed login as “CarlotaStuckey”.
IP: 107.161.81.12 [block]
Hostname: 107.161.81.12.static.quadranet.com

An unknown location at IP 107.161.82.133 attempted a failed login as “CarlotaStuckey”.
IP: 107.161.82.133 [block]
Hostname: unassigned.quadranet.com

United States Santa Clara, United States attempted a failed login as “LoydWeindorfer”.
IP: 198.143.144.77 [block]
Hostname: host14.server9.vpn999.com

United States Chicago, United States attempted a failed login as “WendiXZUpf”.
IP: 96.127.155.91 [block]
Hostname: host22.server15.vpn999.com

United States Santa Clara, United States attempted a failed login as “ClintSligo”.
IP: 198.143.144.74 [block]
Hostname: host14.server9.vpn999.com

United States Santa Clara, United States attempted a failed login as “JeanettZ64”.
IP: 198.143.144.74 [block]
Hostname: host14.server9.vpn999.com

United States Chicago, United States attempted a failed login as “KennithByrne”.
IP: 184.154.170.221 [block]
Hostname: host27.server14.vpn999.com

An unknown location at IP 192.3.108.201 attempted a failed login as “RodrickWenger”.
IP: 192.3.108.201 [block]

[cascolyBlocked]

I checked logs for my global search site and only found 1 of the Russian or Chinese sites — I’m not tracking failed logins on my symbio site.

[shotupdaveParticipant]

did you block those IP’s using wordfence?

[Author]

Posts