Brute Force Auth Attacks ʕ•́ᴥ•̀ʔっ (List of Malicious IP addresses provided)
-
Many of my clients got brute force attacks these few weeks from below ip addresses (range). Use Snort IDS IPS with your pfsense if you can.
If you have fallen victim to cybercrime in Europe, report here:
https://www.europol.europa.eu/report-a-crime/report-cybercrime-online145.249.104.0/22 194.156.207.0/24 196.16.0.0/14 196.16.0.0/14 41.216.186.0/24 45.129.33.0/24 5.8.18.0/24 80.82.64.0/24 80.82.65.0/24 80.82.66.0/24 80.82.67.0/24 80.82.68.0/24 80.82.69.0/24 80.82.70.0/24 80.82.76.0/24 80.82.77.0/24 80.82.78.0/24 80.82.79.0/24 89.248.160.0/24 89.248.161.0/24 89.248.162.0/24 89.248.163.0/24 89.248.164.0/24 89.248.165.0/24 89.248.166.0/24 89.248.167.0/24 89.248.168.0/24 89.248.169.0/24 89.248.170.0/24 89.248.171.0/24 89.248.172.0/24 89.248.173.0/24 89.248.174.0/24 93.174.88.0/24 93.174.89.0/24 93.174.90.0/24 93.174.91.0/24 93.174.92.0/24 93.174.93.0/24 93.174.94.0/24 93.174.95.0/24 94.102.48.0/24 94.102.49.0/24 94.102.50.0/24 94.102.51.0/24 94.102.52.0/24 94.102.53.0/24 94.102.54.0/24 94.102.55.0/24 94.102.56.0/24 94.102.57.0/24 94.102.58.0/24 94.102.59.0/24 94.102.60.0/24 94.102.61.0/24 94.102.62.0/24 94.102.63.0/24 2a02:6c8:8000::/33 2a00:55a0:12::/48 2a00:55a0:13::/48 2a0b:b7c4::/30
Edited: List of Malicious IP addresses provided
-
103.145.12.0/24 103.145.13.0/24 185.53.88.0/24 185.53.91.0/24 37.49.224.0/24 37.49.225.0/24 37.49.226.0/24 37.49.227.0/24 37.49.228.0/24 37.49.229.0/24 37.49.230.0/24 45.143.220.0/24 45.143.221.0/24 45.143.222.0/24 45.143.223.0/24 77.247.108.0/24 77.247.111.0/24 80.94.93.0/24 2a0d:a740::/48 2a0d:a740:1::/48 2a0d:a740:2::/48
160.116.108.0/22 160.116.120.0/22 160.116.132.0/22 160.116.144.0/22 160.116.156.0/22 160.116.16.0/22 160.116.168.0/22 160.116.180.0/22 160.116.192.0/22 160.116.200.0/22 160.116.212.0/22 160.116.221.0/24 160.116.222.0/23 160.116.236.0/22 160.116.24.0/22 160.116.240.0/22 160.116.244.0/22 160.116.248.0/22 160.116.36.0/22 160.116.48.0/22 160.116.60.0/22 160.116.68.0/22 160.116.72.0/22 160.116.76.0/22 160.116.80.0/22 160.116.84.0/22 160.116.88.0/22 160.116.92.0/22 160.116.96.0/22 163.198.0.0/22 163.198.100.0/22 163.198.104.0/22 163.198.108.0/22 163.198.112.0/22 163.198.116.0/22 163.198.12.0/22 163.198.120.0/22 163.198.124.0/22 163.198.128.0/22 163.198.132.0/22 163.198.136.0/22 163.198.140.0/22 163.198.144.0/22 163.198.148.0/22 163.198.152.0/22 163.198.156.0/22 163.198.16.0/22 163.198.160.0/22 163.198.164.0/22 163.198.168.0/22 163.198.172.0/22 163.198.176.0/22 163.198.180.0/22 163.198.184.0/22 163.198.188.0/22 163.198.192.0/22 163.198.196.0/22 163.198.20.0/22 163.198.200.0/22 163.198.204.0/22 163.198.208.0/22 163.198.220.0/22 163.198.224.0/22 163.198.228.0/22 163.198.232.0/22 163.198.236.0/22 163.198.24.0/22 163.198.240.0/22 163.198.244.0/22 163.198.248.0/22 163.198.28.0/22 163.198.32.0/22 163.198.36.0/22 163.198.4.0/22 163.198.40.0/22 163.198.44.0/22 163.198.48.0/22 163.198.52.0/22 163.198.56.0/22 163.198.60.0/22 163.198.64.0/22 163.198.68.0/22 163.198.72.0/22 163.198.76.0/22 163.198.8.0/22 163.198.80.0/22 163.198.84.0/22 163.198.88.0/22 163.198.92.0/22 163.198.96.0/22 168.80.108.0/22 168.80.112.0/22 168.80.124.0/22 168.80.128.0/22 168.80.136.0/22 168.80.140.0/22 168.80.144.0/22 168.80.152.0/22 168.80.156.0/22 168.80.160.0/22 168.80.176.0/22 168.80.184.0/22 168.80.188.0/22 168.80.192.0/22 168.80.200.0/22 168.80.204.0/22 168.80.208.0/22 168.80.216.0/22 168.80.224.0/22 168.80.236.0/22 168.80.28.0/23 168.80.3.0/24 168.80.30.0/23 168.80.32.0/22 168.80.41.0/24 168.80.42.0/24 168.80.43.0/24 168.80.44.0/23 168.80.46.0/23 168.80.48.0/22 168.80.57.0/24 168.80.58.0/23 168.80.60.0/22 168.80.64.0/22 168.80.76.0/22 168.80.80.0/22 168.80.88.0/22 168.80.92.0/22 168.80.96.0/22 168.81.104.0/22 168.81.108.0/22 168.81.112.0/22 168.81.120.0/22 168.81.124.0/22 168.81.128.0/22 168.81.13.0/24 168.81.134.0/23 168.81.136.0/22 168.81.14.0/24 168.81.140.0/22 168.81.144.0/22 168.81.152.0/22 168.81.156.0/22 168.81.16.0/22 168.81.160.0/22 168.81.168.0/22 168.81.172.0/22 168.81.176.0/22 168.81.184.0/23 168.81.186.0/24 168.81.187.0/24 168.81.192.0/22 168.81.208.0/24 168.81.209.0/24 168.81.210.0/24 168.81.211.0/24 168.81.232.0/22 168.81.24.0/22 168.81.240.0/22 168.81.252.0/24 168.81.253.0/24 168.81.254.0/24 168.81.28.0/22 168.81.32.0/22 168.81.48.0/22 168.81.64.0/22 168.81.76.0/22 168.81.8.0/22 168.81.80.0/22 168.81.88.0/22 168.81.92.0/24 168.81.93.0/24 168.81.94.0/24 168.81.95.0/24 168.81.96.0/22 185.39.8.0/22 196.15.104.0/22 196.15.108.0/22 196.15.112.0/22 196.15.116.0/22 196.15.120.0/22 196.15.124.0/22 2a00:55a0:10::/48 2a00:55a0:5::/48 2a04:7a40::/29
77.72.83.18/24 80.82.64.33/24 80.82.67.39/24 80.82.67.48/24 80.82.69.236/24 80.82.77.3/24 80.82.77.39/24 80.82.78.53/24 80.82.78.6/24 89.248.160.252/24 89.248.162.130/32 89.248.168.37/24 89.248.168.196/24 89.248.171.2/24 89.248.171.57/24 89.248.172.74/24 89.248.174.215/24 89.248.174.253/24 89.248.172.9/24 93.174.88.25/24 93.174.89.146/24 93.174.89.83/24 93.174.93.133/24 93.174.93.219/24 93.174.94.142/24 94.102.48.195/24 94.102.51.18/24 94.102.51.226/24 94.102.52.22/24 94.102.52.26/24 94.102.52.71/24 94.102.54.103/24 94.102.54.118/24 94.102.54.98/24 94.102.59.120/24 94.102.60.132/24 94.102.60.173/24 145.249.105.71/24 185.216.140.49/24 185.56.82.30/24 94.102.51.28/24 61.52.187.58/24 94.102.49.191/24 91.229.112.17/24 88.214.24.77/24 83.97.20.249/24 51.161.12.231/24 195.54.161.122/24 194.26.25.102/24 193.27.229.207/24 168.232.128.5/24 167.71.153.60/24 167.248.133.22/24 165.227.171.142/24 122.142.156.61/24 116.255.198.57/24 2a02:6c8:8000::/33
-
Can anyone verify this? ;)
Has someone one a cross ref against the pfb lists
Justsaying -
@noplan said in Brute Force Auth Attacks ʕ•́ᴥ•̀ʔっ (List of Malicious IP addresses provided):
Can anyone verify this? ;)
Has someone one a cross ref against the pfb lists
JustsayingFor peeters sake, don't use this information if you don't want too. That's your right. See your comment, it seems you don't use any of these ip addresses anyway right?
-
If you host those lists somewhere public then people can just use them as url aliases directly or via pfBlocker.
Of course that does imply trust in whom ever is hosting them...Steve
-
Some are in this list [https://reputation.alienvault.com/reputation.generic] which I use
as an URL Table (IPs) Alias.If I had more bandwidth I would offer to host them.