Pågående massiv #bruteforce attack mot primärt Windows server system från #USA

JufCorp AB hjälper företag och föreningar med frågor inom backup / restore , Disaster Recovery, IT säkerhet, molntjänster och Syspeace

Pågående massiv #bruteforce attack mot primärt Windows server system från #USA

 

Som kuriosa tänkte jag nämna en massiv s.k. Brute Force attack / Dictionary attack (på svenska kallad ordboksattack) som pågår just nu med ursprung i USA och som verkar rikta in sig mot asvenska servrar (ett flertal av mina kunder har drabbats).
Den är inte att blanda ihop med den massiva #WannaCrypt attacken som handlar ransomvirus utan är en helt annan typ av attack där inkräktaren försöker att gissa sig till användarnamn och lösenord eller bara att överbelasta servrarna med felaktiga inloggningsförsök.

En gemensam nämnare i just den här attacken är att de använder sig av inloggningsdomänen som inloggningsnamn.
Nedan är en lista på “dagens skörd” av blockerade IP adresser som intrångsskydden blockerat på en enda servrar mellan midnatt och 13:30 hittills idag .

För att se om ni är drabbade, kontrollera Windows Security log.

Om ni är drabbade är ni naturligtvis välkomna att kontakta mig här för hjälp med att hantera attacken eller för att skydda er mot kommande attacker

IP address Times Host name and country
——————– —– ——————————-
5.102.141.94 2 rev-94.141.102.5.tribion.com; Netherlands (NL)
5.103.29.79 2 static-5-103-29-79.fibianet.dk; Denmark (DK)
5.144.158.193 2 ; United Kingdom (GB)
8.3.64.82 2 mail.sharpcnc.com; United States (US)
8.23.71.66 2 BJP2U36T-PC; United States (US)
8.27.164.197 2 ip-8-27-164-197.trucom.com; United States (US)
12.163.187.130 2 ; United States (US)
12.177.217.60 2 ; United States (US)
12.219.206.146 2 ; United States (US)
12.250.27.210 2 ; United States (US)
13.65.24.104 2 ; United States (US)
13.67.181.161 2 ; United States (US)
13.68.88.62 2 ; United States (US)
13.68.92.114 2 ; United States (US)
18.159.7.137 2 koch-six-forty-eight.mit.edu; United States (US)
23.25.213.172 2 23-25-213-172-static.hfc.comcastbusiness.net; United States (US)
23.227.200.187 2 ; United States (US)
24.13.84.17 2 c-24-13-84-17.hsd1.il.comcast.net; United States (US)
24.45.36.135 2 ool-182d2487.dyn.optonline.net; United States (US)
24.47.123.214 2 ool-182f7bd6.dyn.optonline.net; United States (US)
24.136.114.234 2 rrcs-24-136-114-234.nyc.biz.rr.com; United States (US)
24.172.55.54 2 fbiconstruction.com; United States (US)
24.204.55.66 2 mail.jtparkerclaims.com; United States (US)
24.248.203.94 2 wsip-24-248-203-94.ks.ks.cox.net; United States (US)
24.248.223.50 2 wsip-24-248-223-50.ks.ks.cox.net; United States (US)
27.74.243.108 2 tsgw.rcasp.se; Vietnam (VN)
34.192.198.19 2 ec2-34-192-198-19.compute-1.amazonaws.com; United States (US)
37.252.129.11 2 ; Switzerland (CH)
40.71.27.108 2 ; United States (US)
40.76.37.25 2 ; United States (US)
40.86.191.167 2 ; United States (US)
40.135.9.233 2 h233.9.135.40.static.ip.windstream.net; United States (US)
45.17.245.230 2 45-17-245-230.lightspeed.hstntx.sbcglobal.net; United States (US)
45.20.208.49 2 45-20-208-49.lightspeed.rlghnc.sbcglobal.net; United States (US)
45.32.160.56 2 45.32.160.56.vultr.com; United States (US)
45.40.139.116 2 ip-45-40-139-116.ip.secureserver.net; United States (US)
45.63.4.229 2 45.63.4.229.vultr.com; United States (US)
46.231.187.166 2 ; United Kingdom (GB)
47.21.46.106 2 ool-2f152e6a.static.optonline.net; United States (US)
47.23.136.187 2 ool-2f1788bb.static.optonline.net; United States (US)
47.146.183.166 2 ; United States (US)
47.180.64.184 2 static-47-180-64-184.lsan.ca.frontiernet.net; United States (US)
50.47.72.226 2 50-47-72-226.evrt.wa.frontiernet.net; United States (US)
50.73.101.155 2 50-73-101-155-ip-static.hfc.comcastbusiness.net; United States (US)
50.76.16.81 2 50-76-16-81-static.hfc.comcastbusiness.net; United States (US)
50.76.63.221 2 50-76-63-221-ip-static.hfc.comcastbusiness.net; United States (US)
50.76.167.3 2 50-76-167-3-static.hfc.comcastbusiness.net; United States (US)
50.76.202.210 2 50-76-202-210-static.hfc.comcastbusiness.net; United States (US)
50.77.83.137 2 50-77-83-137-static.hfc.comcastbusiness.net; United States (US)
50.77.201.132 2 50-77-201-132-static.hfc.comcastbusiness.net; United States (US)
50.79.7.213 2 50-79-7-213-static.hfc.comcastbusiness.net; United States (US)
50.79.105.34 2 50-79-105-34-static.hfc.comcastbusiness.net; United States (US)
50.192.13.145 2 50-192-13-145-static.hfc.comcastbusiness.net; United States (US)
50.192.141.193 2 50-192-141-193-static.hfc.comcastbusiness.net; United States (US)
50.196.247.193 2 50-196-247-193-static.hfc.comcastbusiness.net; United States (US)
50.197.82.185 2 50-197-82-185-static.hfc.comcastbusiness.net; United States (US)
50.198.160.161 2 50-198-160-161-static.hfc.comcastbusiness.net; United States (US)
50.199.237.34 2 50-199-237-34-static.hfc.comcastbusiness.net; United States (US)
50.203.190.178 2 mail.intermediagroup.org; United States (US)
50.205.10.174 2 50-205-10-174-static.hfc.comcastbusiness.net; United States (US)
50.205.117.51 2 50-205-117-51-static.hfc.comcastbusiness.net; United States (US)
50.233.197.222 2 50-233-197-222-static.hfc.comcastbusiness.net; United States (US)
50.240.252.205 2 50-240-252-205-static.hfc.comcastbusiness.net; United States (US)
50.241.38.49 2 50-241-38-49-static.hfc.comcastbusiness.net; United States (US)
50.243.129.194 2 50-243-129-194-static.hfc.comcastbusiness.net; United States (US)
50.248.123.221 2 50-248-123-221-static.hfc.comcastbusiness.net; United States (US)
50.254.34.165 2 50-254-34-165-static.hfc.comcastbusiness.net; United States (US)
50.254.133.245 2 50-254-133-245-static.hfc.comcastbusiness.net; United States (US)
52.5.139.105 2 ec2-52-5-139-105.compute-1.amazonaws.com; United States (US)
52.6.224.229 2 ec2-52-6-224-229.compute-1.amazonaws.com; United States (US)
52.23.118.225 2 ec2-52-23-118-225.compute-1.amazonaws.com; United States (US)
52.26.151.34 2 ec2-52-26-151-34.us-west-2.compute.amazonaws.com; United States (US)
52.39.168.186 2 ec2-52-39-168-186.us-west-2.compute.amazonaws.com; United States (US)
52.70.19.127 2 ec2-52-70-19-127.compute-1.amazonaws.com; United States (US)
52.73.103.93 2 ec2-52-73-103-93.compute-1.amazonaws.com; United States (US)
52.89.217.62 2 ec2-52-89-217-62.us-west-2.compute.amazonaws.com; United States (US)
52.168.20.3 2 RACESA; United States (US)
52.168.86.1 2 RACESA; United States (US)
52.170.39.1 2 ; United States (US)
52.173.17.163 2 ; United States (US)
52.200.66.163 2 ec2-52-200-66-163.compute-1.amazonaws.com; United States (US)
54.83.47.75 2 ec2-54-83-47-75.compute-1.amazonaws.com; United States (US)
54.86.14.226 2 ec2-54-86-14-226.compute-1.amazonaws.com; United States (US)
54.149.137.41 2 ec2-54-149-137-41.us-west-2.compute.amazonaws.com; United States (US)
54.157.197.20 2 ec2-54-157-197-20.compute-1.amazonaws.com; United States (US)
54.173.247.253 2 ec2-54-173-247-253.compute-1.amazonaws.com; United States (US)
54.243.64.201 2 ec2-54-243-64-201.compute-1.amazonaws.com; United States (US)
64.19.195.138 2 64-19-195-138.c7dc.com; United States (US)
64.40.136.36 2 ; United States (US)
64.60.63.18 2 64-60-63-18.static-ip.telepacific.net; United States (US)
64.61.65.67 2 static-64-61-65-67.isp.broadviewnet.net; United States (US)
64.135.85.4 2 mail.mmpusa.com; United States (US)
64.203.121.118 2 static-64-203-121-118.static; United States (US)
65.25.200.33 2 cpe-65-25-200-33.new.res.rr.com; United States (US)
65.26.224.113 2 cpe-65-26-224-113.wi.res.rr.com; United States (US)
65.35.122.111 2 65-35-122-111.res.bhn.net; United States (US)
65.51.130.102 2 41338266.cst.lightpath.net; United States (US)
65.184.92.138 2 cpe-65-184-92-138.sc.res.rr.com; United States (US)
66.103.3.246 2 ; United States (US)
66.161.214.122 2 cvg-partners.static.fuse.net; United States (US)
66.172.199.188 2 static.longlines.com; United States (US)
66.194.51.146 2 66-194-51-146.static.twtelecom.net; United States (US)
66.199.16.130 2 asg.sbc.net; United States (US)
66.207.228.204 2 vancestmed1.intrstar.net; United States (US)
67.52.39.30 2 rrcs-67-52-39-30.west.biz.rr.com; United States (US)
67.135.195.250 2 67-135-195-250.dia.static.qwest.net; United States (US)
67.136.185.218 2 ; United States (US)
67.177.69.207 2 c-67-177-69-207.hsd1.al.comcast.net; United States (US)
67.182.27.250 2 c-67-182-27-250.hsd1.ca.comcast.net; United States (US)
67.199.46.32 2 ; United States (US)
67.210.56.23 2 ; United States (US)
68.10.137.200 2 ip68-10-137-200.hr.hr.cox.net; United States (US)
68.34.50.181 2 c-68-34-50-181.hsd1.mi.comcast.net; United States (US)
68.129.33.18 2 static-68-129-33-18.nycmny.fios.verizon.net; United States (US)
68.198.150.65 2 ool-44c69641.dyn.optonline.net; United States (US)
69.19.187.134 2 69-19-187-134.static-ip.telepacific.net; United States (US)
69.77.156.178 2 69-77-156-178.static.skybest.com; United States (US)
69.87.217.243 2 CLOUD-89T44LGN2; United States (US)
69.125.1.18 2 ool-457d0112.dyn.optonline.net; United States (US)
69.160.54.11 2 WEB2012; United States (US)
69.174.171.150 2 c185915-v3292-01-static.csvlinaa.metronetinc.net; United States (US)
69.193.209.138 2 rrcs-69-193-209-138.nyc.biz.rr.com; United States (US)
70.60.5.210 2 rrcs-70-60-5-210.central.biz.rr.com; United States (US)
70.89.79.211 2 70-89-79-211-georgia.hfc.comcastbusiness.net; United States (US)
70.90.200.250 2 70-90-200-250-albuquerque.hfc.comcastbusiness.net; United States (US)
70.90.212.126 2 70-90-212-126-saltlake.hfc.comcastbusiness.net; United States (US)
70.169.140.124 2 wsip-70-169-140-124.hr.hr.cox.net; United States (US)
70.171.217.25 2 ip70-171-217-25.tc.ph.cox.net; United States (US)
70.182.31.80 2 wsip-70-182-31-80.fv.ks.cox.net; United States (US)
70.182.247.14 2 wsip-70-182-247-14.ks.ks.cox.net; United States (US)
71.43.115.10 2 rrcs-71-43-115-10.se.biz.rr.com; United States (US)
71.95.178.34 2 71-95-178-34.static.mtpk.ca.charter.com; United States (US)
71.125.51.247 2 pool-71-125-51-247.nycmny.fios.verizon.net; United States (US)
71.126.153.21 2 static-71-126-153-21.washdc.fios.verizon.net; United States (US)
71.174.248.106 2 static-71-174-248-106.bstnma.fios.verizon.net; United States (US)
71.186.195.114 2 static-71-186-195-114.bflony.fios.verizon.net; United States (US)
71.189.243.4 2 static-71-189-243-4.lsanca.fios.frontiernet.net; United States (US)
71.191.80.42 2 static-71-191-80-42.washdc.fios.verizon.net; United States (US)
71.207.69.236 2 c-71-207-69-236.hsd1.pa.comcast.net; United States (US)
71.224.178.158 2 c-71-224-178-158.hsd1.pa.comcast.net; United States (US)
72.16.147.58 2 72-16-147-58.customerip.birch.net; United States (US)
72.38.44.180 2 d72-38-44-180.commercial1.cgocable.net; Canada (CA)
72.82.230.95 2 static-72-82-230-95.cmdnnj.fios.verizon.net; United States (US)
72.167.43.200 2 ip-72-167-43-200.ip.secureserver.net; United States (US)
72.174.248.122 2 host-72-174-248-122.static.bresnan.net; United States (US)
72.204.63.192 2 ip72-204-63-192.fv.ks.cox.net; United States (US)
72.215.140.252 2 wsip-72-215-140-252.pn.at.cox.net; United States (US)
72.215.215.20 2 wsip-72-215-215-20.no.no.cox.net; United States (US)
72.227.80.102 2 cpe-72-227-80-102.maine.res.rr.com; United States (US)
72.253.213.131 2 ; United States (US)
73.69.143.242 2 c-73-69-143-242.hsd1.ma.comcast.net; United States (US)
73.71.29.17 2 c-73-71-29-17.hsd1.ca.comcast.net; United States (US)
73.142.239.31 2 c-73-142-239-31.hsd1.ct.comcast.net; United States (US)
73.146.72.35 2 c-73-146-72-35.hsd1.in.comcast.net; United States (US)
73.189.105.76 2 c-73-189-105-76.hsd1.ca.comcast.net; United States (US)
73.208.34.64 2 c-73-208-34-64.hsd1.in.comcast.net; United States (US)
74.92.21.17 2 74-92-21-17-newengland.hfc.comcastbusiness.net; United States (US)
74.93.101.9 2 remote.youthfulinnovations.com; United States (US)
74.116.23.151 2 smoke2.bgglobal.net; United States (US)
74.118.182.77 2 res.anniversaryinn.com; United States (US)
74.143.195.146 2 rrcs-74-143-195-146.central.biz.rr.com; United States (US)
75.146.75.109 2 75-146-75-109-pennsylvania.hfc.comcastbusiness.net; United States (US)
75.146.145.189 2 75-146-145-189-stlouispark.mn.minn.hfc.comcastbusiness.net; United States (US)
75.147.156.185 2 75-147-156-185-naples.hfc.comcastbusiness.net; United States (US)
75.149.28.17 2 75-149-28-17-pennsylvania.hfc.comcastbusiness.net; United States (US)
75.149.30.201 2 75-149-30-201-pennsylvania.hfc.comcastbusiness.net; United States (US)
75.149.129.98 2 75-149-129-98-connecticut.hfc.comcastbusiness.net; United States (US)
75.150.153.121 2 75-150-153-121-philadelphia.hfc.comcastbusiness.net; United States (US)
75.151.22.138 2 75-151-22-138-michigan.hfc.comcastbusiness.net; United States (US)
81.149.32.248 2 host81-149-32-248.in-addr.btopenworld.com; United Kingdom (GB)
81.149.160.149 2 host81-149-160-149.in-addr.btopenworld.com; United Kingdom (GB)
81.184.4.81 2 81.184.4.81.static.user.ono.com; Spain (ES)
82.70.235.49 2 mail.o-mills.co.uk; United Kingdom (GB)
82.152.42.172 2 ; United Kingdom (GB)
82.163.78.211 2 deals0.outdoor-survival-deals.com; United Kingdom (GB)
84.253.23.243 2 243.23.253.84.static.wline.lns.sme.cust.swisscom.ch; Switzerland (CH)
89.107.57.168 2 CLOUD-CBNJJIKJU; United Kingdom (GB)
93.174.93.162 2 no-reverse-dns-configured.com; Seychelles (SC)
94.173.101.19 2 fpc88091-dund16-2-0-cust18.16-4.static.cable.virginm.net; United Kingdom (GB)
95.143.66.10 2 cpe-et001551.cust.jaguar-network.net; France (FR)
96.2.4.59 2 96-2-4-59-dynamic.midco.net; United States (US)
96.48.86.169 2 s0106002719d04b85.vf.shawcable.net; Canada (CA)
96.56.31.221 2 ool-60381fdd.static.optonline.net; United States (US)
96.56.105.10 2 ool-6038690a.static.optonline.net; United States (US)
96.80.174.85 2 96-80-174-85-static.hfc.comcastbusiness.net; United States (US)
96.80.253.177 2 96-80-253-177-static.hfc.comcastbusiness.net; United States (US)
96.83.33.185 2 96-83-33-185-static.hfc.comcastbusiness.net; United States (US)
96.83.155.97 2 96-83-155-97-static.hfc.comcastbusiness.net; United States (US)
96.85.147.121 2 96-85-147-121-static.hfc.comcastbusiness.net; United States (US)
96.86.193.203 2 96-86-193-203-static.hfc.comcastbusiness.net; United States (US)
96.87.90.37 2 96-87-90-37-static.hfc.comcastbusiness.net; United States (US)
96.89.250.225 2 96-89-250-225-static.hfc.comcastbusiness.net; United States (US)
96.91.83.141 2 96-91-83-141-static.hfc.comcastbusiness.net; United States (US)
96.91.100.241 2 mail.holidayorg.com; United States (US)
96.91.120.121 2 96-91-120-121-static.hfc.comcastbusiness.net; United States (US)
96.93.179.141 2 96-93-179-141-static.hfc.comcastbusiness.net; United States (US)
96.95.3.53 2 96-95-3-53-static.hfc.comcastbusiness.net; United States (US)
96.248.216.162 2 static-96-248-216-162.nrflva.fios.verizon.net; United States (US)
96.250.18.213 2 pool-96-250-18-213.nycmny.fios.verizon.net; United States (US)
96.254.199.133 2 static-96-254-199-133.tampfl.fios.frontiernet.net; United States (US)
97.64.238.118 2 97-64-238-118.client.mchsi.com; United States (US)
97.74.229.216 2 ip-97-74-229-216.ip.secureserver.net; United States (US)
98.209.200.34 2 c-98-209-200-34.hsd1.mi.comcast.net; United States (US)
100.8.29.162 2 static-100-8-29-162.nwrknj.fios.verizon.net; United States (US)
100.12.162.203 2 mail.comjem.com; United States (US)
104.187.243.229 2 104-187-243-229.lightspeed.lnngmi.sbcglobal.net; United States (US)
104.207.135.1 2 104.207.135.1.vultr.com; United States (US)
107.180.77.25 2 ip-107-180-77-25.ip.secureserver.net; United States (US)
108.20.79.148 2 pool-108-20-79-148.bstnma.fios.verizon.net; United States (US)
108.39.247.102 2 pool-108-39-247-102.pitbpa.fios.verizon.net; United States (US)
108.53.118.53 2 pool-108-53-118-53.nwrknj.fios.verizon.net; United States (US)
108.58.195.45 2 ool-6c3ac32d.static.optonline.net; United States (US)
108.60.201.195 2 ; United States (US)
108.61.251.119 2 108.61.251.119.vultr.com; Australia (AU)
108.207.58.163 2 108-207-58-163.lightspeed.lnngmi.sbcglobal.net; United States (US)
109.169.19.116 2 ; United Kingdom (GB)
122.226.196.254 2 ; China (CN)
128.59.46.66 2 dyn-128-59-46-66.dyn.columbia.edu; United States (US)
131.156.136.114 2 ; United States (US)
132.160.48.210 2 ; United States (US)
144.202.132.50 2 144-202-132-50.baltimoretechnologypark.com; United States (US)
146.255.7.75 2 ; United Kingdom (GB)
148.74.244.26 2 ool-944af41a.dyn.optonline.net; United States (US)
162.17.170.225 2 mail.architecturalsheetmetal.com; United States (US)
162.230.118.128 2 162-230-118-128.lightspeed.sntcca.sbcglobal.net; United States (US)
162.231.82.33 2 adsl-162-231-82-33.lightspeed.irvnca.sbcglobal.net; United States (US)
162.246.155.16 2 ; United States (US)
166.62.43.55 2 ip-166-62-43-55.ip.secureserver.net; United States (US)
172.87.144.170 2 rrcs-172-87-144-170.sw.biz.rr.com; United States (US)
172.95.25.4 2 ; United States (US)
173.8.227.70 2 173-8-227-70-denver.hfc.comcastbusiness.net; United States (US)
173.10.137.213 2 173-10-137-213-busname-washingtondc.hfc.comcastbusiness.net; United States (US)
173.12.152.209 2 mail.bfbarchitects.com; United States (US)
173.13.72.50 2 outbound.oceanedge.com; United States (US)
173.14.78.21 2 173-14-78-21-sacramento.hfc.comcastbusiness.net; United States (US)
173.14.220.253 2 173-14-220-253-atlanta.hfc.comcastbusiness.net; United States (US)
173.26.48.212 2 173-26-48-212.client.mchsi.com; United States (US)
173.48.246.52 2 pool-173-48-246-52.bstnma.fios.verizon.net; United States (US)
173.160.91.10 2 173-160-91-10-atlanta.hfc.comcastbusiness.net; United States (US)
173.161.162.68 2 173-161-162-68-philadelphia.hfc.comcastbusiness.net; United States (US)
173.161.224.209 2 173-161-224-209-philadelphia.hfc.comcastbusiness.net; United States (US)
173.193.164.178 2 b2.a4.c1ad.ip4.static.sl-reverse.com; United States (US)
173.197.34.18 2 rrcs-173-197-34-18.west.biz.rr.com; United States (US)
173.220.18.197 2 ool-addc12c5.static.optonline.net; United States (US)
184.16.110.66 2 ; United States (US)
184.176.201.40 2 aexec.com; United States (US)
184.183.152.219 2 wsip-184-183-152-219.ph.ph.cox.net; United States (US)
185.52.248.40 2 ; Germany (DE)
185.129.148.169 2 ; Latvia (LV)
192.198.250.202 2 rrcs-192-198-250-202.sw.biz.rr.com; United States (US)
199.96.115.98 2 ; United States (US)
204.193.139.81 2 ; United States (US)
206.145.187.193 2 morriselectronics.net; United States (US)
208.38.233.43 2 c187290-03-v3409-static.nmchinaa.metronetinc.net; United States (US)
208.75.244.130 2 mail.aisin-electronics.com; United States (US)
208.105.170.100 2 rrcs-208-105-170-100.nys.biz.rr.com; United States (US)
208.180.181.72 2 208-180-181-72.mdlncmtk01.com.sta.suddenlink.net; United States (US)
209.240.184.73 2 OGKCPIPE.nwol.net; United States (US)
213.109.80.18 2 s-213-109-80-18.under.net.ua; Ukraine (UA)
216.81.103.42 2 ; United States (US)
216.170.126.36 2 ; United States (US)
216.176.177.92 2 ; United States (US)

Social tagging: > > > > > > > > > >

Leave a Reply

%d bloggers like this: