Internet Blacklist:
Fighting Hackers and Spam


As cyber attacks increase, bloggers and other website owners may find these blacklists useful. Some of our clients' web sites have received spam comments in their blogs and web pages. Their complaints are reflected in this blacklist. Some frequently found URLs, IP addresses, and keywords recently found in comment spam are included in these lists.

iNetPlanet has found that many large hosting companies do a very poor job of policing there customers' activities. We have recorded tens of thousands of brute force login attacks, denial of service (DOS) attacks, attempted SQL injections, and other automated cyberattacks from servers operated by Amazon, GoDaddy, DreamHost, Bluehost, Digital Ocean, HostGator, and many other companies worldwide. These companies are not conducting the malicious behavoir. Cybercrimals rent server space from the providers and run automated software robots (bots) that do the dirty work. However, in our opinion, hosting services have a responsibility to uphold. It is within their capabilities to automatically monitor outgoing traffic from their systems and stop the malicious behavior of their customers and report them to authorities. One has to wonder if some companies are doing this too slowly or not at all because it is against their economic interests to police malicious traffic coming from their networks.

The lists below include some web sites and email addresses that have been associated with email spam. IP addresses are added to our blacklists periodically when attacks launched on websites and various types of servers owned or operated by iNetPlanet are found. Thess include Denial of Service attacks (DoS). DoS is used as an attempt to slow down or disable a server by flooding it with incoming requests. Some of our reports are gathered from administrators of WordPress sites who have reported multiple attempts from certain IP address to crack into their systems.

If using these lists for configuring firewall software, keep in mind that some information may have changed since publication; for example IP address assignments.



iNetPlanet logo

Country Blacklists

Countries recently found by iNetPlanet to be the source of frequent website hacking.
Website owners might consider blocking all traffic from these countries.

Proceed with caution.


Some IP address blocks are shown for the offending sources. Attacks from IPs in these groups occur
so frequently, that one might consider simply blocking all traffic from them. This list includes Classess
InterDomain Routing (CDIR) notation. For example, 255.255.255.0/24 indicates a group of 255
consecutive IP addresses (255.255.255.0 - 255.255.255.254).
Russia
For many years, Russia has been a thorn in the side of web administrators. Website attacks from
Russia are so frequent that some website firewalls are configured block all traffic from Russia. iNetPlanet firewalls block almost all traffic from Russia before it can even reach the websites we host because none of our customers do bussiness with Russia or have target audiances in that country.
Russia Blacklist


Ukraine
Numerous SQL injection cyber attacks and brute force login attempts have recently been traced by iNetPlanet to have originated from IP addresses assigned to Ukraine. These quite possibly could have come from servers in Ukraine that were hacked by Russia. There has been a huge increase in hacking against Ukraine by Russia. Western intelligence agencies have warned of potential cyber attacks which could spread elsewhere and cause "spillover" damage on global computer networks. The thinking is that if Russia takes control of systems in Ukraine, they could then launch attacks worldwide that appear to come from Ukraine, when in fact the Ukrain servers are simply proxies for Russia.
Ukraine Blacklist


Bulgaria
Begining late 2023 and early 2024, iNetPlanet detected an enormous increase in attacks from Bulgaria. This situation may be similar to that of Ukraine. The Russian hacker group Killnet has been accused of massive cyber attacks on Bulgarian government networks, among others. Killnet is an very aggressive group of hackers with ties to Russia's FSB intelligence services. Most iNetPlanet web servers now block all traffic from Bulgaria.


Singapore
Although no websites hosted by iNetPlanet have ever been sucessfully attacked, many sites hosted by other providers have been hijacked by hackers in Singapore. Press reports have shown that thousands of phising cases have been traced to Singapore, with more than 80% of them involving spoofed banks and financial service companies. The Cyber Security Agency of Singapore released a report in June 2023 citing malicious cyber activites, including ransomware attacks.


Hong Kong
The Hong Kong Computer Emergency Response Team (HKCERT) reported over 16,000 unique security events in Q4 2022. Among them were phishing schemes, botnets, and others. 73% of hong Kong business were hit by cyberattacks in the past few years. There are many reasons networks are attacked. Sometimes the motive is directed at the target, such as in ransomware attacks. In other cases, the attacker's motivation is to take over the target's system. Once hijacked, it can become a weapon used to attack others. Whatever the case, the fact is that iNetPlanet servers fight off thousands of attacks from Hong Kong each month.


China
In April 2024, the FBI said that Chinese hackers preparing to attack US infrastructure. Chinese government-linked hackers have already got into critical infrastructure in the US and are waiting "for just the right moment to deal a devastating blow," according to FBI Director Christopher Wray. iNetPlanet has collected evidence of unsucessful cyberattacks on our systems for years. For website owners that do not need to reach audiances in that country, it is prudent to reject all traffic from China.




Hacker & Spammer Blacklist

These IP addresses have recently been identified as the source of attacks on web servers, WordPress sites, and HTML websites or the source of spam. It is recommended that you consider blocking these IP addresses in your router's firewall settings so that the hackers never reach your server. We have received recent reports of DoS, brute force attacks, and attempts to log in to WordPress websites as "admin", "Administrator", and similar user IDs from these IP addresses. Most of the IPs shown below were identified as the source of attacks on multiple websites and on multiple occasions. Keep in mind that the problem may have been corrected since the time of the report.

IP Address to Block
Comments
5.135.209.86
Hacker / Spammer
Lithuania³. Persistent WordPress hacker!
5.254.97.100
Hacking WordPress website.
31.148.32.9
 WordPress hacker from Czech Republic
35.0.127.52
37.115.190.97
Ukraine Ukraine - Trying to fake login.
37.130.227.133
37.187.129.166
37.214.141.63
37.48.74.44
46.166.179.41
Rapidly hacking WordPress site from many different IP addresses.
46.167.68.17
 Russian Federation
Abuse has been reported from 46.46.160.158 in the Russian Federation.
52.20.28.244
52.21.199.201
52.8.83.81
54.153.12.30
54.153.96.90
54.187.201.137
54.201.36.199
54.232.225.225
 ³ Russian Federation
54.66.219.150
62.248.48.43
WordPress hacker.
66.240.192.138
Unauthorized VPN access attempted.
71.6.167.142
Attempted to gain access to server.
78.137.160.226
78.190.53.98
 Turkey
79.98.107.90
 Brute force log in hacker ³
85.52.193.116
87.251.158.34
 Russian Federation
88.226.188.84
88.236.199.190
Trying to guess passwords.
88.241.105.35
89.105.154.2
89.31.57.5
90.217.1.34
91.109.247.173
 WordPress login abuse from known poster of spam.
91.121.162.191
Ukraine Ukraine . Brute force logon hacker. whois 91.200.12.138
91.226.44.114
92.222.113.177
Rapidly hacking WordPress site from many different IP addresses.
92.45.250.155
93.115.95.202
94.158.95.6
 Ukraine
94.242.246.24
95.190.93.183
 Russian Federation
95.37.17.135
 Russian Federation
104.243.129.210
Robot brute force hacker. Very aggressive attack on WordPress site.
109.201.152.206
Notorious spammer. Rapidly hacking WordPress site from many different IP addresses.
109.67.23.176
 Israel. Three Unauthorized WordPress login attempts.
110.85.105.189
117.218.167.17
 ³ India
129.123.7.6
Rapidly hacking WordPress site from many different IP addresses
130.0.233.146
Ukraine
142.54.184.178
Forum spam. Bogus login attempts. Brute force log in from USA.
151.250.253.183
 Istanbul, Turkey
151.80.44.159
login abuse
173.254.230.70
173.254.236.52
176.10.107.180
Posting spam.
176.125.76.248
 Russian Federation
176.125.76.195
 Russian Federation
176.126.252.11
Spammer
176.31.51.199
Rapidly hacking WordPress site from many different IP addresses.
177.81.132.153
 Brazil¹
178.137.160.226
178.150.16.117
 Ukraine
178.237.14.128
 Thousands of brute force login attempts!! ³
180.150.227.246
Brute force attack on WordPress website.
185.17.135.214
 Russian Federation¹
187.17.165.35
187.4.169.105
WordPress administrator log in attempt.
188.233.239.169
 Russian Federation³
188.3.53.170
188.3.13.121
188.3.13.121
189.28.144.52
189.31.184.129
190.221.134.37
193.201.227.97
Attempted to access WordPress blog as administrator.
193.201.227.116
Many failed login attempts trying to guess passwords.²
193.201.227.83
193.201.224.8
 Hacker / spammer. IP address from Ukraine.
193.201.224.8
 IP 193.201.224.8 is a persistent WordPress hacker.
195.154.251.17
Automated hack attempt. Thousands of logins; different user each time.
196.23.22.4
196.23.22.4
Fake login attempts.
197.15.37.23
 Attempted unauthorized WordPress administrator login.
199.127.226.150
 Spammer hacking WordPress sites. Login abuse.
200.216.110.115
201.146.135.176
201.41.61.77
201.47.155.76
207.35.85.163
 Spammer. Canada.
208.89.129.203
WordPress Hacker. Report to abuse@bell.ca
210.124.118.212
whois
213.24.132.86
 Russian Federation
222.77.205.104
Hacker from China.
146.185.239.200
 Many attempts to hack my website from Russian Federation.¹ ³
54.68.19.189
 Hacker! ³
213.14.94.18
 Turkey Notorious hacker ! ³
91.200.12.22
Ukraine Kiev, Ukraine ¹
185.9.36.170
Turkey ¹
180.150.227.242
Republic of Korea, Seoul,¹
210.92.18.174
45.43.236.210
103.10.191.39
 VERY BAD !
185.92.72.33
 Republic of Korea¹
178.137.160.226
79.141.162.15

________________________________________________________
¹ Newly reported hacker (as of revision date at bottom of this page).
² More than three abuse reports for this IP address.
³ More than ten abuse reports for this IP address.




What Is Spam?

From Wikipedia:
Spam is the use of electronic messaging systems (including most broadcast media, digital delivery systems) to send unsolicited bulk messages indiscriminately. While the most widely recognized form of spam is e-mail spam, the term is applied to similar abuses in other media: instant messaging spam, Usenet newsgroup spam, Web search engine spam, spam in blogs, wiki spam, online classified ads spam, mobile phone messaging spam, Internet forum spam, junk fax transmissions, social networking spam, television advertising and file sharing network spam.

Spamming remains economically viable because advertisers have no operating costs beyond the management of their mailing lists, and it is difficult to hold senders accountable for their mass mailings. Because the barrier to entry is so low, spammers are numerous, and the volume of unsolicited mail has become very high. In the year 2011, the estimated figure for spam messages is around seven trillion. The costs, such as lost productivity and fraud, are borne by the public and by Internet service providers, which have been forced to add extra capacity to cope with the deluge. Spamming has been the subject of legislation in many jurisdictions. People who create electronic spam are called spammers.



Spam URL List



find-your-love-site.com
adultdating-x.com
theresa.cruthers@valueimprovementdrivers.com
valueimprovementdrivers.com
xanga.com
buy395956.phpbbnow.com
trade394130.phpbbnow.com
sharpvacuumbag.forumup.jobs
alli374810.phpbbnow.com
automaticcoffee.dotbb.be
bestcoffeegrind.dotbb.b
bestfinance-blog.com
dyson399069.phpbbnow.com
espressocoffeemaker.forumup.jobs
hoover405407.phpbbnow.com
keurigcoffeemachine.forumup.jobs
kirby402355.phpbbnow.com
sharpvacuumclea.dotbb.be
chocolateflavoredcoffee.fora.pl
decafcoffee.fora.pl
onecupcoffeepot.fora.pl
oreck403739.phpbbnow.com
bestcoffeegrind.dotbb.be
canadaairlinetickets.mioforo.com
chasesecuredcreditcard.lookera.net
rainbow407036.phpbbnow.com
smc397647.phpbbnow.com
allidietpill.forum2u.org
bpcreditcards.dotbb.be
bpgascreditcard.dotbb.be
creditcardconsl.dotbb.be
dysonvacuumclea.dotbb.be
groups.google.com/group/yawrood/web/premier-bank-credit-card
groups.google.com/group/yawrood/web/rainbow-vacuum-cleaner
groups.google.com/group/yawrood/web/smc-wifi-phone
lowbalancetransfer.makeforum.org
orchardbankcreditcard.makeforum.org
hostingphpbb.com/forum/buyskypewifipho.html
hostingphpbb.com/forum/hoovervacuumcle.html
hostingphpbb.com/forum/kirbyvacuumclea.html
hostingphpbb.com/forum/oreckvacuumclea.html
instantbulletin.com/forum/?mforum=prepaidcreditca
instantbulletin.com/forum/?mforum=reversemortgage
instantbulletin.com
fixedlowinteres.dotbb.be
all-decadron.info
cytotec.all-bactroban.info
differin.all-decadron.info
drake-hogestyn.buy-viagara.info
mrsa-symptoms.buy-viagara.info
dostinex.all-decadron.info
doxazosin.all-decadron.info
dramamine.all-decadron.info
dulcolax.all-decadron.info
femara.emsam.info
emsam.info
all-adult-video.blogspot.com
erythromycin.emsam.info
estrace.emsam.info
viagra-doses-prices-com-net-org.buy-viagara.info
xuzzwjspqkww.com
forums.megagames.com
fcpsgx.com
naytawy.biz
all-adult-friend-finder.info
adult-fanfiction.all-adult-friend-finder.info
adult-friend-findercom.all-adult-friend-finder.info
adult-emoticons.all-adult-friend-finder.info
cidvveqrlmnb.com
harlingen.tstc.edu
energy-difference.com
my.wcsx.com
gpvqlmeamaxd.com
success-seo.com
gtobyjeyzvpu.com
gtobyjeyzvpu.com
semalt.com
ltqmobydtjay.com
aeownoytittp.com
msniaffxzlsh.com
nlzpjwgadojo.com
osghdlmwrpjq.com
lvxejukajiei.com
wsbqzxslfozo.com
ljsxwkkhenie.com
pfnnphscnupd.com
tlybrqodcwxf.com
penisenlargementmethods.net
credit-zone.com
loveawake.com
pbkfvzgxxknv.com
srparkgvhtgs.com
rqvunpiysemz.com
MAILER-DAEMON@mail.thenewpush.net
ykexhezcdibd.com
fwlvoafvhnqf.com
gyeusajavere.com
iczrrzqgcaxe.com
kunijihedlhm.com
tonerqhprlxt.com
xgeirsdesedo.com
uztsyphjsnoj.com
xskmjqtuyxay.com
zrxzzhekkeqd.com
lobimtgbbhsb.com
vcgbbbvlqfpr.com
qfnebrbazrim.com
vekhiajggirx.com
ahlxilwiuguh.com
snebwjlguskm.com
funguystudio.com
MAILER-DAEMON@mail.jivko.eu
singlehearth.org
ifindmylove.com
the-first-love.com
MAILER-DAEMON@server.msee.com.my






HOME







updated 04/29/2024
©2010-2024 iNetPlanet LLC


iNetPlanet logo