VirusTotal detects a number of malicious sites on this server (see report) but blocking access to this IP address is probably the easiest approach. However there seems to be very little of value in the whole /22 and I have personally had it blocked for some months with no ill effects.
The sites that I can identify, their MyWOT ratings and Google prognosis can be download from here [csv]. Use this data as you see fit.
The following sites are on 193.107.16.213. Ones marked in red are flagged by Google as being malicious, although you should assume that they all are and block them accordingly.
allbestauto097.ru
forumsupport015.ru
forumsupport016.ru
forumsupport017.ru
forumsupport018.ru
forumsupport019.ru
forumsupport020.ru
forumsupport023.ru
forumsupport024.ru
forumsupport025.ru
forumsupport026.ru
forumsupport027.ru
forumsupport028.ru
forumsupport029.ru
forumsupport030.ru
forumsupport034.ru
forumsupport037.ru
forumsupport038.ru
forumsupport039.ru
forumsupport040.ru
forumsupport041.ru
forumsupport043.ru
forumsupport044.ru
forumsupport045.ru
forumsupport046.ru
forumsupport047.ru
forumsupport048.ru
forumsupport049.ru
forumsupport050.ru
newssearch001.ru
newssearch002.ru
newssearch003.ru
newssearch010.ru
newssearch017.ru
newssearch024.ru
newssearch039.ru
overviewdrive023.ru
overviewdrive026.ru
overviewdrive027.ru
overviewdrive028.ru
overviewdrive030.ru
overviewdrive032.ru
overviewdrive034.ru
overviewdrive035.ru
overviewdrive036.ru
overviewdrive039.ru
overviewdrive040.ru
overviewdrive041.ru
overviewdrive042.ru
overviewdrive043.ru
overviewdrive044.ru
overviewdrive045.ru
overviewdrive046.ru
overviewdrive047.ru
overviewdrive051.ru
overviewdrive054.ru
overviewdrive056.ru
overviewdrive059.ru
overviewdrive061.ru
overviewdrive063.ru
overviewdrive065.ru
overviewdrive066.ru
overviewdrive070.ru
overviewdrive072.ru
overviewdrive075.ru
overviewdrive087.ru
overviewdrive092.ru
overviewdrive093.ru
overviewdrive094.ru
overviewdrive100.ru
promoution242.ru
rotatorjps001.ru
rotatorjps030.ru
rotatorjps044.ru
rotatorjps046.ru
rotatorjps050.ru
newssearch004.ru
newssearch005.ru
newssearch006.ru
newssearch007.ru
newssearch008.ru
newssearch009.ru
newssearch011.ru
newssearch012.ru
newssearch013.ru
newssearch014.ru
newssearch015.ru
newssearch016.ru
newssearch018.ru
newssearch019.ru
newssearch020.ru
newssearch021.ru
newssearch022.ru
newssearch023.ru
newssearch025.ru
newssearch026.ru
newssearch027.ru
newssearch028.ru
newssearch029.ru
newssearch030.ru
newssearch031.ru
newssearch033.ru
newssearch034.ru
newssearch035.ru
newssearch036.ru
newssearch037.ru
newssearch038.ru
newssearch050.ru
overviewdrive091.ru
overviewdrive095.ru
overviewdrive097.ru
overviewdrive098.ru
permanentbiz.com
promoution115.ru
promoution181.ru
promoution218.ru
promoution221.ru
promoution222.ru
promoution223.ru
promoution224.ru
promoution225.ru
promoution226.ru
promoution227.ru
promoution228.ru
promoution229.ru
promoution231.ru
promoution246.ru
promoution247.ru
promoution248.ru
promoution250.ru
roger001.ru
roger002.ru
roger003.ru
roger004.ru
roger005.ru
roger006.ru
roger007.ru
roger008.ru
roger009.ru
roger010.ru
2 comments:
thank you!
IP address within the range you mentioned were repeatedly trying to hack my website
I follwed your advice and blocked the whole range
I had an IP in this range, port scanning on my Cisco SX20 VC
Post a Comment