Kategorie: Brute Force Attack

Brute Force Attack am Freitag den 09.02.24

Eine Brute Force Attack am Freitag den 09.02.24

Die Brute Force Attack war recht umfangreich aber der armseelige Hacker-Idiot hatte natürlich keine Chance, da es gar keine wp-login.php gibt. Sehr erstaunlich, das dieser dumme Amateur das gar nicht gemerkt hat. Naja, war wohl mal wieder so ein nutzloser ScriptKiddie!

Brute Force Attack - ScriptKiddys - Hacker Amateure

Brute Force Attack – ScriptKiddys – Hacker Amateure

Bei solch einen Brute-Force-Angriff (Brute Force Attack) versuchen Cyberkriminelle (oft nur dumme Amateure) die Passwörter und andere Zugangsdaten zu knacken. Bei den Brute-Force-Attacken greift ein krimineller User auf eine Liste mit häufigen Wörtern zurück. Bei dieser Brute Force Methode geht man dann halt dumm eine Passwortliste durch, bis eines funktioniert.

Darüber hinaus ist die betroffene Website außerdem sowieso durch zusätzliche Sicherheitsmaßnahmen gegen solch dumme Amateure geschützt. Daher trägt solch ein Looser ehe zum Hurmor bei, wir konnten echt nur grinsen und haben Stoff für unsere Website hier!

Die bedauernswerten Login-Versuche gingen von: 09/Feb/2024:00:47:37 bis 09/Feb/2024:01:39:04.

Von diesen kriminellen Login-Idioten wurden sowohl Hosting-Provider als auch einige (wenige) ISP (Internet Service Provider) missbraucht. Schon der Versuch, mittels Brute-Force-Angriff an eine fremde Homepage per Login zu kommen, macht sich strafbar!!!

Brute Force Attack – Welcher Provider waren mehr als einmal dabei?

  • AS51167 – Contabo GmbH ist 2 mal dabei!
  • AS24940 – Hetzner Online GmbH ist 2 mal dabei!
  • AS3462 – Data Communication Business Group ist 2 mal dabei!
  • AS16276 – OVH SAS ist 4 mal dabei!!!
  • AS26496 – GoDaddy.com (Host Europe) ist gleich 4 mal dabei!!!
  • AS396982 – Google LLC ist gleich 4 mal dabei!!!
  • AS14061 – DigitalOcean, LLC ist gleich 6 mal dabei!!!!

Zum Schutz der betroffenen Website und dessen Homepage-Besitzers haben wir die Website, die angegriffen wurde, in Website-1*.com umbenannt!

Auf jeden Fall ist hier auch das Eingreifen der Provider, dessen Netzwerke dafür mißbraucht werden, absolut erforderlich. Leider zeigt uns unsere Erfahrung, das NUR SEHR WENIGE PROVIDER die entsprechenden Abuse-Meldungen wirklich ernst nehmen. Das muss ich endlich ändern!!! Unser Artikel über das Verhalten der verantwortlichen Provider zeigt, was Sache ist!

Hier das Protokoll der Brute Force Attack chronologisch, der MIT VERANTWORTLICHE PROVIDER steht immer drüber:

Brute Force Attack - Login Idioten - Hacker Idioten

Brute Force Attack – Login Idioten – Hacker Idioten

AS396982 – Google LLC:
34.141.215.20 Website-1*.com – – [09/Feb/2024:00:47:37 +0100] „GET / HTTP/1.0“ 403 – „-“ „Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36“

AS396982 – Google LLC:
35.189.117.81 Website-1*.com – – [09/Feb/2024:01:25:08 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
35.189.117.81 Website-1*.com – – [09/Feb/2024:01:25:08 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS14061 – DigitalOcean, LLC:
139.59.71.236 Website-1*.com – – [09/Feb/2024:01:26:02 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
139.59.71.236 Website-1*.com – – [09/Feb/2024:01:26:02 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS51167 – Contabo GmbH:
178.18.246.233 Website-1*.com – – [09/Feb/2024:01:26:48 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
178.18.246.233 Website-1*.com – – [09/Feb/2024:01:26:48 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS14061 – DigitalOcean, LLC:
64.225.113.152 Website-1*.com – – [09/Feb/2024:01:27:35 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
64.225.113.152 Website-1*.com – – [09/Feb/2024:01:27:35 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS14061 – DigitalOcean, LLC:
159.203.103.215 Website-1*.com – – [09/Feb/2024:01:28:41 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
159.203.103.215 Website-1*.com – – [09/Feb/2024:01:28:41 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS396982 – Google LLC
35.201.9.151 Website-1*.com – – [09/Feb/2024:01:28:52 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
35.201.9.151 Website-1*.com – – [09/Feb/2024:01:28:52 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS26832 – Rica Web Services:
38.102.86.228 Website-1*.com – – [09/Feb/2024:01:29:24 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
38.102.86.228 Website-1*.com – – [09/Feb/2024:01:29:24 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS3462 – Data Communication Business Group:
210.65.88.143 Website-1*.com – – [09/Feb/2024:01:29:57 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
210.65.88.143 Website-1*.com – – [09/Feb/2024:01:29:57 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS16276 – OVH SAS:
54.36.180.78 Website-1*.com – – [09/Feb/2024:01:29:58 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
54.36.180.78 Website-1*.com – – [09/Feb/2024:01:30:00 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS131257 – Suratthani ratjabhat university, Thailand:
202.29.18.253 Website-1*.com – – [09/Feb/2024:01:30:00 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
202.29.18.253 Website-1*.com – – [09/Feb/2024:01:30:00 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS201206 – Droptop GmbH:
185.185.26.114 Website-1*.com – – [09/Feb/2024:01:30:21 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
185.185.26.114 Website-1*.com – – [09/Feb/2024:01:30:21 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS26496 – GoDaddy.com, LLC:
50.62.176.86 Website-1*.com – – [09/Feb/2024:01:30:24 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
50.62.176.86 Website-1*.com – – [09/Feb/2024:01:30:24 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS21499 – Host Europe GmbH:
92.204.220.169 Website-1*.com – – [09/Feb/2024:01:30:25 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
92.204.220.169 Website-1*.com – – [09/Feb/2024:01:30:25 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS55899 – LEON TECHNOLOGY, Inc.:
183.182.47.236 Website-1*.com – – [09/Feb/2024:01:30:27 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
183.182.47.236 Website-1*.com – – [09/Feb/2024:01:30:27 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS398101 – GoDaddy.com, LLC:
132.148.126.20 Website-1*.com – – [09/Feb/2024:01:30:53 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
132.148.126.20 Website-1*.com – – [09/Feb/2024:01:30:53 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS51167 – Contabo GmbH:
5.189.184.147 Website-1*.com – – [09/Feb/2024:01:30:56 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
5.189.184.147 Website-1*.com – – [09/Feb/2024:01:30:58 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS7713 – PT Telekomunikasi Indonesia:
180.250.158.201 Website-1*.com – – [09/Feb/2024:01:30:56 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
180.250.158.201 Website-1*.com – – [09/Feb/2024:01:30:56 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS17072 – TOTAL PLAY TELECOMUNICACIONES SA DE CV:
200.23.6.233 Website-1*.com – – [09/Feb/2024:01:31:55 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
200.23.6.233 Website-1*.com – – [09/Feb/2024:01:31:56 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS396982 – Google LLC:
35.184.174.91 Website-1*.com – – [09/Feb/2024:01:32:18 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
35.184.174.91 Website-1*.com – – [09/Feb/2024:01:32:18 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS14061 – DigitalOcean, LLC:
192.241.179.67 Website-1*.com – – [09/Feb/2024:01:32:45 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
192.241.179.67 Website-1*.com – – [09/Feb/2024:01:32:45 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS19108 – Optimum:
173.219.72.221 Website-1*.com – – [09/Feb/2024:01:33:11 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
173.219.72.221 Website-1*.com – – [09/Feb/2024:01:33:11 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS396982 – Google LLC:
104.198.37.199 Website-1*.com – – [09/Feb/2024:01:33:13 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
104.198.37.199 Website-1*.com – – [09/Feb/2024:01:33:13 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS8972 – Host Europe GmbH:
92.204.55.34 Website-1*.com – – [09/Feb/2024:01:33:37 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
92.204.55.34 Website-1*.com – – [09/Feb/2024:01:33:37 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS3462 – Data Communication Business Group:
210.65.88.143 Website-1*.com – – [09/Feb/2024:01:34:03 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
210.65.88.143 Website-1*.com – – [09/Feb/2024:01:34:03 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS24940 – Hetzner Online GmbH:
2a01:4f8:150:432d::2 Website-1*.com – – [09/Feb/2024:01:34:27 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
2a01:4f8:150:432d::2 Website-1*.com – – [09/Feb/2024:01:34:27 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS7616 – Jasmine Internet Co, Ltd.:
203.156.158.197 Website-1*.com – – [09/Feb/2024:01:34:30 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
203.156.158.197 Website-1*.com – – [09/Feb/2024:01:34:31 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS16276 – OVH SAS:
54.36.180.78 Website-1*.com – – [09/Feb/2024:01:34:53 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
54.36.180.78 Website-1*.com – – [09/Feb/2024:01:34:55 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS26496 – GoDaddy.com, LLC:
50.62.177.213 Website-1*.com – – [09/Feb/2024:01:35:13 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
50.62.177.213 Website-1*.com – – [09/Feb/2024:01:35:13 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS24940 – Hetzner Online GmbH:
2a01:4f8:140:2289::2 Website-1*.com – – [09/Feb/2024:01:36:22 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS203461 – REGISTER S.P.A.:
185.2.4.88 Website-1*.com – – [09/Feb/2024:01:36:54 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
185.2.4.88 Website-1*.com – – [09/Feb/2024:01:36:54 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS14061 – DigitalOcean, LLC:
157.245.193.103 Website-1*.com – – [09/Feb/2024:01:36:57 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
157.245.193.103 Website-1*.com – – [09/Feb/2024:01:36:57 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS14061 – DigitalOcean, LLC:
157.245.107.159 Website-1*.com – – [09/Feb/2024:01:37:40 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“
157.245.107.159 Website-1*.com – – [09/Feb/2024:01:37:40 +0100] „POST /wp-login.php HTTP/1.0“ 200 9296 „http://Website-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS16276 – OVH SAS:
2607:5300:201:3000::5e63 Website-1*.com – – [09/Feb/2024:01:38:37 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

AS16276 – OVH SAS:
2001:41d0:2:2009::1 Website-1*.com – – [09/Feb/2024:01:39:04 +0100] „POST /wp-login.php HTTP/1.0“ 302 20 „HTTP://WEBSITE-1*.com/wp-login.php“ „Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:109.0) Gecko/20100101 Firefox/111.0“

Die Brute Force Attack wurde per Mail als Abuse-Meldung geschickt an:

  • AS396982 – Google LLC – google-cloud-compliance@google.com – Abuse-Meldung wird bearbeitet
  • AS26832 – Rica Web Services – complaints@servarica.com – Abuse-Meldung wird bearbeitet
  • AS24940 – Hetzner Online GmbH – abuse@hetzner.com – Abuse-Meldung wird bearbeitet
  • AS8972 – Host Europe GmbH – abuse@ispgateway.de- Abuse-Meldung wird bearbeitet Mail ist aber df-support@df.eu
  • AS21499 – Host Europe GmbH – abuse@godaddy.com – Abuse-Meldung per Email ignoriert, Formularzwang! Ein NoGo!
  • AS26496 – GoDaddy.com, LLC – abuse@godaddy.com – Abuse-Meldung per Email ignoriert, Formularzwang! Ein NoGo!
  • AS14061 – DigitalOcean, LLC – abuse@digitalocean.com – Abuse-Meldung per Email ignoriert, Formularzwang! Ein NoGo!
  • AS16276 – OVH SAS – abuse@ovh.net – Abuse-Meldung – Abuse-Meldung per Email ignoriert, Formularzwang! Ein NoGo!
  • AS51167 – Contabo GmbH – abuse@contabo.de – Abuse-Meldung IGNORIERT, KEINE ANTWORT, KEINE REAKTION
  • AS3462 – Data Communication Business Group – service@inks.com.tw – Abuse-Meldung IGNORIERT, KEINE ANTWORT, KEINE REAKTION
  • AS131257 – Suratthani ratjabhat university, Thailand – noc@uni.net.th – Abuse-Meldung IGNORIERT, KEINE ANTWORT, KEINE REAKTION
  • AS201206 – Droptop GmbH – abuse@linevast.de – Abuse-Meldung IGNORIERT, KEINE ANTWORT, KEINE REAKTION
  • AS55899 – LEON TECHNOLOGY, Inc. – hostmaster@nic.ad.jp – Abuse-Meldung IGNORIERT, KEINE ANTWORT, KEINE REAKTION
  • AS7713 – PT Telekomunikasi Indonesia – abuse@telkom.co.id – Abuse-Meldung IGNORIERT, KEINE ANTWORT, KEINE REAKTION
  • AS17072 – TOTAL PLAY TELECOMUNICACIONES SA DE CV – tesiscio@CIO.MX – Abuse-Meldung IGNORIERT, KEINE ANTWORT, KEINE REAKTION
  • AS19108 – Optimum – abuse@suddenlink.net – Abuse-Meldung IGNORIERT, KEINE ANTWORT, KEINE REAKTION
  • AS7616 – Jasmine Internet Co, Ltd. – abuse@ji-net.com – Abuse-Meldung IGNORIERT, KEINE ANTWORT, KEINE REAKTION
  • AS203461 – REGISTER S.P.A. – abuse@register.it – Abuse – Meldung IGNORIERT, KEINE ANTWORT, KEINE REAKTION

Nun schauen wir mal, wie verantwortungsbewusst die MIT VERANTWORTLICHEN PROVIDER sind! 😉

Wir listen hier dann später auf:

  • Wer richtig reagiert
  • Wer Abuse per Mail nicht akzeptiert, mit FORMULARZWANG kommt. Auch das ist ein NoGo!
  • Wer ignorant ist, also gar nicht reagiert

Mehr Infos zum Thema der Brute-Force-Methoden auch über den Link.

 

Hacker Idioten - Best of Amateurs