Top 10 Hostile Web Hosting & Cloud Services for June 2019

Here is the Top 10 Hostile Web Hosting and Cloud Services for June 2019. The data is collected from 11 Websites, mainly running WordPress and sorted by the number of attacks from their IPs.

1. Cloud service “Digital Ocean, Inc” (US & NL & SG), IPs 162.243.0.0/16 – 104.131.0.0/16 – 104.248.0.0/16 – 138.68.128.0/17 – 67.205.128.0/18 – 178.128.0.0/16 – 188.166.0.0/16 – 159.203.0.0/16 – 165.227.0.0/16 – 139.59.0.0/16 – 104.248.0.0/16

2. Cloud service “OVH Systems” (FR & CA), IPs 51.83.0.0/16 – 94.23.0.0/16 – 46.105.0.0/16 – 79.137.0.0/17 – 37.187.0.0/16 – 51.75.0.0/16 – 167.114.0.0/16 – 198.27.64.0/18 – 54.36.0.0/15 – 51.83.0.0/16 – 91.121.0.0/16 – 54.38.0.0/16 – 147.135.128.0/17

3. Cloud service “VegasNAP, LLC (US), IPs 199.127.56.0/22

4. M247 Ltd (GB), IPs 194.187.248.0/22 – 89.238.128.0/18

5. Cloud service “NForce Entertainment” (NL), IPs 212.92.120.0/22

6. Cloud service “UK-2 Limited” (ZA South Africa), IPs 196.52.84.0/24

7. Cloud service “Azure” (FR), IPs 20.188.32.0/19

8. Hetzner Online GmbH (DE), IPs 95.216.0.0/15

9. Alibaba Advertising (CN), IPs * many blocks *

10. Cloud Service “Shenzhen Tencent” (CN), IPs 115.159.0.0/16

Of course Digital Ocean and OVH have filled once again our logs with attacks from their IPs. Half of our logs are from Digital Ocean and OVH IPs.


You can also discuss this topic in our Forums.

6 thoughts on “Top 10 Hostile Web Hosting & Cloud Services for June 2019”

  1. Tom says:

    Can confirm. OVP, Digital Ocean and Shenzhen Tencent IPs have been wreaking havoc here, too. Hetzner, interestingly, not. “Interestingly” since we’re hosted there, too. Obviously brute force scripts have been getting smarter over the years. M247 have been flooding our MX with spam mostly promoting crap on .icu URLs and have been using a shitload of different domains under the .icu TLD as sender address for weeks now. Seems they sold a shitload of shitty domains and do not care much what they are used for. Dozens of UCE complaints had absolutely no effect. Interestingly almost all their spam originitates from a hungarian carrier’s network.

    1. Editor says:

      Traffic from M247 is mostly for spam and some attacks from ROmania IPs.

      See:

      https://www.valueweb.gr/m247-com-an-other-kid-on-the-spamming-block/

      As for Hetzner, we get all kind of attacks but not in a large scale and they stop after one hour or so.

      For me OVH is the worst.

  2. The Duran says:

    Ok, can i ask what kind of security plugin you currently use ?

    1. Editor says:

      As WordPress security plugin we use The Shield.

      But all the statistics and blocks are not handled by a plugin. We have added an extra layer of protection before even anything reaches WordPress.

  3. The Duran says:

    What exactly are those IPs doing ? Spam ?

    1. Editor says:

      No, no, no. Those IPs are not detected as spammers.

      They conduct all kind of ATTACKS, SQL Injections, Directory Traversals, Looking for plugin or script vulnerabilities etc etc.

Leave a Reply

Your email address will not be published. Required fields are marked *