On 2023-05-15 01:16, Taavi Eomäe via mailop wrote:
Can confirm seeing a similar botnet at action, ~5000 different
IP-addresses, ~400 million attempts and counting.
Seems to be trying relatively random and unrelated local part + domain
combinations. This also means this botnet is rather trivial to detect.
This does seem to be related to a new round of CPE and GPON compromises,
and yes the weekend numbers were much higher than normal.
But overall it was a high volume spam weekend. *Cough* SendGrid/MailGun
Lot's of DediPath and OVH spam as well.
But some ISP's have to go clean their networks, for their customers sake..
Dynamic Regex Databases, and DUL RBL's took care of them but..
Authentication attacks on Port 25 mostly... (You do have that turned off
I hope), big password spray attacks..
111.70.0.124 (RS) 1 111-70-0-124.emome-ip.hinet.net
111.70.1.170 (RS) 3 111-70-1-170.emome-ip.hinet.net
111.70.1.236 (RS) 1 111-70-1-236.emome-ip.hinet.net
111.70.1.237 (RS) 2 111-70-1-237.emome-ip.hinet.net
111.70.1.238 (RS) 3 111-70-1-238.emome-ip.hinet.net
111.70.1.239 (RS) 1 111-70-1-239.emome-ip.hinet.net
111.70.2.65 (RS) 1 111-70-2-65.emome-ip.hinet.net
111.70.2.66 (RS) 3 111-70-2-66.emome-ip.hinet.net
111.70.2.127 (RS) 1 111-70-2-127.emome-ip.hinet.net
111.70.4.4 (RS) 2 111-70-4-4.emome-ip.hinet.net
111.70.4.189 (RS) 2 111-70-4-189.emome-ip.hinet.net
111.70.5.125 (RS) 3 111-70-5-125.emome-ip.hinet.net
111.70.5.129 (RS) 4 111-70-5-129.emome-ip.hinet.net
111.70.6.28 (RS) 1 111-70-6-28.emome-ip.hinet.net
111.70.6.53 (RS) 3 111-70-6-53.emome-ip.hinet.net
111.70.6.254 (RS) 1 111-70-6-254.emome-ip.hinet.net
111.70.7.41 (RS) 1 111-70-7-41.emome-ip.hinet.net
111.70.7.58 (RS) 4 111-70-7-58.emome-ip.hinet.net
111.70.7.63 (RS) 1 111-70-7-63.emome-ip.hinet.net
111.70.7.139 (RS) 2 111-70-7-139.emome-ip.hinet.net
111.70.9.24 (RS) 1 111-70-9-24.emome-ip.hinet.net
111.70.9.92 (RS) 3 111-70-9-92.emome-ip.hinet.net
111.70.9.165 (RS) 1 111-70-9-165.emome-ip.hinet.net
111.70.9.198 (RS) 2 111-70-9-198.emome-ip.hinet.net
111.70.12.107 (RS) 5 111-70-12-107.emome-ip.hinet.net
111.70.12.108 (RS) 2 111-70-12-108.emome-ip.hinet.net
111.70.12.110 (RS) 1 111-70-12-110.emome-ip.hinet.net
111.70.12.116 (RS) 5 111-70-12-116.emome-ip.hinet.net
111.70.12.117 (RS) 4 111-70-12-117.emome-ip.hinet.net
111.70.12.156 (RS) 1 111-70-12-156.emome-ip.hinet.net
111.70.13.23 (RS) 8 111-70-13-23.emome-ip.hinet.net
111.70.13.24 (RS) 1 111-70-13-24.emome-ip.hinet.net
111.70.13.53 (RS) 1 111-70-13-53.emome-ip.hinet.net
111.70.13.116 (RS) 1 111-70-13-116.emome-ip.hinet.net
111.70.13.121 (RS) 2 111-70-13-121.emome-ip.hinet.net
111.70.13.157 (RS) 4 111-70-13-157.emome-ip.hinet.net
111.70.14.20 (RS) 2 111-70-14-20.emome-ip.hinet.net
111.70.15.76 (RS) 1 111-70-15-76.emome-ip.hinet.net
111.70.15.133 (RS) 3 111-70-15-133.emome-ip.hinet.net
111.70.15.198 (RS) 2 111-70-15-198.emome-ip.hinet.net
111.70.15.212 (RS) 2 111-70-15-212.emome-ip.hinet.net
111.70.15.215 (RS) 1 111-70-15-215.emome-ip.hinet.net
111.70.16.7 (RS) 3 111-70-16-7.emome-ip.hinet.net
111.70.16.62 (RS) 5 111-70-16-62.emome-ip.hinet.net
111.70.16.166 (RS) 3 111-70-16-166.emome-ip.hinet.net
111.70.16.224 (RS) 1 111-70-16-224.emome-ip.hinet.net
111.70.16.226 (RS) 1 111-70-16-226.emome-ip.hinet.net
111.70.16.229 (RS) 1 111-70-16-229.emome-ip.hinet.net
111.70.16.230 (RS) 1 111-70-16-230.emome-ip.hinet.net
111.70.16.232 (RS) 3 111-70-16-232.emome-ip.hinet.net
111.70.17.167 (RS) 3 111-70-17-167.emome-ip.hinet.net
111.70.18.42 (RS) 3 111-70-18-42.emome-ip.hinet.net
111.70.18.43 (RS) 1 111-70-18-43.emome-ip.hinet.net
111.70.18.45 (RS) 2 111-70-18-45.emome-ip.hinet.net
111.70.18.152 (RS) 1 111-70-18-152.emome-ip.hinet.net
111.70.18.165 (RS) 1 111-70-18-165.emome-ip.hinet.net
111.70.18.168 (RS) 5 111-70-18-168.emome-ip.hinet.net
111.70.18.169 (RS) 4 111-70-18-169.emome-ip.hinet.net
111.70.18.211 (RS) 1 111-70-18-211.emome-ip.hinet.net
111.70.18.245 (RS) 3 111-70-18-245.emome-ip.hinet.net
111.70.18.246 (RS) 1 111-70-18-246.emome-ip.hinet.net
111.70.18.247 (RS) 1 111-70-18-247.emome-ip.hinet.net
111.70.18.248 (RS) 5 111-70-18-248.emome-ip.hinet.net
111.70.19.21 (RS) 1 111-70-19-21.emome-ip.hinet.net
111.70.19.84 (RS) 1 111-70-19-84.emome-ip.hinet.net
111.70.19.88 (RS) 1 111-70-19-88.emome-ip.hinet.net
111.70.19.102 (RS) 2 111-70-19-102.emome-ip.hinet.net
111.70.19.145 (RS) 3 111-70-19-145.emome-ip.hinet.net
111.70.19.147 (RS) 1 111-70-19-147.emome-ip.hinet.net
111.70.19.149 (RS) 1 111-70-19-149.emome-ip.hinet.net
111.70.19.162 (RS) 1 111-70-19-162.emome-ip.hinet.net
111.70.19.229 (RS) 1 111-70-19-229.emome-ip.hinet.net
111.70.19.247 (RS) 3 111-70-19-247.emome-ip.hinet.net
111.70.20.11 (RS) 3 111-70-20-11.emome-ip.hinet.net
111.70.20.39 (RS) 1 111-70-20-39.emome-ip.hinet.net
111.70.20.51 (RS) 2 111-70-20-51.emome-ip.hinet.net
111.70.20.52 (RS) 1 111-70-20-52.emome-ip.hinet.net
111.70.20.54 (RS) 4 111-70-20-54.emome-ip.hinet.net
111.70.20.106 (RS) 3 111-70-20-106.emome-ip.hinet.net
111.70.20.107 (RS) 1 111-70-20-107.emome-ip.hinet.net
111.70.21.178 (RS) 1 111-70-21-178.emome-ip.hinet.net
111.70.25.237 (RS) 4 111-70-25-237.emome-ip.hinet.net
111.70.26.51 (RS) 2 111-70-26-51.emome-ip.hinet.net
111.70.26.53 (RS) 4 111-70-26-53.emome-ip.hinet.net
111.70.26.245 (RS) 1 111-70-26-245.emome-ip.hinet.net
111.70.27.106 (RS) 1 111-70-27-106.emome-ip.hinet.net
111.70.27.109 (RS) 3 111-70-27-109.emome-ip.hinet.net
111.70.27.226 (RS) 1 111-70-27-226.emome-ip.hinet.net
111.70.28.22 (RS) 3 111-70-28-22.emome-ip.hinet.net
111.70.28.38 (RS) 4 111-70-28-38.emome-ip.hinet.net
111.70.28.39 (RS) 2 111-70-28-39.emome-ip.hinet.net
111.70.28.49 (RS) 2 111-70-28-49.emome-ip.hinet.net
111.70.28.51 (RS) 3 111-70-28-51.emome-ip.hinet.net
111.70.28.53 (RS) 1 111-70-28-53.emome-ip.hinet.net
111.70.28.55 (RS) 5 111-70-28-55.emome-ip.hinet.net
111.70.28.57 (RS) 2 111-70-28-57.emome-ip.hinet.net
111.70.28.61 (RS) 2 111-70-28-61.emome-ip.hinet.net
111.70.28.62 (RS) 1 111-70-28-62.emome-ip.hinet.net
111.70.28.64 (RS) 1 111-70-28-64.emome-ip.hinet.net
111.70.28.71 (RS) 2 111-70-28-71.emome-ip.hinet.net
111.70.28.73 (RS) 1 111-70-28-73.emome-ip.hinet.net
111.70.28.74 (RS) 3 111-70-28-74.emome-ip.hinet.net
111.70.28.78 (RS) 1 111-70-28-78.emome-ip.hinet.net
111.70.28.86 (RS) 1 111-70-28-86.emome-ip.hinet.net
111.70.28.92 (RS) 5 111-70-28-92.emome-ip.hinet.net
111.70.28.126 (RS) 1 111-70-28-126.emome-ip.hinet.net
111.70.28.136 (RS) 3 111-70-28-136.emome-ip.hinet.net
111.70.28.141 (RS) 2 111-70-28-141.emome-ip.hinet.net
111.70.28.143 (RS) 1 111-70-28-143.emome-ip.hinet.net
111.70.28.145 (RS) 2 111-70-28-145.emome-ip.hinet.net
111.70.28.147 (RS) 1 111-70-28-147.emome-ip.hinet.net
111.70.28.148 (RS) 5 111-70-28-148.emome-ip.hinet.net
111.70.28.149 (RS) 3 111-70-28-149.emome-ip.hinet.net
111.70.28.150 (RS) 2 111-70-28-150.emome-ip.hinet.net
111.70.28.162 (RS) 4 111-70-28-162.emome-ip.hinet.net
111.70.28.165 (RS) 2 111-70-28-165.emome-ip.hinet.net
111.70.28.215 (RS) 1 111-70-28-215.emome-ip.hinet.net
111.70.28.216 (RS) 2 111-70-28-216.emome-ip.hinet.net
111.70.28.217 (RS) 2 111-70-28-217.emome-ip.hinet.net
111.70.28.218 (RS) 3 111-70-28-218.emome-ip.hinet.net
111.70.29.190 (RS) 2 111-70-29-190.emome-ip.hinet.net
111.70.29.191 (RS) 1 111-70-29-191.emome-ip.hinet.net
111.70.36.127 (RS) 1 111-70-36-127.emome-ip.hinet.net
111.70.36.128 (RS) 1 111-70-36-128.emome-ip.hinet.net
111.70.36.218 (RS) 2 111-70-36-218.emome-ip.hinet.net
191.36.147.6 18 vipturbo.com.br
191.36.147.14 22 vipturbo.com.br
191.36.147.25 22 vipturbo.com.br
191.36.147.64 26 vipturbo.com.br
191.36.147.147 39 vipturbo.com.br
191.36.147.152 21 vipturbo.com.br
191.36.147.172 27 vipturbo.com.br
191.36.147.184 23 vipturbo.com.br
191.36.149.28 25 vipturbo.com.br
191.36.149.53 18 vipturbo.com.br
191.36.149.57 25 vipturbo.com.br
191.36.149.64 31 vipturbo.com.br
191.36.149.136 13 vipturbo.com.br
191.36.149.176 25 vipturbo.com.br
191.36.149.221 26 vipturbo.com.br
191.36.149.230 21 vipturbo.com.br
191.36.149.251 25 vipturbo.com.br
191.36.151.8 21 vipturbo.com.br
191.36.151.47 39 vipturbo.com.br
191.36.151.56 14 vipturbo.com.br
191.36.151.148 10 vipturbo.com.br
191.36.151.150 26 vipturbo.com.br
191.36.151.158 24 vipturbo.com.br
191.36.151.160 27 vipturbo.com.br
191.36.151.172 20 vipturbo.com.br
191.36.151.183 18 vipturbo.com.br
191.36.152.28 21 vipturbo.com.br
191.36.152.89 19 vipturbo.com.br
191.36.152.101 23 vipturbo.com.br
191.36.152.129 19 vipturbo.com.br
191.36.152.137 27 vipturbo.com.br
191.36.152.144 42 vipturbo.com.br
191.36.153.2 21 vipturbo.com.br
191.36.153.4 23 vipturbo.com.br
191.36.153.27 25 vipturbo.com.br
191.36.153.57 19 vipturbo.com.br
191.36.153.172 20 vipturbo.com.br
191.36.153.189 25 vipturbo.com.br
191.36.153.190 22 vipturbo.com.br
191.36.153.191 40 vipturbo.com.br
191.36.153.200 23 vipturbo.com.br
191.36.154.76 4 vipturbo.com.br
191.36.154.96 18 vipturbo.com.br
191.36.154.175 24 vipturbo.com.br
191.36.154.207 27 vipturbo.com.br
191.36.155.5 23 vipturbo.com.br
191.36.155.90 31 vipturbo.com.br
191.36.155.116 21 vipturbo.com.br
191.36.155.144 21 vipturbo.com.br
191.36.156.14 (RD) 2 vipturbo.com.br
191.36.156.52 (RD) 2 vipturbo.com.br
191.36.156.53 (RD) 1 vipturbo.com.br
191.36.156.69 (RD) 1 vipturbo.com.br
191.36.156.137 (RD) 1 vipturbo.com.br
191.36.157.125 (RD) 1 vipturbo.com.br
191.36.158.106 21 vipturbo.com.br
191.36.158.179 22 vipturbo.com.br
--
"Catch the Magic of Linux..."
------------------------------------------------------------------------
Michael Peddemors, President/CEO LinuxMagic Inc.
Visit us at http://www.linuxmagic.com @linuxmagic
A Wizard IT Company - For More Info http://www.wizard.ca
"LinuxMagic" a Registered TradeMark of Wizard Tower TechnoServices Ltd.
------------------------------------------------------------------------
604-682-0300 Beautiful British Columbia, Canada
This email and any electronic data contained are confidential and intended
solely for the use of the individual or entity to which they are addressed.
Please note that any views or opinions presented in this email are solely
those of the author and are not intended to represent those of the company.
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
