yota.com.ni, Part of Semalt Botnet: Research, Ban

wimax183-11.yota.com.ni hit my site as a part of the large Semalt botnet that started with keywords-monitoring-your-success.com and free-video-tool.com campaign, which I have already banned. That botnet was huge. They involved virtua in Brazil as well. Finally that campaign ended and they started with fix-website-errors.com and buttons-for-website. buttons-for-website is a really old Semalt SEO botnet campaign.

Pattern:
To the IP root of 190.181 for the first two octets, add the second two from the hostname.

Observed:
wimax183-11.yota.com.ni 190.181.183.11 190.181.128.0 – 190.181.191.255 190.181.128/18 Yota De Nicaragua

Research:
WiMax128-245.yota.com.ni 190.181.128.245
wimax129-115.yota.com.ni 190.181.129.115
wimax129-158.yota.com.ni 190.181.129.158
wimax132-70.yota.com.ni 190.181.132.70
WiMax133-44.yota.com.ni 190.181.133.44
WiMax137-187.yota.com.ni 190.181.137.187
WiMax139-2.yota.com.ni 190.181.139.2
WiMax141-57.yota.com.ni 190.181.141.57

WiMax150-105.yota.com.ni 190.181.150.105
WiMax156-6.yota.com.ni 190.181.156.6
WiMax156-224.yota.com.ni 190.181.156.224
WiMax156-54.yota.com.ni 190.181.156.54
WiMax157-55.yota.com.ni 190.181.157.55
WiMax163-209.yota.com.ni 190.181.163.209
WiMax167-6.yota.com.ni 190.181.167.6
WiMax172-49.yota.com.ni 190.181.172.49

WiMax180-1.yota.com.ni 190.181.180.1
WiMax182-10.yota.com.ni 190.181.182.10
WiMax183-92.yota.com.ni 190.181.183.92

Leave a Reply

Your email address will not be published. Required fields are marked *