BuyukBang, on 03 March 2024 - 12:01 AM, said:
050.058.238.131 - 050.058.238.131 , 000 , Detected AP2P on tw telecom holdings inc
050.058.238.159 - 050.058.238.159 , 000 , Detected AP2P on tw telecom holdings inc
050.058.238.199 - 050.058.238.199 , 000 , anti-p2p bot
050.058.238.228 - 050.058.238.228 , 000 , anti-p2p bot
050.058.238.236 - 050.058.238.236 , 000 , Kad activity on TWTC
But I can confirm whole 50.58.238.* range is infected! I'm writing an emule mod and added a feature to remember all client history (auto cleaned after a user defined period / default is 5 months). This is my first long test run with this feature activated and I've just noticed that this ip range is trying to connect continuously. After a quick google seatch I've found a similar report in Gnutella forum and it's posted 10 years ago! These bots are still doing their job.
https gnutellaforums.com/gtk-gnutella-linux-unix-mac-osx-windows/102603-when-will-gtk-gnutella-1-0-1-macosx-released-does-gtk-have-default-port.html
Screenshot from my mod can be found below. This shows bot's username, user hash value, client version, a few ip address sample (list is much longer), port and connection trial times.
https i.ibb.co/drfvWHG/a.png
Added 50.58.238.128-50.58.238.255 range in 1900 version of ipfilter.