[nsp-sec] Message relay for Paypal requesting assistance with active DDoS
Noam Freedman
noam at noam.com
Sun Dec 12 23:18:48 EST 2010
All,
I was contacted off-list by Jim Oberton (joberton at paypal.com) at Paypal requesting some assistance. I've asked an eBay contact on the list to contact him, but I told him I would forward on an email for him (which is included below). Please contact him directly off-list if you are able to assist.
Thanks,
- Noam
--
Noam Freedman
Akamai Technologies
as20940
---------
>From Jim:
These servers are running an IRC server on port 6667 that is used to
control the target of ongoing DDoS attacks.
The command used to direct these attacks is:
12/11/2010 7:32:21 PM
#loic :!lazor default targethost=paypal.com subsite=/ speed=3 threads=15
method=tcp wait=false random=true checked=false
message=Payback_is_a_bitch,_isn't_it? port=80 start
+++++++++++++++++++++++++++++++++++++++
COMMAND AND CONTROL BOTNET HOSTING ISPs:
Heihachi
abuse at gigalinknetwork.com
support at gigalinknetwork.com
InterNetworX Ltd. & Co. KG: Providing Domain name services for anonops.eu
hostmaster at inwx.de
lucke at 1st-communications.de
berlin at 1st-communications.de
IRC.ANONOPS.EU ABUSE CONTACTS
nic at hostnoc.net
noc at internl.net
abuse at ip-exchange.de
abuse at midphase.com
Abuse at softlayer.net
abuse at fanaticalvps.com
lihaijun at chinamobile.com
abuse at ovh.net
ripe-admin at ipeer.se
Abuse at ipeer.se
abuse at ovh.net
abuse at energimidt.dk
abuse at sil.at
admin at sil.at
abuse at ovh.net
net-abuse at hosteurope.de
abuse at fanaticalvps.com
abuse at dimenoc.com
plquimper at gtcomm.net
ralph at flexwebhosting.nl
abuse at ovh.net
ABUSE LIST WITH IP ADDRESS
Anonops.eu servers:
nic at hostnoc.net 184.82.107.110 teamslack.anonops.eu
noc at internl.net 85.223.50.236 synergy.anonops.eu
abuse at ip-exchange.de 80.190.98.196 lexus.anonops.eu
abuse at midphase.com 173.192.206.141 approved.anonops.eu
Abuse at softlayer.net 173.192.206.141 approved.anonops.eu
abuse at fanaticalvps.com 178.63.172.192 fancy.anonops.eu
lihaijun at chinamobile.com 117.135.137.126 dragon.anonops.eu
abuse at ovh.net 91.121.88.140 klima.anonops.eu
ripe-admin at ipeer.se 213.180.92.167 power.anonops.eu
Abuse at ipeer.se 213.180.92.167 power.anonops.eu
abuse at ovh.net 91.121.72.103 nexus.anonops.eu
abuse at energimidt.dk 92.246.17.71 creative.anonops.eu
abuse at sil.at 86.59.36.242 thealps.anonops.eu
admin at sil.at 86.59.36.242 thealps.anonops.eu
abuse at ovh.net 91.121.92.84 vendetta.anonops.eu
net-abuse at hosteurope.de 83.169.21.109 nitrox.anonops.eu
abuse at fanaticalvps.com 88.198.224.117 tinycore.anonops.eu
abuse at dimenoc.com 67.23.234.51 osiris.anonops.eu
plquimper at gtcomm.net 72.10.160.223 koldsun.anonops.eu
ralph at flexwebhosting.nl 109.70.3.24 firefly.anonops.eu
abuse at ovh.net 91.121.205.10 anansa.anonops.eu
Discovered open port 6667/tcp on 85.223.50.236
Discovered open port 6667/tcp on 91.121.88.140
Discovered open port 6667/tcp on 91.121.72.103
Discovered open port 6667/tcp on 80.190.98.196
Discovered open port 6667/tcp on 92.246.17.71
Discovered open port 6667/tcp on 213.180.92.167
Discovered open port 6667/tcp on 117.135.137.126
Discovered open port 6667/tcp on 67.23.234.51
Discovered open port 6667/tcp on 72.10.160.223
Discovered open port 6667/tcp on 184.82.107.110
Discovered open port 6667/tcp on 109.70.3.24
Discovered open port 6667/tcp on 91.121.205.10
Discovered open port 6667/tcp on 91.121.92.84
Discovered open port 6667/tcp on 117.135.137.126
Discovered open port 6667/tcp on 91.121.72.103
Discovered open port 6667/tcp on 80.190.98.196
Discovered open port 6667/tcp on 67.23.234.51
Discovered open port 6667/tcp on 72.10.160.223
Discovered open port 6667/tcp on 184.82.107.110
Discovered open port 6667/tcp on 109.70.3.24
Discovered open port 6667/tcp on 91.121.205.10
Discovered open port 6667/tcp on 91.121.92.84
More information about the nsp-security
mailing list