API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Oct 21st, 2013
220
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.53 KB | None | 0 0
raw download clone embed print report
  1. ABUSE! from 37.59.53.162
  2. loadx187 <********@gmail.com>
  3.  
  4. 3:22 AM (5 hours ago)
  5.  
  6. to abuse
  7. hello i have recently been attacked with a DDoS attack controlled from the above ip. the server has a modded ircd on it..has aprox 12,000 remote control machines used to preform ddos attacks.i have done a bit of looking into this here is some of the results.
  8.  
  9. inetnum: 37.59.0.0 - 37.59.63.255
  10. netname: OVH
  11. descr: OVH SAS
  12. descr: Dedicated servers
  13. descr: http://www.ovh.com
  14.  
  15. Resolved [fuck.jorgee.nu] to [37.59.53.162] Resolved [37.59.53.162] to [loldump.org]
  16. Scanning loldump.org (37.59.53.162) [1000 ports]
  17. Discovered open port 8080/tcp on 37.59.53.162 <---ircd
  18. Discovered open port 443/tcp on 37.59.53.162
  19. Discovered open port 80/tcp on 37.59.53.162
  20. Discovered open port 22/tcp on 37.59.53.162
  21. Discovered open port 6667/tcp on 37.59.53.162 <---ircd
  22. Discovered open port 3333/tcp on 37.59.53.162
  23. Discovered open port 990/tcp on 37.59.53.162
  24. 445/tcp filtered microsoft-ds
  25. 990/tcp open ftp vsftpd 2.3.5
  26. 1010/tcp open http Apache httpd 2.2.22 ((Debian))
  27. |_http-methods: No Allow or Public header in OPTIONS response (status code 200)
  28. |_http-title: Directory listing for loldump.org/
  29. 3333/tcp open dec-notes?
  30. 6667/tcp open irc Unreal ircd (Admin email you.are@a.stupid.mf)
  31. 7070/tcp open irc Unreal ircd (Admin email you.are@a.stupid.mf)
  32. 8080/tcp open irc Unreal ircd (Admin email you.are@a.stupid.mf)
  33.  
  34. Botnet channels (drones remotely controled)
  35.  
  36. #exploit# ?@#sshow ?#x00 ?##ssh ?@#l ?@#f ?#main ?#eshu ?@#rage ?@#windows ?@#snowz# ?#boss @#corecontrol ?#scannerx ?@#s ?@#r# ?@#p ?#ngrz ?@##scaninfo## #hangout
  37.  
  38. here is a link to some the files obtained from there rooted server and various info reguarding the control methods
  39.  
  40. http://www.exposedbotnets.com/2013/10/2038120410514k-linux-bots-hosted-in.html
  41.  
  42. controllers home ip which is connectd to host
  43. * [M] (~root@109-207-53-46.ronus.pl): root
  44. [07:40] Quit:st0n3d (st0n3d@91.121.161.52) quits (User has been permanently banned from CoreIRC (no reason)) (7:40pm)
  45.  
  46. Rude memo sent from buser
  47. (01:09:04) -MemoServ- Why are you fucking with x00's net? x00 is away at school. Those guys did nothing to you. You should have his net removed from pig's blog, and leave us alone. We dont care that you sent ovh some mail about rooted servers and malware. We will just use other servers we have 1000s of them. We can play this game too....
  48.  
  49. hope you can get your customers under control.thanx :)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!