To report a botnet PRIVATELY please email: [EMAIL PROTECTED] ----------
As of Mon May 22 13:00:00 UTC 2006 the following IP's and ports are active.
Shadowserver has various types of malware that has attempted TCP Connections on the following IPs and Ports listed. This usually means they are attempting to connect to a Command and Control channel, but on some occasions they may actually just attempt a TCP connection to a service that is known to be alive for network verification. (Google for example) Please consider doing more digging before adding them to IP block lists. 24.96.210.16:6667 24.128.230.236:6667 24.185.53.128:6667 24.185.176.27:8885 24.186.44.205:6667 24.191.3.126:40600 24.206.154.73:8650 38.99.4.134:21958 61.6.39.100:6667 61.21.110.18:5555 61.97.159.146:48910 61.158.122.66:5001 61.222.190.125:6667 62.75.188.143:8080 62.75.188.143:6667 62.75.188.145:8222 62.132.1.219:6667 62.215.84.219:6667 62.216.3.195:6667 62.216.3.195:7000 64.18.138.96:7795 64.18.140.222:1129 64.18.140.246:8171 64.18.147.143:7000 64.18.147.184:7000 64.18.147.190:7000 64.18.147.190:2010 64.18.148.233:65267 64.18.148.250:65267 64.18.149.2:3920 64.18.149.134:6667 64.18.149.134:1814 64.18.149.156:6667 64.18.149.156:1814 64.18.157.58:8877 64.20.45.170:7475 64.76.144.99:6667 64.168.211.100:65289 66.79.163.42:4450 66.79.163.42:8080 66.90.96.104:6667 66.98.190.52:8080 66.223.161.201:32000 66.252.9.242:8081 66.252.24.14:6667 66.252.30.200:6667 67.43.234.122:6667 67.159.10.38:9450 68.178.227.118:5598 68.178.232.99:6556 68.178.232.99:7000 68.178.232.99:6667 68.178.250.119:3921 68.205.87.56:8888 69.64.34.168:6667 69.64.34.170:6667 69.64.34.171:7000 69.64.49.145:6667 69.72.154.158:6667 69.119.246.22:8885 72.10.161.96:6667 72.20.18.22:6667 72.20.21.251:65115 72.20.26.252:6667 72.20.28.235:1814 72.36.239.92:6667 72.49.34.47:6667 72.58.7.106:6667 72.165.175.187:7000 72.178.39.73:6667 80.122.148.130:6667 80.122.148.130:8885 81.56.163.7:6667 82.94.222.186:6667 82.192.74.55:9000 82.192.74.60:9178 83.68.16.198:7000 83.98.133.112:6667 83.98.133.124:6667 83.98.133.125:6667 83.98.158.185:6667 83.98.159.117:9384 83.133.126.46:65520 84.16.251.167:6667 84.19.184.251:8080 84.33.1.80:9000 84.245.3.3:7029 85.14.254.228:6667 85.14.254.237:6667 85.18.188.218:6667 85.25.42.173:8202 85.39.238.234:7000 85.249.140.35:40321 128.32.112.245:6667 129.27.9.248:6667 131.191.42.69:3705 131.202.9.69:5599 140.113.131.32:3132 147.251.197.171:6667 150.7.220.57:9000 150.140.152.19:5522 150.140.152.19:6556 151.36.177.226:3705 161.53.178.240:6667 163.20.127.34:8885 193.23.224.197:6667 193.138.222.11:6667 194.14.236.50:6667 194.68.45.50:6667 194.109.11.22:6556 194.109.11.65:6556 194.226.192.86:6667 195.47.220.2:6669 195.197.175.21:6667 199.224.113.70:4000 200.32.5.228:6667 200.68.3.106:9503 201.0.6.180:6667 202.91.37.235:12347 202.91.37.237:12347 203.129.86.22:22345 203.197.124.165:6667 203.200.81.109:7000 203.223.198.95:8885 203.223.198.95:2800 203.251.205.32:7000 203.251.205.32:6667 203.251.224.162:6667 203.251.224.162:7000 205.134.173.10:6667 205.177.75.176:8080 206.53.56.16:24300 206.63.81.89:6667 207.44.173.198:3921 207.44.173.198:8080 207.44.173.198:7766 208.66.193.197:8080 208.98.2.154:8888 208.98.19.126:6667 208.98.52.71:6666 208.99.207.133:7007 208.99.207.141:6667 209.184.33.9:1234 209.193.93.138:6556 211.21.73.10:6667 211.21.216.130:8885 211.23.210.250:61521 211.36.26.245:6667 211.50.5.244:6668 211.198.64.16:1768 211.226.21.187:32000 211.238.182.11:7000 213.138.39.60:8585 213.151.39.250:5050 213.153.169.173:6667 213.202.227.218:6464 213.202.229.13:6667 213.202.229.14:6667 213.202.242.138:45569 213.202.246.17:6667 216.16.232.62:65467 216.16.232.62:65468 216.32.72.98:6667 216.152.64.143:6667 216.152.66.45:6667 216.152.66.47:6667 217.20.120.18:6667 217.112.91.140:6667 217.146.1.254:4367 218.23.51.125:61521 218.38.19.76:50005 218.38.19.252:51115 218.44.249.117:6667 218.65.89.141:8080 218.202.73.254:61521 218.234.99.66:7000 218.234.99.66:6667 219.101.183.187:6667 220.228.241.57:8080 221.245.42.42:4280 222.178.181.20:22345 This list was created by Chas Tomlin of Shadowserver.org. All TCP connections were verified before posting. -- Nicholas Albright Founder of Shadowserver.org http://www.shadowserver.org
pgplzorttrp30.pgp
Description: PGP signature
_______________________________________________ To report a botnet PRIVATELY please email: [EMAIL PROTECTED] All list and server information are public and available to law enforcement upon request. http://www.whitestar.linuxbox.org/mailman/listinfo/botnets
