NFOmation.net - Your Ultimate NFO Upload Resource! Viewing NFO file: rented_ovh-tlc-_leaking.to.usenet_-2010-readnfoforaffilsandracers.nfo rented_ovh-tlc-_leaking.to.usenet_-2010-readnfoforaffilsandracers
Hello, my name is Sherlock Scene and i'm here to castrate all dirty leakers :) I heard you all appreciated our last piece of work RENTED.GBIT.CALLED.THE.EDGE.EXPOSED.RUNNING.TORRENTVAULT.ORG.SEEDBOX-TORRENTFAULT Well this time we're about to expose some similar situation.. Many releases are leaking to usenet these days through alt.binaries.foreign @ efnet Started poking around and executing my 1337 social engineering skills: RENTED OVH site run by some friends of CheGuevar from alt.binaries.foreign AKA Gullyside @ Linknet GullySide is do@LinkNet-02ff942a7a.your.banlist.org * GullySide GullySide using link-net.org LinkNet IRC Network GullySide is an SSL Encrypted Client Gullyside End of /WHOIS list. CheGuevar is cheguevara@plz.donthack.us * CheGuevar CheGuevar on @#NZBMatrix.announce CheGuevar using irc.eversible.com Eversible.com Internet Services CheGuevar actually using host 67.220.66.51 CheGuevar End of /WHOIS list. We have an exact list of every file on the DRFTPD and it is 99% identical of what is being posted on >> usenet by 2 bots: https://www.binsearch.info/?max=250&g=alt.binaries.multimedia&a=foreign%404u.tv+%28teevee%29 https://www.binsearch.info/?max=250&g=alt.binaries.multimedia&a=Fake%40address.com+%28tvfreak%29 Releases raced on these sites (SWEDISH, DUTCH, FLEMISH) are mostly auto-uploaded onto usenet.. ############ # Sitename # ############ TLC ########## # AFFILS # ########## KTR OHRLY YUMYUM FuGLi JBM Nukleotide ENEMY G4E CiA SQUiZZiEs SQsR SPORTSBAR EXT REVOLTE FLiK SPiEGEL >> CRiMSON OMiCRON CiO YUMYUM ####### # FTP # ####### 188.165.209.74:1221 [1] Connecting to 188.165.209.74:1221 [1] 220 DrFTPD+ 2.0 (+STABLE+) $Revision: 1761 $ http://drftpd.org [1] AUTH SSL [1] 234 AUTH SSL successful [1] Encryption algorithm: TLSv1 EDH-DSS-DES-CBC3-SHA-168 PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.3.2c 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0) | ssh-hostkey: 1024 4f:4b:1d:89:d1:0a:60:46:bf:2d:4d:50:fe:3e:95:c4 (DSA) |_2048 8e:43:08:c3:37:c9:f4:cd:e4:aa:11:09:53:46:64:d6 (RSA) 111/tcp open rpcbind 2 (rpc #100000) 445/tcp filtered microsoft-ds 1099/tcp open ssl/unknown 10000/tcp open http MiniServ 1.530 (Webmin httpd) Feel free to use any exploit u got :) ######## # IRCD # ######## tlcirc.servebeer.com:7171 95.211.85.71:7171 PORT STATE SERVICE VERSION 23/tcp open socks-proxy CCProxy socks proxy (unauthorized) 25/tcp open socks-proxy CCProxy socks proxy (unauthorized) |_smtp-commands: Couldn't establish connection on port 25 110/tcp open socks-proxy CCProxy socks proxy (unauthorized) 119/tcp open socks-proxy CCProxy socks proxy (unauthorized) 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 808/tcp open http-proxy CCProxy http proxy (unauthorized) 1080/tcp open socks5 (Username/password authentication required) 2121/tcp open socks-proxy CCProxy socks proxy (unauthorized) 3389/tcp open ms-term-serv? 3998/tcp open unknown 5800/tcp open http VNC Server Enterprise Edition httpd E4.5.1 r27892 (VNC port 5900) |_http-methods: No Allow or Public header in OPTIONS response (status code 501) 5900/tcp open vnc VNC (protocol 3.3; Locked out) 49152/tcp open msrpc Microsoft Windows RPC 49153/tcp open msrpc Microsoft Windows RPC 49154/tcp open msrpc Microsoft Windows RPC 49155/tcp open msrpc Microsoft Windows RPC 49156/tcp open msrpc Microsoft Windows RPC ########## # SLAVES # ########## 94.23.210.57 PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 3389/tcp open ms-term-serv 188.165.211.176 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0) | ssh-hostkey: 1024 c9:3e:8d:aa:16:27:36:f1:c7:b1:e8:8f:4b:95:ac:56 (DSA) |_2048 8a:cd:63:38:95:42:ca:95:b5:ee:7f:d2:36:c2:02:c4 (RSA) 445/tcp filtered microsoft-ds 33354/tcp open unknown 40193/tcp open unknown 49175/tcp open unknown //////////////////////////////////////////////////////////////////////////// /// /// If you have any of these users on your sites, please deluser them ! /// /// /// /// Oh, and don't forget to ban all OVH ranges... /// /// /// /// /// /// 87.98.128.0-87.98.255.255 /// /// 91.121.0.0-91.121.255.255 /// /// 94.23.0.0-94.23.255.255 /// /// 178.32.0.0-128.33.255.255 /// /// 188.165.0.0-188.165.255.255 /// /// 213.186.32.0-213.186.63.255 /// /// 213.251.128.0-213.251.191.255 /// /// /// //////////////////////////////////////////////////////////////////////////// #TLC-CHAT %ajay &CM &shaker &TLC-WHORE @P_R_E _clyd_ _rAT ~starr analoque AnSw3R Assassin bar BoNeZ BongMan BreakYoSef c_ C00kie crappi cutme dadude EHCan enforcer enV FenWin funny gb1t GbA GENiUS gow hope imadrunk Impact JHaMSeN keeper Kossiwa ---> user from .nl rented gbit LOS littlebrotha Martin mavado metroguy muiter n3m3s1s Nymph olah paperboy Petabyte pr0k Prime radeno ---> on every Rented site you can imagine RAWisWAR RoxxorsDenoobs rrr Sempron Sharker sharks ShubNiggurath SnakeEye2 Spark01 TiPloiT tyum weiner whitenigger xiU Yaha ZeRaW This NFO File was rendered by NFOmation.net
Hello, my name is Sherlock Scene and i'm here to castrate all dirty leakers :) I heard you all appreciated our last piece of work RENTED.GBIT.CALLED.THE.EDGE.EXPOSED.RUNNING.TORRENTVAULT.ORG.SEEDBOX-TORRENTFAULT Well this time we're about to expose some similar situation.. Many releases are leaking to usenet these days through alt.binaries.foreign @ efnet Started poking around and executing my 1337 social engineering skills: RENTED OVH site run by some friends of CheGuevar from alt.binaries.foreign AKA Gullyside @ Linknet GullySide is do@LinkNet-02ff942a7a.your.banlist.org * GullySide GullySide using link-net.org LinkNet IRC Network GullySide is an SSL Encrypted Client Gullyside End of /WHOIS list. CheGuevar is cheguevara@plz.donthack.us * CheGuevar CheGuevar on @#NZBMatrix.announce CheGuevar using irc.eversible.com Eversible.com Internet Services CheGuevar actually using host 67.220.66.51 CheGuevar End of /WHOIS list. We have an exact list of every file on the DRFTPD and it is 99% identical of what is being posted on >> usenet by 2 bots: https://www.binsearch.info/?max=250&g=alt.binaries.multimedia&a=foreign%404u.tv+%28teevee%29 https://www.binsearch.info/?max=250&g=alt.binaries.multimedia&a=Fake%40address.com+%28tvfreak%29 Releases raced on these sites (SWEDISH, DUTCH, FLEMISH) are mostly auto-uploaded onto usenet.. ############ # Sitename # ############ TLC ########## # AFFILS # ########## KTR OHRLY YUMYUM FuGLi JBM Nukleotide ENEMY G4E CiA SQUiZZiEs SQsR SPORTSBAR EXT REVOLTE FLiK SPiEGEL >> CRiMSON OMiCRON CiO YUMYUM ####### # FTP # ####### 188.165.209.74:1221 [1] Connecting to 188.165.209.74:1221 [1] 220 DrFTPD+ 2.0 (+STABLE+) $Revision: 1761 $ http://drftpd.org [1] AUTH SSL [1] 234 AUTH SSL successful [1] Encryption algorithm: TLSv1 EDH-DSS-DES-CBC3-SHA-168 PORT STATE SERVICE VERSION 21/tcp open ftp ProFTPD 1.3.2c 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0) | ssh-hostkey: 1024 4f:4b:1d:89:d1:0a:60:46:bf:2d:4d:50:fe:3e:95:c4 (DSA) |_2048 8e:43:08:c3:37:c9:f4:cd:e4:aa:11:09:53:46:64:d6 (RSA) 111/tcp open rpcbind 2 (rpc #100000) 445/tcp filtered microsoft-ds 1099/tcp open ssl/unknown 10000/tcp open http MiniServ 1.530 (Webmin httpd) Feel free to use any exploit u got :) ######## # IRCD # ######## tlcirc.servebeer.com:7171 95.211.85.71:7171 PORT STATE SERVICE VERSION 23/tcp open socks-proxy CCProxy socks proxy (unauthorized) 25/tcp open socks-proxy CCProxy socks proxy (unauthorized) |_smtp-commands: Couldn't establish connection on port 25 110/tcp open socks-proxy CCProxy socks proxy (unauthorized) 119/tcp open socks-proxy CCProxy socks proxy (unauthorized) 135/tcp filtered msrpc 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 808/tcp open http-proxy CCProxy http proxy (unauthorized) 1080/tcp open socks5 (Username/password authentication required) 2121/tcp open socks-proxy CCProxy socks proxy (unauthorized) 3389/tcp open ms-term-serv? 3998/tcp open unknown 5800/tcp open http VNC Server Enterprise Edition httpd E4.5.1 r27892 (VNC port 5900) |_http-methods: No Allow or Public header in OPTIONS response (status code 501) 5900/tcp open vnc VNC (protocol 3.3; Locked out) 49152/tcp open msrpc Microsoft Windows RPC 49153/tcp open msrpc Microsoft Windows RPC 49154/tcp open msrpc Microsoft Windows RPC 49155/tcp open msrpc Microsoft Windows RPC 49156/tcp open msrpc Microsoft Windows RPC ########## # SLAVES # ########## 94.23.210.57 PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 3389/tcp open ms-term-serv 188.165.211.176 PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 5.3p1 Debian 3ubuntu4 (protocol 2.0) | ssh-hostkey: 1024 c9:3e:8d:aa:16:27:36:f1:c7:b1:e8:8f:4b:95:ac:56 (DSA) |_2048 8a:cd:63:38:95:42:ca:95:b5:ee:7f:d2:36:c2:02:c4 (RSA) 445/tcp filtered microsoft-ds 33354/tcp open unknown 40193/tcp open unknown 49175/tcp open unknown //////////////////////////////////////////////////////////////////////////// /// /// If you have any of these users on your sites, please deluser them ! /// /// /// /// Oh, and don't forget to ban all OVH ranges... /// /// /// /// /// /// 87.98.128.0-87.98.255.255 /// /// 91.121.0.0-91.121.255.255 /// /// 94.23.0.0-94.23.255.255 /// /// 178.32.0.0-128.33.255.255 /// /// 188.165.0.0-188.165.255.255 /// /// 213.186.32.0-213.186.63.255 /// /// 213.251.128.0-213.251.191.255 /// /// /// //////////////////////////////////////////////////////////////////////////// #TLC-CHAT %ajay &CM &shaker &TLC-WHORE @P_R_E _clyd_ _rAT ~starr analoque AnSw3R Assassin bar BoNeZ BongMan BreakYoSef c_ C00kie crappi cutme dadude EHCan enforcer enV FenWin funny gb1t GbA GENiUS gow hope imadrunk Impact JHaMSeN keeper Kossiwa ---> user from .nl rented gbit LOS littlebrotha Martin mavado metroguy muiter n3m3s1s Nymph olah paperboy Petabyte pr0k Prime radeno ---> on every Rented site you can imagine RAWisWAR RoxxorsDenoobs rrr Sempron Sharker sharks ShubNiggurath SnakeEye2 Spark01 TiPloiT tyum weiner whitenigger xiU Yaha ZeRaW This NFO File was rendered by NFOmation.net
