Gnutella Forums - View Single Post - The TechNutopia Fullsize Hostiles List for BearShare and LimeWire

Lord of the Rings · #78 (**permalink**) May 13th, 2014

Just thought I'd give a few simple examples of BOTs on the network from a couple days ago:

Code:

50.22.64.163:2870
50.22.64.180:2821
50.22.64.181:2992
50.22.64.186:4716
50.22.64.188:4310

50.22.78.249:2220
50.22.78.250:3919
50.22.78.252:2085

50.22.158.131:4236
50.22.158.146:1517
50.22.158.148:3132

50.22.186.2:3050
50.22.186.3:2926
50.22.186.4:4939
50.22.186.7:2670
50.22.186.9:2684
50.22.186.10:4720
50.22.186.11:2417
50.22.186.19:2960
50.22.186.20:3321

50.22.214.66:3259
50.22.214.71:3200
50.22.214.74:3715
50.22.214.75:4567
50.22.214.85:1657
50.22.214.89:3422

50.23.91.87:4602
50.23.91.88:1227

50.23.112.4:2487
50.23.112.15:4777
50.23.112.19:4827
50.23.112.28:1177
50.23.112.29:2420
50.23.112.35:1059
50.23.112.36:4082
50.23.112.43:1792
50.23.112.44:4268

50.97.156.201:2770
50.97.156.202:2710
50.97.156.203:3498
50.97.156.207:1244
50.97.156.208:4052
50.97.156.209:1282
50.97.156.215:3268
50.97.156.218:1518
50.97.156.220:3442
50.97.156.221:3408
50.97.156.222:4252

66.212.143.98
66.212.143.106:65229
66.212.143.107:62997
66.212.143.110:56262
66.212.143.116:57379

75.126.109.2
75.126.109.8:3581
75.126.109.9:4572
75.126.109.13:4370
75.126.109.14
75.126.109.18:4827
75.126.109.19:2269
75.126.109.20:3956
75.126.109.27:1971
75.126.109.28:4166
75.126.109.29:1899
75.126.109.33:4911
75.126.109.34
75.126.109.35:2969

154.45.216.140:59405
154.45.216.147:40807
154.45.216.148:46792
154.45.216.154:60824
154.45.216.155:43358
154.45.216.158:51433
154.45.216.159:36646
154.45.216.161:50887
154.45.216.162:40197
154.45.216.163:40206
154.45.216.163:40862
154.45.216.165:37093
154.45.216.166:34054
154.45.216.167:38168
154.45.216.169:47042
154.45.216.172:53731
154.45.216.176:58789
154.45.216.178:38092
154.45.216.179:47561
154.45.216.181:38580
154.45.216.182:42042
154.45.216.184:60297
154.45.216.186:55441
154.45.216.189:34107
154.45.216.190:43937
154.45.216.199:50241

159.253.131.136:4502
159.253.131.144:2232
159.253.131.149:4243
159.253.131.155:3025
159.253.131.163:1492
159.253.131.181:3654
159.253.131.187:2720
159.253.131.190:4414
159.253.131.192:3714
159.253.131.201:4914
159.253.131.205:1662
159.253.131.213:1963
159.253.131.217:2718
159.253.131.219:3561
159.253.131.225:4799
159.253.131.230:2304
159.253.131.231:3740

159.253.143.250:1328
159.253.143.251:2920

184.173.143.8:1211
184.173.143.9:4048
184.173.143.10:4477
184.173.143.13:1532
184.173.143.15:2324
184.173.143.23:2182
184.173.143.24:2764

184.173.220.179:2191
184.173.220.182:4297

195.50.2.185:46028  Phex 3.2.0.102 (3/2.0 GB) first
195.50.2.185:46028  Phex 3.2.0.102 (1/4.0 MB) 10-15 mins later

195.50.2.185:14799  Phex 3.2.0.102 (5411/2.0 GB) first
195.50.2.185:14799  Phex 3.2.0.102 (21/128 MB) 40 mins later
195.50.2.185:14799  Phex 3.2.0.102 (40931/16 GB) an hour later *

195.50.2.185:29936  Phex 3.2.0.102 (78/512 MB) first
195.50.2.185:29936  Phex 3.2.0.102 (40/1.0 GB) an hour later
195.50.2.185:38940  Phex 3.2.0.102 (245/2.0 GB) first
195.50.2.185:38940  Phex 3.2.0.102 (40/1.0 GB) an hour later
195.50.2.185:50145  Phex 3.2.0.102 (4/512 MB) _ (All Belarus)

204.51.224.224:51099
204.51.224.225:50987
204.51.224.226:55918
204.51.224.227:52179
204.51.224.228:56571
204.51.224.229:64402
204.51.224.233:49724
204.51.224.236:64302

Even for these examples, I'm not pretending this is all of them within those ranges, just the ones detected over a period of about 30 mins (which is how fast the console log pages were refreshing at the time.) But it does give an idea about how they spread themselves. Either using same address with different ports or even the same address & port. Or buying up lots of addresses for their mass purposes. I believe several of these listed above had multiple ports in use but for simplicity I removed the multiples of same ip address.
This example is simply a recent capture of them via the firewall console (with a few exceptions such as the 2007 version Phex ones from March - blood suckers.)