A 22-year-old man from the US state of Oregon has been accused of allegedly developing and overseeing a distributed refusal (DDOS) -For-Herre-Hire Botnet. Raparbot,
Ethan Folts of USEE, Oregon, has been identified as the administrator of the service, said the US Department of Justice (DOJ). Bottnets have been used to carry out a large-scale DDOS for-Hare attacks that target victims in more than 80 countries since at least 2021.
Foltz has been charged with a count of assistance and removing computer infiltration. If convicted, he has to face 10 years of jail sentence. In addition, the law enforcement officials discovered the residence of Folts on August 6, 2025, seizing the administrative control of the Botnet infrastructure.
The DOJ said that “Rapperbott, aka ‘eleven eleven-eleven botnet’ and ‘cowbott’, a botett that mainly compromises devices such as digital video recorders (DVR) or Wi-Fi router by infecting devices with especially malware with malware.”
“Rapperbott customers then issue commands for infected afflicted devices that force them to send large versions of ‘distributed refund-service’ (DDOM) traffic to various afflicted computers and servers located worldwide.”
Inspired by FBOT (Aka Satori) and Mirai Botnets, Rapperbot is known for the ability to break into target equipment using SSH or Telnet Bruti-Force attacks and co-options in a malicious network capable of launching DDOS attacks. It was first publicly documented by Fortinet in August 2022, with the initial campaign back until May 2021.
A 2023 report by Fortinet expanded the expansion in the cryptozacking of the DDOS Botet, which was illegally closed for mono and maximum value of computes of compromised equipment. Earlier this year, Rapperbott was also implicated in DDOS attacks, targeting Deepsak and X.
Foltz and their co-co-ordinators have been accused of mashing the wrappebot, providing customers to a powerful DDOS botnet, which has been used to conduct more than 370,000 attacks, which target 18,000 unique victims in China, Japan, United States, Ireland and Hong Kong.
Amazon Web Services (AWS), one of the several companies, who supported the initiative, said that Rapperbott infected more than 45,000 equipment in 39 countries and helped identify the command-end-control (C2) infrastructure of Rapperbot and helped the IOT MILEware to map their operations and activities.
Prosecutors also alleged that Botnet had about 65,000 to 95,000 infected victims to draw the DDOS attacks, which was measured between two and three trillions per second (TBPS), with the biggest attack more than 6 TBPS. In addition, the botetas are believed to have used to carry out ransom DDOS attacks, which were the goal of removing the victims.
The investigation discovered the Botetz to Foltz after highlighting the IP address link for various online services used by the defendants, including Paple, Gmail and Internet Services Provider. Foltz has discovered on Google in the context of “raparbot” or “rapper bot” more than 100 times.
Rapperbott’s disintegration is part of the operation poweroff, an ongoing international effort designed to eliminate criminal DDOS for-Hare Infrastructure worldwide.
