[nsp-sec] Blast from the past, #ccpower found | irc.crimeircd.net
Shelton, Steve
sshelton at Cogentco.com
Wed Nov 7 09:48:24 EST 2012
All,
I've been tracking these guys for a bit, fighting to keep them off our IP's from time to time. There was some LEO interest a few months ago in .ES realm, but unknown status at this point. They seem to be creeping into the US for services as I'm starting to see /32's equating to US providers.
Please whack if possible!
Bulk mode; whois. [2012-11-07 14:31:03 +0000]
6983 | 216.224.182.99 | ITCDELTA - ITC^Deltacom
7595 | 117.120.6.153 | READYNET-AS-AP Readyspace Network Pte Ltd, Hosted Solutions Provider,Singapore
7643 | 123.30.110.104 | VNPT-AS-VN Vietnam Posts and Telecommunications (VNPT)
16265 | 77.235.47.92 | LEASEWEB LeaseWeb B.V.
17408 | 202.153.205.164 | ABOVE-AS-AP AboveNet Communications Taiwan
17506 | 113.35.224.60 | UCOM UCOM Corp.
20738 | 37.122.209.22 | AS20738 Webfusion Internet Solutions
29550 | 158.255.44.42 | SIMPLYTRANSIT Simply Transit Ltd
31815 | 216.70.82.206 | MEDIATEMPLE - Media Temple, Inc.
42926 | 176.53.27.101 | RADORE Radore Hosting Telekomunikasyon Hizmetleri San. ve Tic. Ltd. Sti.
43391 | 77.223.132.160 | NETDIREKT-TR Netdirekt A.S.
51559 | 31.192.213.231 | NETINTERNET Netinternet Bilgisayar ve Telekomunikasyon San. ve Tic. Ltd. Sti.
Bulk mode; peer-whois. [2012-11-07 14:31:03 +0000]
558 | 216.70.82.206 | NET2EZ - Net2EZ
1299 | 77.235.47.92 | TELIANET TeliaNet Global Network
2516 | 113.35.224.60 | KDDI KDDI CORPORATION
2914 | 113.35.224.60 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 117.120.6.153 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 158.255.44.42 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 202.153.205.164 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 216.224.182.99 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
2914 | 77.235.47.92 | NTT-COMMUNICATIONS-2914 - NTT America, Inc.
3257 | 158.255.44.42 | TINET-BACKBONE Tinet SpA
3356 | 77.235.47.92 | LEVEL3 Level 3 Communications
3549 | 216.224.182.99 | GBLX Global Crossing Ltd.
3549 | 37.122.209.22 | GBLX Global Crossing Ltd.
4323 | 216.224.182.99 | TWTC - tw telecom holdings, inc.
4657 | 117.120.6.153 | STARHUBINTERNET-AS StarHub Internet Exchange
9121 | 176.53.27.101 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 31.192.213.231 | TTNET Turk Telekomunikasyon Anonim Sirketi
9121 | 77.223.132.160 | TTNET Turk Telekomunikasyon Anonim Sirketi
9505 | 202.153.205.164 | TWGATE-AP Taiwan Internet Gateway
10310 | 158.255.44.42 | YAHOO-1 - Yahoo!
10310 | 37.122.209.22 | YAHOO-1 - Yahoo!
10310 | 77.235.47.92 | YAHOO-1 - Yahoo!
15412 | 202.153.205.164 | FLAG-AS Flag Telecom Global Internet AS
45899 | 123.30.110.104 | VNPT-AS-VN VNPT Corp
Message of the Day, infected.crimeircd.net
-
- 24/3/2012 2:12
- _________ .__ .______________________ ________
- \_ ___ \_______|__| _____ ____ | \______ \_ ___ \\______ \
- / \ \/\_ __ \ |/ \_/ __ \| || _/ \ \/ | | \
- \ \____| | \/ | Y Y \ ___/| || | \ \____| ` \
- \______ /|__| |__|__|_| /\___ >___||____|_ /\______ /_______ /
- \/ \/ \/ \/ \/ \/
infected.crimeircd.net Wed Nov 07 08:54:08 2012
#unix 427 [+ntrRMN] ��12Welcome to CrimeIRCD ! �4 �3Checker Status = ON =�4 Do Not Flood The Bot , To check your credit card type chk ccnumber expire cvv2 , ��4 < WARNING > �12 CrimeIRCD NETWORK dont have any ONLINE SHOP for selling CCS all which u see are FAKE BEWARE !
#ccpower 317 [+ntrRM] �6<Your Ultimate Internet Security Guide> �12 |�5 RULES: @/+v verify first, �12| �4For check join #unix || �12 For reporting rippers join #Rippers , �4 Do not set timers faster than 0 60� �7 Checker is On #unix .� �
#chking 113 [+ntrRMN] �7,1�* Welcome to �11#chking �4* �7�CHECKER �9�[ON] * �11#Rippers �7�TO REPORT RIPPERS * �11#Help �7FOR ANY NETWORK/SERVICE �8For Private Web Checker Services �7�===> �9Msg HearTHackeR
#crime 107 [+ntrRNT] �9,1[�11,1Welcome ON ��8#crime���9,1][���7,1Checker ��7[�9ON�7]��9,1�]���9,1�[���7,1FOR ANY �11NETWORK�8/�9SERVICE�8/�4REPORTING��11 join ��8#HeLp �4#rippers��9,1�]���9,1]���8,1PRIVATE WEB CHECKER SERVICES VIST�9 ===>�0 �http://vaultcrime.net��9,1�]�
#approved 82 [+ntrRCG] ��6,1[��03 WelCoMe To �09#AppRoVeD�03 chk-boT == �12�OFF� �06�]�
#FREE 66 [+ntr] ��11,1Welcome to �8#FREE�4,1 <----> FREE VALID CVV'S ONLY HERE !!!! <----> �7,1CHECKER STATUS : �7[ �9ON�7 ]�
#CCards 62 [+ntrRMN] �4,1 Welcome to #CCards Official Channel For Free Sharing OF Knowledge & Stuff�
#chk-br 49 [+ntrR] ��9,1[�11,1Welcome ON ��8#chk-br���9,1][���7,1Checker Status ��7[�9ON�7]��9,1�]���9,1�[���7,1 HeLp Commands��8 !cmd� ���7,1If anyone wants to check on private, msg br_.�
#checker 35 [+mntrR] ��7,1 Checker �9,1 UP . �7,1 Use �4,1 !chk CCNUMBER EXPIREDATE CVV2 �7,1 to chk. �6,1 Recheck = Permanement ban from the channel {Akick List} ��7,1 Checker �9,1 UP . �7,1 Use �4,1 !chk CCNUMBER EXPIREDATE CVV2 AMMOUNT �7,1 to chk. �6,1 Recheck = Permanement ban from the channel {Akick List}�
#checkpit 27 [+ntrR] ��0,1�11W�0�11E�0L�11C�0O�11M�0E �11T�0O �4#�12Checkpit!! �7Checker �9ON! �10Type !help For Commands �7Bot �0 �8 Who �4Rechek AUTO kick banned!!!�9Selling WolrdWide CVV'S �4[USA NON VBV $3]�11 Payment LibertyReserve. /q kawe
#cashout 19 [+ntr] D+P cashout Services / WesternUnion cashout Services / MoneyGram cashout Services
#SITES 18 [+ntr]
#help 17 [+ntrc] Welcome to official #Help channel. /msg Helpserv Help to find help about the services provided. If you need futher assistance please ask your question and you will be answered as soon as a @ is available to assist you. Wait to be voiced (+) by an @ to speak in the channel
#chkank 15 [+rRM] ��15/�0,15/�15,14/�14,1/�0,1 Returned �0- �7Welcome To! �11#chkank �0- �7[�4OFF�7]�0 �8Command: �9!chk <CCNUM> <EXPDATE> <CCV2> �8���|����9 !amex <CCNUM> <EXPDATE> <CCV2> �8���|����9 !chkpp <EMAIL> �8���|����9 !help �0For more �14,1\�15,14\�0,15\�15,0\�
#snoop 14 [+ntrO] ��4Statistical Channel
#Checkcc 13 [+R]
#AllNiteCafe 12
#chk 11 [+rR]
#hex 10 [+ntr] ��7W�3E�4L�13C�14O�15M�4E �13T�15O �14[�5H�12E�13X�6]
#KinG 9 [+mntr] Private Channel For LegenD
#banking 8 [+miR]
#CC-CHK 8 [+ntRM]
#brmafia 7 [+RM]
#fraud 7 [+ntRM]
#europeancc 6 [+ntRM]
#xp 6 [+rR] �8,2welcome to #xp �9bot is �0online �10please dont recheck or u will be banned �
#hackers 5 [+R] welcome to #hackers channel enjoy in ur stay !
#freecards 4 [+rR] �Welcome To #FreeCards ! Just Free Fuckin Cards ! Stay Here and Dont Check These Cards Anywhere Else.This Is For Your Own Use.You Will Have 15 minutes To use Them.After that it will be Public.Follow the rules or you will be banned from the channel. ��1,4( If You Wanna Buy Cards ! Msg Me (BR 10$)(USA 3.5$)�
#MONEY 4 [+miRMN]
#BTX 3 [+ntRVMCk] �4,1\�1,4\�7,4\�4,7\�8,7\ �7,8\�0,8\�8,0\�0,0-�15,0\�0,15\�14,15\�15,14\�1,14\�14,1\�1,1-�4,1 Welcome to BTX ��6 -= CHECKER [ ON ] =- �9 -= FREE APPROVED 100% CVV'S ONLY HERE =-� �1,1-�14,1/�1,14/�15,14/�14,15/�0,15/�15,0/�0,0-�8,0/�0,8/�7,8/�8,7/�4,7/�7,4/�1,4/�4,1/�
#cvvx 3 [+R]
#vhost 3 [+ntrR] Vhost services �UP� example : !vhost ilove.crime.network Notice: !vhost restricted user will be banded if him/her used restricted Vhost enjoy your stay at CrimeIRCD
<badboy1> !chk [redacted] 1014 692
* dzrock1989 has joined #unix
<berburik> badboy1 : Checking [redacted] 1014 692 Please Wait.......
<BatPower> !chk [redacted] 0714 939
<berburik> badboy1 : [redacted] 1014 692 DECLINED! BANK: | VISA | BANK OF AMERICA | DEBIT | CLASSIC | UNITED STATES | USA | 840 | WWW.BANKOFAMERICA.COM/ | (800) 869-3557 | | |
<berburik> badboy1 : [redacted] 1014 692 AVS DETECTED : N (No Match on Address (Street) or Zip)
<berburik> BatPower : Checking [redacted] 0714 939 Please Wait.......
<berburik> BatPower : [redacted] 0714 939 DECLINED! BANK: | VISA | OMNIAMERICAN BANK | DEBIT | CLASSIC | UNITED STATES | USA | 840 | HTTPS://WWW.OMNIAMERICAN.COM/ | | | |
<berburik> BatPower : 4532630026388853 0714 939 AVS DETECTED : N (No Match on Address (Street) or Zip)
* kawe has quit IRC (Ping timeout)
* Loin-King [redacted] 835 Ava Court Lafayette CA 94549 United States 9259620975
* frenocs has joined #unix
* kawe has joined #unix
* TeDdY sell http://youtubewebcams.com if anyone is interesed /msg TeDdY
* TheShadow has quit IRC (User Exited)
* Genius47 has joined #unix
* iPhone has joined #unix
Steve Shelton
Security Engineer
Cogent Communications
sshelton at cogentco.com
More information about the nsp-security
mailing list