The following Host Name was requested from a host database:
94.102.55.189
There was a new connection established with a remote IRC Server. The generated outbound IRC traffic is provided below:
NICK [00|USA|843633]
USER XP-0033 * 0 :COMPUTERNAME
MODE [00|USA|843633] -ix
JOIN #HowieTeS# KillerZ2009
litle scan :
Interesting ports on 94.102.55.189:
Not shown: 1669 closed ports
PORT STATE SERVICE VERSION
21/tcp open ftp?
22/tcp open ssh OpenSSH 4.3 (protocol 2.0)
25/tcp open smtp
53/tcp open domain
80/tcp open http Apache httpd 2.2.3 ((CentOS))
110/tcp open pop3 Courier pop3d
143/tcp open imap Courier Imapd (released 2005)
443/tcp open ssl/http Apache httpd 2.2.3 ((CentOS))
993/tcp open imaps?
995/tcp open ssl/pop3 Courier pop3d
3306/tcp open mysql MySQL 5.0.45
when u conect to 3306 here is the msg from server
UserModes :
ChanModes :
looks like heavly secured botnet
here more info about hosting and ISP owner
Your IP Address: 94.102.55.189
IP Address Hostname: 94.102.55.189
IP Country: Netherlands
IP Country Code: NLD
IP Continent: Europe
IP Region: Noord-Holland
Guessed City: Amsterdam
IP Latitude: 52.35
IP Longitude: 4.9167
ISP Provider: Ecatel LTD
rgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL
ReferralServer: whois://whois.ripe.net:43
NetRange: 94.0.0.0 – 94.255.255.255
CIDR: 94.0.0.0/8
NetName: 94-RIPE
NetHandle: NET-94-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS2.LACNIC.NET
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
RegDate: 2007-07-30
Updated: 2009-05-18
== Additional Information From whois://whois.ripe.net:43 ==
inetnum: 94.102.48.0 – 94.102.63.255
netname: NL-ECATEL-20080829
descr: Ecatel LTD
country: NL
org: ORG-EL38-RIPE
admin-c: RvE16-RIPE
tech-c: RvE16-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: ECATEL-MNT
mnt-routes: ECATEL-MNT
source: RIPE # Filtered
organisation: ORG-EL38-RIPE
org-name: Ecatel LTD
org-type: LIR
address: Ecatel LTD
Reinier van Eeden
P.O.Box 19533
2521 CA The Hague
NETHERLANDS
phone: +31702204015
fax-no: +31702204015
e-mail: r.eeden@nl.iqarus.com
admin-c: RvE16-RIPE
mnt-ref: ECATEL-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
person: Reinier van Eeden
address: Archangelkade 1-3
address: 1013 BE Amsterdam
mnt-by: IQARUS-MNT
e-mail: r.eeden@nl.iqarus.com
phone: +31 64 607 11 12
nic-hdl: RvE16-RIPE
source: RIPE # Filtered
route: 94.102.48.0/20
descr: AS29073 Route object
origin: AS29073
mnt-by: ECATEL-MNT
source: RIPE # Filtered