I actually don't give a fuck about the IP 49.176.67.225 
Yes, I've used it before. I've been doing some digging on a RAT file that has the phone home set to my IP:
BTCTalkAccs pointed me to this virustotal analysis of a DarkComet/DarkKomet RAT with the name 'minecraft.exe':
https://www.virustotal.com/en/file/9970283d1c08091f9260a5bbbc76220ed7b88b75d8352bcbfe35c4730f608262/analysis/
This RAT is set to phone home to: 58.111.143.105:200, which is my IP and on the port 200. However, this is quite meaningless as anyone can do that - it's no different than linking to another webpage. This is the first time I became aware of 'minecraft.exe', and a search on 9970283d1c08091f9260a5bbbc76220ed7b88b75d8352bcbfe35c4730f608262 doesn't turn up anything.
It also has the file name MSRSAAP.EXE, which turns up on virustotal here:
https://www.virustotal.com/en/file/4589cc7f0791e87906da850d27306637d01a71fb6aca9cee74be84c5bfff65c2/analysis/
The SHA hash doesn't also turn up anything other than virustotal on Google, but there are a lot of info on the name MSRSAAP.EXE.
http://answers.yahoo.com/question/index?qid=20120219155647AAN5JIV
http://softwaredownloadpro.com/question14580.html
http://translate.googleusercontent.com/translate_c?depth=1&hl=en&prev=/search%3Fq%3DMSRSAAP.EXE%26safe%3Doff%26client%3Dfirefox-a%26hs%3DFi4%26sa%3DN%26rls%3Dorg.mozilla:en-US:official%26biw%3D1920%26bih%3D940&rurl=translate.google.com&sl=ru&u=http://otvet.mail.ru/question/76611000&usg=ALkJrhiiM8v8n5hHgMTrWiy8ZWjVQYIGJg
This malware has been posted by the user "manolz" as some anti-anticheat or something:
http://www.gamersoul.com/forums/showthread.php?185177-Hackshield-AntiHook-NoShield-0-1-beta/page3
Also on youtube by "iCrack Trainers" (shell youtube account):
http://www.youtube.com/watch?v=VaKLmM40428
So, there's two possibilities:
1) I've been spreading malware disguised as anticheat bypasses and trainers for games that has been documented in English, Chinese and Russian while using my own IP address and have been doing it from 2012 or earlier decides to make a new RAT and upload it to virustotal and do nothing with it.
2) Someone who wants to frame me / plant false evidence and has a history of making game-related malware makes a new RAT that connects to my IP and port 200 (which isn't even open), uploads it to virustotal and does nothing with it.
If you look at the date (2013-06-09), you'll see that exactly a week earlier MoneyPakTrader got butthurt that I penetrated his website (which deals with currency exchange) - without doing any malicious damage - and found my IP address:
https://bitcointalk.org/index.php?topic=223665
June 02, 2013, 05:36:28 PM
You decide. Thanks for digging that out, BTCTalkAccounts!
Yes, I've used it before. I've been doing some digging on a RAT file that has the phone home set to my IP:
BTCTalkAccs pointed me to this virustotal analysis of a DarkComet/DarkKomet RAT with the name 'minecraft.exe':
https://www.virustotal.com/en/file/9970283d1c08091f9260a5bbbc76220ed7b88b75d8352bcbfe35c4730f608262/analysis/
This RAT is set to phone home to: 58.111.143.105:200, which is my IP and on the port 200. However, this is quite meaningless as anyone can do that - it's no different than linking to another webpage. This is the first time I became aware of 'minecraft.exe', and a search on 9970283d1c08091f9260a5bbbc76220ed7b88b75d8352bcbfe35c4730f608262 doesn't turn up anything.
It also has the file name MSRSAAP.EXE, which turns up on virustotal here:
https://www.virustotal.com/en/file/4589cc7f0791e87906da850d27306637d01a71fb6aca9cee74be84c5bfff65c2/analysis/
The SHA hash doesn't also turn up anything other than virustotal on Google, but there are a lot of info on the name MSRSAAP.EXE.
http://answers.yahoo.com/question/index?qid=20120219155647AAN5JIV
http://softwaredownloadpro.com/question14580.html
http://translate.googleusercontent.com/translate_c?depth=1&hl=en&prev=/search%3Fq%3DMSRSAAP.EXE%26safe%3Doff%26client%3Dfirefox-a%26hs%3DFi4%26sa%3DN%26rls%3Dorg.mozilla:en-US:official%26biw%3D1920%26bih%3D940&rurl=translate.google.com&sl=ru&u=http://otvet.mail.ru/question/76611000&usg=ALkJrhiiM8v8n5hHgMTrWiy8ZWjVQYIGJg
This malware has been posted by the user "manolz" as some anti-anticheat or something:
http://www.gamersoul.com/forums/showthread.php?185177-Hackshield-AntiHook-NoShield-0-1-beta/page3
Also on youtube by "iCrack Trainers" (shell youtube account):
http://www.youtube.com/watch?v=VaKLmM40428
So, there's two possibilities:
1) I've been spreading malware disguised as anticheat bypasses and trainers for games that has been documented in English, Chinese and Russian while using my own IP address and have been doing it from 2012 or earlier decides to make a new RAT and upload it to virustotal and do nothing with it.
2) Someone who wants to frame me / plant false evidence and has a history of making game-related malware makes a new RAT that connects to my IP and port 200 (which isn't even open), uploads it to virustotal and does nothing with it.
If you look at the date (2013-06-09), you'll see that exactly a week earlier MoneyPakTrader got butthurt that I penetrated his website (which deals with currency exchange) - without doing any malicious damage - and found my IP address:
https://bitcointalk.org/index.php?topic=223665
June 02, 2013, 05:36:28 PM
You decide. Thanks for digging that out, BTCTalkAccounts!
Quoted for future reference. I am not BTCTalkAccounts btw, that wasn't even my nick on IRC pay attention.
