SHARE
TWEET

Styx EK installing Simda @ eternal-todo.com: Domain/IP info

a guest Oct 20th, 2013 296 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Initial domains:
  2.  
  3. 178.170.104.124
  4. actes-lyon.org
  5. aybabtu.ru
  6. brave.net.nz
  7. goozix.com
  8. gylaqim.com
  9. healthpharmacydrug.in
  10. moniwild.sakura.ne.jp
  11. rodinr.511.com1.ru
  12. rxtreatments.ru
  13. southeasterntrains-fail.com
  14. toys-store.net
  15. webhydro.com
  16. www.sweetscape.com
  17.  
  18. Styx domains:
  19.  
  20. www1.l5yhg95szx7k42.usa.cc
  21. www1.o-6vuo7jzwff5fv.usa.cc
  22. www1.qejt8wkvxre5a98.usa.cc
  23. www1.xjfvtg6bagx8.usa.cc
  24. www1.yi4f59df9s509dmg7.usa.cc
  25. www2.lmm3jn8un9e0t3.mohamed.me
  26. www2.pz16hdco9zmw1.mohamed.me
  27. www3.ad63gyomll2jo237-1.usa.cc
  28. www3.ev2okgoe5o6.usa.cc
  29. www3.x1ediwc0h9zrdzaud.4pu.com
  30. www3.x-8hlldq1w50.usa.cc
  31. www3.y-83m4wjpzlx6.usa.cc
  32.  
  33. Binary IPs:
  34.  
  35. 212.117.176.187
  36. 79.133.196.94
  37. 69.57.173.222
  38. 46.105.131.126
  39.  
  40. Binary IPs whois info:
  41.  
  42. ** 212.117.176.187 **
  43.  
  44. inetnum:        212.117.176.0 - 212.117.190.255
  45. netname:        SERVER-NETWORK
  46. descr:          root SA
  47. country:        LU
  48. admin-c:        AB99-RIPE
  49. tech-c:         RE655-RIPE
  50. status:         ASSIGNED PA
  51. mnt-by:         ROOT-MNT
  52. source:         RIPE # Filtered
  53.  
  54. role:           root eSolutions
  55. address:        35, rue John F. Kennedy
  56. address:        7327 Steinsel
  57. address:        Luxembourg
  58. phone:          +352 20.500
  59. fax-no:         +352 20.500.500
  60. abuse-mailbox:  abuse@as5577.net
  61. remarks:
  62. remarks:        +------------------------------------+
  63. remarks:        | Operational Issues:                |
  64. remarks:        |                     noc@as5577.net |
  65. remarks:        +------------------------------------+
  66. remarks:        | Abuse and Spam:                    |
  67. remarks:        |                   abuse@as5577.net |
  68. remarks:        +------------------------------------+
  69. remarks:
  70. admin-c:        RE655-RIPE
  71. tech-c:         AB99-RIPE
  72. nic-hdl:        RE655-RIPE
  73. mnt-by:         ROOT-MNT
  74. source:         RIPE # Filtered
  75.  
  76. person:         Andy BIERLAIR
  77. address:        root SA
  78. address:        35, rue John F. Kennedy
  79. address:        7327 Steinsel
  80. address:        Luxembourg
  81. phone:          +352 20.500
  82. fax-no:         +352 20.500.500
  83. nic-hdl:        AB99-RIPE
  84. mnt-by:         ROOT-MNT
  85. remarks:
  86. remarks:        +------------------------------------+
  87. remarks:        | I did *NOT* spam your mailbox!     |
  88. remarks:        | I will *NOT* reply to abuse mails! |
  89. remarks:        |                                    |
  90. remarks:        | Please contact abuse@as5577.net !  |
  91. remarks:        +------------------------------------+
  92. remarks:
  93. source:         RIPE # Filtered
  94.  
  95. % Information related to '212.117.160.0/19AS5577'
  96.  
  97. route:          212.117.160.0/19
  98. descr:          root SA
  99. origin:         AS5577
  100. mnt-by:         ROOT-MNT
  101. source:         RIPE # Filtered
  102.  
  103.  
  104. ** 79.133.196.94 **
  105.  
  106. inetnum:        79.133.196.80 - 79.133.196.95
  107. netname:        HOSTLAB-NET
  108. descr:          eTOP http://www.etop.pl
  109. country:        PL
  110. admin-c:        ETOP1-RIPE
  111. tech-c:         ETOP1-RIPE
  112. status:         ASSIGNED PA
  113. mnt-by:         ETOP-MNT
  114. source:         RIPE # Filtered
  115.  
  116. role:           eTOP RIPE Administrators
  117. address:        eTOP Sp. z o.o.
  118. address:        Al.Jerozolimskie 200
  119. address:        02-222 Warsaw
  120. address:        Poland
  121. phone:          +48 22 5780100
  122. fax-no:         +48 22 5780101
  123. remarks:        from fixed network in Poland dial 0801 081 221
  124. remarks:        trouble:      Information and questions: mailto:etop@etop.pl
  125. remarks:        trouble:      Abuse and bug reports: mailto:abuse@etop.pl
  126. admin-c:        KO1097-RIPE
  127. admin-c:        MICB1-RIPE
  128. admin-c:        AGA444-RIPE
  129. tech-c:         KO1097-RIPE
  130. tech-c:         MICB1-RIPE
  131. tech-c:         AGA444-RIPE
  132. nic-hdl:        ETOP1-RIPE
  133. mnt-by:         ETOP-MNT
  134. source:         RIPE # Filtered
  135. abuse-mailbox:  abuse@etop.pl
  136.  
  137. % Information related to '79.133.192.0/19AS20853'
  138.  
  139. route:          79.133.192.0/19
  140. descr:          eTOP NET
  141. origin:         AS20853
  142. mnt-by:         ETOP-MNT
  143. source:         RIPE # Filtered
  144.  
  145.  
  146.  
  147. ** 69.57.173.222 **
  148.  
  149.  
  150. %rwhois V-1.0,V-1.5:00090h:00 my.dedicatednow.com (Ubersmith RWhois
  151. Server V-2.3.0)
  152. autharea=69.57.173.0/24
  153. xautharea=69.57.173.0/24
  154. network:Class-Name:network
  155. network:Auth-Area:69.57.173.0/24
  156. network:ID:NET-3225.69.57.173.216/29
  157. network:Network-Name:69.57.173.216/29
  158. network:IP-Network:69.57.173.216/29
  159. network:IP-Network-Block:69.57.173.216 - 69.57.173.223
  160. network:Org-Name:ISCP SIA
  161. network:Street-Address:Lubanas iela 121-37
  162. network:City:Riga
  163. network:State:Tortolla
  164. network:Postal-Code:VG 1110
  165. network:Country-Code:LV
  166. network:Tech-Contact:MAINT-3225.69.57.173.216/29
  167. network:Created:20100915020908000
  168. network:Updated:20100915020908000
  169. network:Updated-By:network@fortressitx.com
  170. contact:POC-Name:FortressITX Network
  171. contact:POC-Email:network@fortressitx.com
  172. contact:POC-Phone:973-572-1070
  173. contact:Tech-Name:FortressITX Network
  174. contact:Tech-Email:network@fortressitx.com
  175. contact:Tech-Phone:973-572-1070
  176. contact:Abuse-Name:FortressITX Abuse
  177. contact:Abuse-Email:abuse@fortressitx.com
  178. contact:Abuse-Phone:973-572-1070
  179.  
  180.  
  181.  
  182. ** 46.105.131.126 ** (another IP related to the malware)
  183.  
  184. inetnum:        46.105.131.120 - 46.105.131.127
  185. netname:        marysanders1
  186. descr:          marysanders1net
  187. country:        IE
  188. org:            ORG-OH5-RIPE
  189. admin-c:        OTC9-RIPE
  190. tech-c:         OTC9-RIPE
  191. status:         ASSIGNED PA
  192. mnt-by:         OVH-MNT
  193. source:         RIPE # Filtered
  194.  
  195. organisation:   ORG-OH5-RIPE
  196. org-name:       OVH Hosting Limited
  197. org-type:       OTHER
  198. address:        5 Fitzwilliam Place
  199. address:        Dublin 2
  200. address:        Ireland
  201. abuse-mailbox:  abuse@ovh.net
  202. mnt-ref:        OVH-MNT
  203. mnt-by:         OVH-MNT
  204. source:         RIPE # Filtered
  205.  
  206. role:           OVH IE Technical Contact
  207. address:        OVH Hosting Limited
  208. address:        5 Fitzwilliam Place
  209. address:        Dublin 2
  210. address:        Ireland
  211. admin-c:        OK217-RIPE
  212. tech-c:         GM84-RIPE
  213. nic-hdl:        OTC9-RIPE
  214. abuse-mailbox:  abuse@ovh.net
  215. mnt-by:         OVH-MNT
  216. source:         RIPE # Filtered
  217.  
  218. % Information related to '46.105.0.0/16AS16276'
  219.  
  220. route:          46.105.0.0/16
  221. descr:          OVH ISP
  222. descr:          Paris, France
  223. origin:         AS16276
  224. mnt-by:         OVH-MNT
  225. source:         RIPE # Filtered
RAW Paste Data
Top