Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ===============================================
- #MalwareMustDie! Fri Dec 21 22:25:12 JST 2012
- Updated: Sat Dec 22 23:59 JST 2012
- Three russian (.RU) domains malware infectors EK,
- ===============================================
- Domains: afjdoospf.ru, akionokao.ru, apendiksator.ru
- Proxies: nginx/1.0.10 proxies Port 8080
- Server: Apache/2.2.16 (Debian) Server
- PHP/5.3.18-1~dotdeb.0
- Exploit Kit: BlackHole EK v.2.x
- Active IP's & domains:
- afjdoospf.ru A 210.71.250.131
- akionokao.ru A 210.71.250.131
- apendiksator.ru A 210.71.250.131
- bilainkos.ru A 210.71.250.131
- afjdoospf.ru A 91.224.135.20
- akionokao.ru A 91.224.135.20
- apendiksator.ru A 91.224.135.20
- bilainkos.ru A 91.224.135.20
- afjdoospf.ru A 187.85.160.106
- akionokao.ru A 187.85.160.106
- apendiksator.ru A 187.85.160.106
- bilainkos.ru A 187.85.160.106
- // connections PoC:
- --2012-12-21 22:07:45--
- Resolving akionokao.ru (akionokao.ru)... 210.71.250.131, 91.224.135.20, 187.85.160.106
- Caching akionokao.ru => 210.71.250.131 91.224.135.20 187.85.160.106
- Connecting to akionokao.ru (akionokao.ru)|210.71.250.131|:8080... connected.
- Caching apendiksator.ru => 210.71.250.131 91.224.135.20 187.85.160.106
- Connecting to apendiksator.ru (apendiksator.ru)|210.71.250.131|:8080... connected.
- Caching afjdoospf.ru => 210.71.250.131 91.224.135.20 187.85.160.106
- Connecting to afjdoospf.ru (afjdoospf.ru)|210.71.250.131|:8080... connected.
- Resolving bilainkos.ru (bilainkos.ru)... 210.71.250.131, 187.85.160.106, 91.224.135.20
- Connecting to bilainkos.ru (bilainkos.ru)|210.71.250.131|:8080... connected.
- // DNS Servers used:
- ASN |Prefix |ASName | CN | Domain | ISP of an IP Address
- ----------------------------------------------------------
- 57010 | 62.76.184.0/21 | CLODO | RU | NIC.RU | ROSNIIROS RUSSIAN INSTITUTE PUBLIC NETWORKS
- 45629 | 110.164.0.0/17 | JASTEL | TH | 3BB.CO.TH | 3BB BROADBAND ISP THAILAND
- 37963 | 42.121.0.0/16 | ALIBAB | CN | ALIYUN.COM | CNNIC-ALIBABA-CN-NET - ALIYUN COMPUTING
- 36937 | 41.168.0.0/16 | Neotel | ZA | NEOTELZA.NET | NEOTEL PTY LTD
- //Evil NS Listed for this infector group:
- 3165 IN A 62.76.186.24
- 3165 IN A 110.164.58.250
- 3165 IN A 42.121.116.38
- 3165 IN A 41.168.5.140
- 60 IN A 110.164.58.250
- 60 IN A 41.168.5.140
- 60 IN A 62.76.186.24
- 60 IN A 209.51.221.247
- 60 IN A 163.10.12.83
- 60 IN A 216.99.149.226
- 60 IN A 208.87.243.196
- 60 IN A 203.146.208.180
- 60 IN A 74.117.61.66
- //WHOIS:
- domain: AKIONOKAO.RU
- nserver: ns1.akionokao.ru. 62.76.186.24
- nserver: ns2.akionokao.ru. 110.164.58.250
- nserver: ns3.akionokao.ru. 42.121.116.38
- nserver: ns4.akionokao.ru. 41.168.5.140
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- domain: AFJDOOSPF.RU
- nserver: ns1.afjdoospf.ru. 62.76.186.24
- nserver: ns2.afjdoospf.ru. 110.164.58.250
- nserver: ns3.afjdoospf.ru. 42.121.116.38
- nserver: ns4.afjdoospf.ru. 41.168.5.140
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- domain: APENDIKSATOR.RU
- nserver: ns1.apendiksator.ru. 62.76.186.24
- nserver: ns2.apendiksator.ru. 110.164.58.250
- nserver: ns3.apendiksator.ru. 42.121.116.38
- nserver: ns4.apendiksator.ru. 41.168.5.140
- state: REGISTERED, NOT DELEGATED, UNVERIFIED
- person: Private Person
- domain: BILAINKOS.RU <NEW!!
- nserver: ns1.bilainkos.ru. 62.76.186.24
- nserver: ns2.bilainkos.ru. 110.164.58.250
- nserver: ns3.bilainkos.ru. 42.121.116.38
- nserver: ns4.bilainkos.ru. 41.168.5.140
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- // Shut these IP / Service down!
- // #MalwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement