Advertisement
Guest User

Styx EK installing Simda @ eternal-todo.com: Domain/IP info

a guest
Oct 20th, 2013
1,705
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.08 KB | None | 0 0
  1. Initial domains:
  2.  
  3. 178.170.104.124
  4. actes-lyon.org
  5. aybabtu.ru
  6. brave.net.nz
  7. goozix.com
  8. gylaqim.com
  9. healthpharmacydrug.in
  10. moniwild.sakura.ne.jp
  11. rodinr.511.com1.ru
  12. rxtreatments.ru
  13. southeasterntrains-fail.com
  14. toys-store.net
  15. webhydro.com
  16. www.sweetscape.com
  17.  
  18. Styx domains:
  19.  
  20. www1.l5yhg95szx7k42.usa.cc
  21. www1.o-6vuo7jzwff5fv.usa.cc
  22. www1.qejt8wkvxre5a98.usa.cc
  23. www1.xjfvtg6bagx8.usa.cc
  24. www1.yi4f59df9s509dmg7.usa.cc
  25. www2.lmm3jn8un9e0t3.mohamed.me
  26. www2.pz16hdco9zmw1.mohamed.me
  27. www3.ad63gyomll2jo237-1.usa.cc
  28. www3.ev2okgoe5o6.usa.cc
  29. www3.x1ediwc0h9zrdzaud.4pu.com
  30. www3.x-8hlldq1w50.usa.cc
  31. www3.y-83m4wjpzlx6.usa.cc
  32.  
  33. Binary IPs:
  34.  
  35. 212.117.176.187
  36. 79.133.196.94
  37. 69.57.173.222
  38. 46.105.131.126
  39.  
  40. Binary IPs whois info:
  41.  
  42. ** 212.117.176.187 **
  43.  
  44. inetnum: 212.117.176.0 - 212.117.190.255
  45. netname: SERVER-NETWORK
  46. descr: root SA
  47. country: LU
  48. admin-c: AB99-RIPE
  49. tech-c: RE655-RIPE
  50. status: ASSIGNED PA
  51. mnt-by: ROOT-MNT
  52. source: RIPE # Filtered
  53.  
  54. role: root eSolutions
  55. address: 35, rue John F. Kennedy
  56. address: 7327 Steinsel
  57. address: Luxembourg
  58. phone: +352 20.500
  59. fax-no: +352 20.500.500
  60. abuse-mailbox: abuse@as5577.net
  61. remarks:
  62. remarks: +------------------------------------+
  63. remarks: | Operational Issues: |
  64. remarks: | noc@as5577.net |
  65. remarks: +------------------------------------+
  66. remarks: | Abuse and Spam: |
  67. remarks: | abuse@as5577.net |
  68. remarks: +------------------------------------+
  69. remarks:
  70. admin-c: RE655-RIPE
  71. tech-c: AB99-RIPE
  72. nic-hdl: RE655-RIPE
  73. mnt-by: ROOT-MNT
  74. source: RIPE # Filtered
  75.  
  76. person: Andy BIERLAIR
  77. address: root SA
  78. address: 35, rue John F. Kennedy
  79. address: 7327 Steinsel
  80. address: Luxembourg
  81. phone: +352 20.500
  82. fax-no: +352 20.500.500
  83. nic-hdl: AB99-RIPE
  84. mnt-by: ROOT-MNT
  85. remarks:
  86. remarks: +------------------------------------+
  87. remarks: | I did *NOT* spam your mailbox! |
  88. remarks: | I will *NOT* reply to abuse mails! |
  89. remarks: | |
  90. remarks: | Please contact abuse@as5577.net ! |
  91. remarks: +------------------------------------+
  92. remarks:
  93. source: RIPE # Filtered
  94.  
  95. % Information related to '212.117.160.0/19AS5577'
  96.  
  97. route: 212.117.160.0/19
  98. descr: root SA
  99. origin: AS5577
  100. mnt-by: ROOT-MNT
  101. source: RIPE # Filtered
  102.  
  103.  
  104. ** 79.133.196.94 **
  105.  
  106. inetnum: 79.133.196.80 - 79.133.196.95
  107. netname: HOSTLAB-NET
  108. descr: eTOP http://www.etop.pl
  109. country: PL
  110. admin-c: ETOP1-RIPE
  111. tech-c: ETOP1-RIPE
  112. status: ASSIGNED PA
  113. mnt-by: ETOP-MNT
  114. source: RIPE # Filtered
  115.  
  116. role: eTOP RIPE Administrators
  117. address: eTOP Sp. z o.o.
  118. address: Al.Jerozolimskie 200
  119. address: 02-222 Warsaw
  120. address: Poland
  121. phone: +48 22 5780100
  122. fax-no: +48 22 5780101
  123. remarks: from fixed network in Poland dial 0801 081 221
  124. remarks: trouble: Information and questions: mailto:etop@etop.pl
  125. remarks: trouble: Abuse and bug reports: mailto:abuse@etop.pl
  126. admin-c: KO1097-RIPE
  127. admin-c: MICB1-RIPE
  128. admin-c: AGA444-RIPE
  129. tech-c: KO1097-RIPE
  130. tech-c: MICB1-RIPE
  131. tech-c: AGA444-RIPE
  132. nic-hdl: ETOP1-RIPE
  133. mnt-by: ETOP-MNT
  134. source: RIPE # Filtered
  135. abuse-mailbox: abuse@etop.pl
  136.  
  137. % Information related to '79.133.192.0/19AS20853'
  138.  
  139. route: 79.133.192.0/19
  140. descr: eTOP NET
  141. origin: AS20853
  142. mnt-by: ETOP-MNT
  143. source: RIPE # Filtered
  144.  
  145.  
  146.  
  147. ** 69.57.173.222 **
  148.  
  149.  
  150. %rwhois V-1.0,V-1.5:00090h:00 my.dedicatednow.com (Ubersmith RWhois
  151. Server V-2.3.0)
  152. autharea=69.57.173.0/24
  153. xautharea=69.57.173.0/24
  154. network:Class-Name:network
  155. network:Auth-Area:69.57.173.0/24
  156. network:ID:NET-3225.69.57.173.216/29
  157. network:Network-Name:69.57.173.216/29
  158. network:IP-Network:69.57.173.216/29
  159. network:IP-Network-Block:69.57.173.216 - 69.57.173.223
  160. network:Org-Name:ISCP SIA
  161. network:Street-Address:Lubanas iela 121-37
  162. network:City:Riga
  163. network:State:Tortolla
  164. network:Postal-Code:VG 1110
  165. network:Country-Code:LV
  166. network:Tech-Contact:MAINT-3225.69.57.173.216/29
  167. network:Created:20100915020908000
  168. network:Updated:20100915020908000
  169. network:Updated-By:network@fortressitx.com
  170. contact:POC-Name:FortressITX Network
  171. contact:POC-Email:network@fortressitx.com
  172. contact:POC-Phone:973-572-1070
  173. contact:Tech-Name:FortressITX Network
  174. contact:Tech-Email:network@fortressitx.com
  175. contact:Tech-Phone:973-572-1070
  176. contact:Abuse-Name:FortressITX Abuse
  177. contact:Abuse-Email:abuse@fortressitx.com
  178. contact:Abuse-Phone:973-572-1070
  179.  
  180.  
  181.  
  182. ** 46.105.131.126 ** (another IP related to the malware)
  183.  
  184. inetnum: 46.105.131.120 - 46.105.131.127
  185. netname: marysanders1
  186. descr: marysanders1net
  187. country: IE
  188. org: ORG-OH5-RIPE
  189. admin-c: OTC9-RIPE
  190. tech-c: OTC9-RIPE
  191. status: ASSIGNED PA
  192. mnt-by: OVH-MNT
  193. source: RIPE # Filtered
  194.  
  195. organisation: ORG-OH5-RIPE
  196. org-name: OVH Hosting Limited
  197. org-type: OTHER
  198. address: 5 Fitzwilliam Place
  199. address: Dublin 2
  200. address: Ireland
  201. abuse-mailbox: abuse@ovh.net
  202. mnt-ref: OVH-MNT
  203. mnt-by: OVH-MNT
  204. source: RIPE # Filtered
  205.  
  206. role: OVH IE Technical Contact
  207. address: OVH Hosting Limited
  208. address: 5 Fitzwilliam Place
  209. address: Dublin 2
  210. address: Ireland
  211. admin-c: OK217-RIPE
  212. tech-c: GM84-RIPE
  213. nic-hdl: OTC9-RIPE
  214. abuse-mailbox: abuse@ovh.net
  215. mnt-by: OVH-MNT
  216. source: RIPE # Filtered
  217.  
  218. % Information related to '46.105.0.0/16AS16276'
  219.  
  220. route: 46.105.0.0/16
  221. descr: OVH ISP
  222. descr: Paris, France
  223. origin: AS16276
  224. mnt-by: OVH-MNT
  225. source: RIPE # Filtered
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement