================================ #MalwareMustDie!!! BHEK2 PluginDetect 0.7.9 Infector Info Domain: hamasutra.ru =============================== //Domain Queried : hamasutra.ru //RefererCase: http://pastebin.com/raw.php?i=JLeHk54m // currently these hosts holds A records... hamasutra.ru has address 202.180.221.186 hamasutra.ru has address 203.80.16.81 hamasutra.ru has address 216.24.196.66 hamasutra.ru has address 82.165.193.26 // currently cached in DNS like this.... Tracing to hamasutra.ru[a] via a.root-servers.net., maximum of 1 retries a.root-servers.net. (198.41.0.4) |\___ a.dns.ripn.net [ru] (2001:0678:0017:0000:0193:0232:0128:0006) Not queried |\___ a.dns.ripn.net [ru] (193.232.128.6) | |\___ ns3.hamasutra.ru [hamasutra.ru] (132.248.49.112) Got authoritative answer | |\___ ns4.hamasutra.ru [hamasutra.ru] (209.51.221.247) * | |\___ ns1.hamasutra.ru [hamasutra.ru] (62.76.178.233) Got authoritative answer | \___ ns2.hamasutra.ru [hamasutra.ru] (41.168.5.140) * |\___ d.dns.ripn.net [ru] (2001:0678:0018:0000:0194:0190:0124:0017) Not queried |\___ d.dns.ripn.net [ru] (194.190.124.17) | |\___ ns1.hamasutra.ru [hamasutra.ru] (62.76.178.233) (cached) | |\___ ns2.hamasutra.ru [hamasutra.ru] (41.168.5.140) * | |\___ ns4.hamasutra.ru [hamasutra.ru] (209.51.221.247) * | \___ ns3.hamasutra.ru [hamasutra.ru] (132.248.49.112) (cached) |\___ e.dns.ripn.net [ru] (2001:0678:0015:0000:0193:0232:0142:0017) Not queried |\___ e.dns.ripn.net [ru] (193.232.142.17) | |\___ ns3.hamasutra.ru [hamasutra.ru] (132.248.49.112) (cached) | |\___ ns4.hamasutra.ru [hamasutra.ru] (209.51.221.247) * | |\___ ns1.hamasutra.ru [hamasutra.ru] (62.76.178.233) (cached) | \___ ns2.hamasutra.ru [hamasutra.ru] (41.168.5.140) * |\___ b.dns.ripn.net [ru] (2001:0678:0016:0000:0194:0085:0252:0062) Not queried |\___ b.dns.ripn.net [ru] (194.85.252.62) | |\___ ns2.hamasutra.ru [hamasutra.ru] (41.168.5.140) * | |\___ ns1.hamasutra.ru [hamasutra.ru] (62.76.178.233) (cached) | |\___ ns4.hamasutra.ru [hamasutra.ru] (209.51.221.247) * | \___ ns3.hamasutra.ru [hamasutra.ru] (132.248.49.112) (cached) |\___ f.dns.ripn.net [ru] (2001:0678:0014:0000:0193:0232:0156:0017) Not queried \___ f.dns.ripn.net [ru] (193.232.156.17) |\___ ns4.hamasutra.ru [hamasutra.ru] (209.51.221.247) * |\___ ns2.hamasutra.ru [hamasutra.ru] (41.168.5.140) * |\___ ns3.hamasutra.ru [hamasutra.ru] (132.248.49.112) (cached) \___ ns1.hamasutra.ru [hamasutra.ru] (62.76.178.233) (cached) // Want to see the whois? Not so much... domain: HAMASUTRA.RU nserver: ns1.hamasutra.ru. 62.76.178.233 nserver: ns2.hamasutra.ru. 41.168.5.140 nserver: ns3.hamasutra.ru. 132.248.49.112 nserver: ns4.hamasutra.ru. 209.51.221.247 state: REGISTERED, DELEGATED, UNVERIFIED person: Private Person registrar: NAUNET-REG-RIPN admin-contact: https://client.naunet.ru/c/whoiscontact created: 2012.11.12 paid-till: 2013.11.12 free-date: 2013.12.13 source: TCI // Unbelievable.. //see how many NS supporting this domain... ;; QUESTION SECTION: ;hamasutra.ru. IN ANY ;; ANSWER SECTION: hamasutra.ru. 45 IN A 202.180.221.186 hamasutra.ru. 45 IN A 203.80.16.81 hamasutra.ru. 45 IN A 216.24.196.66 hamasutra.ru. 45 IN A 82.165.193.26 hamasutra.ru. 45 IN NS ns8.hamasutra.ru. hamasutra.ru. 45 IN NS ns2.hamasutra.ru. hamasutra.ru. 45 IN NS ns39.hamasutra.ru. hamasutra.ru. 45 IN NS ns37.hamasutra.ru. hamasutra.ru. 45 IN NS ns40.hamasutra.ru. hamasutra.ru. 45 IN NS ns23.hamasutra.ru. hamasutra.ru. 45 IN NS ns4.hamasutra.ru. hamasutra.ru. 45 IN NS ns35.hamasutra.ru. hamasutra.ru. 45 IN NS ns10.hamasutra.ru. hamasutra.ru. 45 IN NS ns16.hamasutra.ru. hamasutra.ru. 45 IN NS ns30.hamasutra.ru. hamasutra.ru. 45 IN NS ns43.hamasutra.ru. hamasutra.ru. 45 IN NS ns12.hamasutra.ru. hamasutra.ru. 45 IN NS ns28.hamasutra.ru. hamasutra.ru. 45 IN NS ns5.hamasutra.ru. hamasutra.ru. 45 IN NS ns41.hamasutra.ru. hamasutra.ru. 45 IN NS ns13.hamasutra.ru. hamasutra.ru. 45 IN NS ns3.hamasutra.ru. hamasutra.ru. 45 IN NS ns38.hamasutra.ru. hamasutra.ru. 45 IN NS ns36.hamasutra.ru. hamasutra.ru. 45 IN NS ns25.hamasutra.ru. hamasutra.ru. 45 IN NS ns33.hamasutra.ru. hamasutra.ru. 45 IN NS ns9.hamasutra.ru. hamasutra.ru. 45 IN NS ns1.hamasutra.ru. hamasutra.ru. 45 IN NS ns6.hamasutra.ru. hamasutra.ru. 45 IN NS ns17.hamasutra.ru. hamasutra.ru. 45 IN NS ns26.hamasutra.ru. hamasutra.ru. 45 IN NS ns15.hamasutra.ru. hamasutra.ru. 45 IN NS ns29.hamasutra.ru. hamasutra.ru. 45 IN NS ns21.hamasutra.ru. hamasutra.ru. 45 IN NS ns19.hamasutra.ru. hamasutra.ru. 45 IN NS ns27.hamasutra.ru. hamasutra.ru. 45 IN NS ns31.hamasutra.ru. hamasutra.ru. 45 IN NS ns14.hamasutra.ru. hamasutra.ru. 45 IN NS ns7.hamasutra.ru. hamasutra.ru. 45 IN NS ns42.hamasutra.ru. hamasutra.ru. 45 IN NS ns22.hamasutra.ru. hamasutra.ru. 45 IN NS ns18.hamasutra.ru. hamasutra.ru. 45 IN NS ns24.hamasutra.ru. hamasutra.ru. 45 IN NS ns11.hamasutra.ru. hamasutra.ru. 45 IN NS ns20.hamasutra.ru. hamasutra.ru. 45 IN NS ns32.hamasutra.ru. hamasutra.ru. 45 IN NS ns44.hamasutra.ru. hamasutra.ru. 45 IN NS ns34.hamasutra.ru. ;; AUTHORITY SECTION: hamasutra.ru. 45 IN NS ns23.hamasutra.ru. hamasutra.ru. 45 IN NS ns9.hamasutra.ru. hamasutra.ru. 45 IN NS ns44.hamasutra.ru. hamasutra.ru. 45 IN NS ns38.hamasutra.ru. hamasutra.ru. 45 IN NS ns24.hamasutra.ru. hamasutra.ru. 45 IN NS ns13.hamasutra.ru. hamasutra.ru. 45 IN NS ns19.hamasutra.ru. hamasutra.ru. 45 IN NS ns40.hamasutra.ru. hamasutra.ru. 45 IN NS ns2.hamasutra.ru. hamasutra.ru. 45 IN NS ns39.hamasutra.ru. hamasutra.ru. 45 IN NS ns34.hamasutra.ru. hamasutra.ru. 45 IN NS ns7.hamasutra.ru. hamasutra.ru. 45 IN NS ns8.hamasutra.ru. hamasutra.ru. 45 IN NS ns28.hamasutra.ru. hamasutra.ru. 45 IN NS ns25.hamasutra.ru. hamasutra.ru. 45 IN NS ns33.hamasutra.ru. hamasutra.ru. 45 IN NS ns21.hamasutra.ru. hamasutra.ru. 45 IN NS ns32.hamasutra.ru. hamasutra.ru. 45 IN NS ns31.hamasutra.ru. hamasutra.ru. 45 IN NS ns26.hamasutra.ru. hamasutra.ru. 45 IN NS ns4.hamasutra.ru. hamasutra.ru. 45 IN NS ns6.hamasutra.ru. hamasutra.ru. 45 IN NS ns37.hamasutra.ru. hamasutra.ru. 45 IN NS ns3.hamasutra.ru. hamasutra.ru. 45 IN NS ns27.hamasutra.ru. hamasutra.ru. 45 IN NS ns43.hamasutra.ru. hamasutra.ru. 45 IN NS ns30.hamasutra.ru. hamasutra.ru. 45 IN NS ns14.hamasutra.ru. hamasutra.ru. 45 IN NS ns22.hamasutra.ru. hamasutra.ru. 45 IN NS ns11.hamasutra.ru. hamasutra.ru. 45 IN NS ns15.hamasutra.ru. hamasutra.ru. 45 IN NS ns1.hamasutra.ru. hamasutra.ru. 45 IN NS ns18.hamasutra.ru. hamasutra.ru. 45 IN NS ns29.hamasutra.ru. hamasutra.ru. 45 IN NS ns36.hamasutra.ru. hamasutra.ru. 45 IN NS ns12.hamasutra.ru. hamasutra.ru. 45 IN NS ns35.hamasutra.ru. hamasutra.ru. 45 IN NS ns20.hamasutra.ru. hamasutra.ru. 45 IN NS ns42.hamasutra.ru. hamasutra.ru. 45 IN NS ns17.hamasutra.ru. hamasutra.ru. 45 IN NS ns5.hamasutra.ru. hamasutra.ru. 45 IN NS ns16.hamasutra.ru. hamasutra.ru. 45 IN NS ns41.hamasutra.ru. hamasutra.ru. 45 IN NS ns10.hamasutra.ru. ;; ADDITIONAL SECTION: ns1.hamasutra.ru. 3585 IN A 62.76.178.233 ns2.hamasutra.ru. 3585 IN A 41.168.5.140 ns3.hamasutra.ru. 3585 IN A 132.248.49.112 ns4.hamasutra.ru. 3585 IN A 209.51.221.247 ns5.hamasutra.ru. 45 IN A 50.22.102.132 ns6.hamasutra.ru. 45 IN A 41.168.5.140 ns7.hamasutra.ru. 45 IN A 209.51.221.247 ns8.hamasutra.ru. 45 IN A 203.80.16.81 ns9.hamasutra.ru. 45 IN A 175.136.239.146 ns10.hamasutra.ru. 45 IN A 88.84.130.46 ns11.hamasutra.ru. 45 IN A 89.216.41.8 ns12.hamasutra.ru. 45 IN A 41.66.137.155 ns13.hamasutra.ru. 45 IN A 79.142.32.36 ns14.hamasutra.ru. 45 IN A 87.120.41.155 ns15.hamasutra.ru. 45 IN A 72.55.156.167 ns16.hamasutra.ru. 45 IN A 91.194.122.8 ns17.hamasutra.ru. 45 IN A 202.3.245.13 ns18.hamasutra.ru. 45 IN A 178.79.146.49 ns19.hamasutra.ru. 45 IN A 69.64.89.82 ns20.hamasutra.ru. 45 IN A 70.38.31.71 ns21.hamasutra.ru. 45 IN A 132.248.49.112 ns22.hamasutra.ru. 45 IN A 74.117.59.55 ns23.hamasutra.ru. 45 IN A 62.76.178.233 ns24.hamasutra.ru. 45 IN A 62.76.188.138 ns25.hamasutra.ru. 45 IN A 216.24.194.130 ns26.hamasutra.ru. 45 IN A 79.98.27.9 ns27.hamasutra.ru. 45 IN A 209.44.116.18 ns28.hamasutra.ru. 45 IN A 173.224.220.180 ns29.hamasutra.ru. 45 IN A 78.83.233.242 ns30.hamasutra.ru. 45 IN A 87.204.199.100 ns31.hamasutra.ru. 45 IN A 199.71.212.78 ns32.hamasutra.ru. 45 IN A 173.224.209.66 ns33.hamasutra.ru. 45 IN A 62.76.188.246 ns34.hamasutra.ru. 45 IN A 50.23.137.202 ns35.hamasutra.ru. 45 IN A 95.154.43.193 ns36.hamasutra.ru. 45 IN A 188.138.92.16 ns37.hamasutra.ru. 45 IN A 64.150.187.72 ns38.hamasutra.ru. 45 IN A 84.22.100.108 ns39.hamasutra.ru. 45 IN A 184.106.189.124 ns40.hamasutra.ru. 45 IN A 116.12.49.68 ns41.hamasutra.ru. 45 IN A 178.63.51.54 ns42.hamasutra.ru. 45 IN A 120.89.91.57 ns43.hamasutra.ru. 45 IN A 213.251.171.30 ns44.hamasutra.ru. 45 IN A 85.125.81.51 // Breakdown per IPs of the infector servers... // IP: 82.165.193.26, 202.180.221.186, 203.80.16.81, 216.24.196.66 =========================== 202.180.221.186 =========================== Country: Mongolia mn flag Latitude: 46 Longitude: 105 Type: Static inetnum: 202.180.216.0 - 202.180.223.255 netname: GNET descr: Internet Service Provider country: MN admin-c: MB272-AP tech-c: MB272-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-MN-GNET mnt-routes: MAINT-MN-GNET route: 202.180.221.0/24 descr: MN-MONGOLIA-GNET origin: AS24496 mnt-by: MAINT-MN-GNET changed: hm-changed@apnic.net 20081210 source: APNIC person: Myagmarsuren Baldorj nic-hdl: MB272-AP e-mail: myagmarsuren@gnet.mn address: Central Cultural Tower address: Sukhbaatar square-3, floor-10 address: Ulaanbaatar phone: +976-11-3333-55 fax-no: +976-11-3333-55 country: MN changed: myagmarsuren@gnet.mn 20051106 mnt-by: MAINT-NEW source: APNIC =========================== 82.165.193.26 =========================== Country: Germany de flag Latitude: 51 Longitude: 9 Type: Static inetnum: 82.165.192.0 - 82.165.199.255 netname: SCHLUND-CUSTOMERS descr: 1&1 Internet AG country: DE admin-c: IPAD-RIPE tech-c: IPOP-RIPE remarks: NCC#2004115007 remarks: in case of abuse or spam, please mailto: abuse@1und1.de status: ASSIGNED PA mnt-by: AS8560-MNT source: RIPE # Filtered Additional: '82.165.0.0/16AS8560' route: 82.165.0.0/16 descr: SCHLUND-PA-4 origin: AS8560 mnt-by: AS8560-MNT source: RIPE # Filtered =========================== 203.80.16.81 =========================== Country: Malaysia my flag Latitude: 2.5 Longitude: 112.5 Type: Static inetnum: 203.80.16.0 - 203.80.16.127 netname: MYREN-INFRA country: MY descr: MYREN Infrastructure admin-c: KK753-AP tech-c: SA286-AP status: ASSIGNED NON-PORTABLE changed: kamal@myren.net.my 20060216 mnt-by: MAINT-MY-MYREN-NET source: APNIC person: Kamal Hisham Kamaruddin nic-hdl: KK753-AP e-mail: kamal@myren.net.my address: MYREN NOC, address: 1, MDC, Jalan Teknokrat 3, address: Enterprise Building 1, address: 63000 Cyberjaya, address: MALAYSIA phone: +603-8318-5784 fax-no: +603-8318-5034 country: MY changed: kamal@myren.net.my 20051011 mnt-by: MAINT-MY-MYREN-NET changed: hm-changed@apnic.net 20051012 changed: hm-changed@apnic.net 20051018 source: APNIC person: Siti Fauziah Abu nic-hdl: SA286-AP e-mail: sitifauziah@mdc.com.my address: MSC Headquarters address: 2360 Persiaran APEC address: 63000 Cyberjaya address: Selangor phone: +60-3-8315-3234 fax-no: +60-3-8318-8511 country: MY changed: sitifauziah@mdc.com.my 20051018 mnt-by: MAINT-MY-MYREN-NET source: APNIC =========================== 203.80.16.81 =========================== Country: China cn flag State/Region: Beijing City: Beijing Latitude: 39.9289 Longitude: 116.3883 Type: Static NetRange: 216.24.192.0 - 216.24.207.255 CIDR: 216.24.192.0/20 OriginAS: NetName: PSYCHZ-NETWORKS NetHandle: NET-216-24-192-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation RegDate: 2010-10-14 Updated: 2012-02-24 Ref: http://whois.arin.net/rest/net/NET-216-24-192-0-1 OrgName: Psychz Networks OrgId: PSL-86 Address: 20687-2 Amar Rd. #312 City: Walnut StateProv: CA PostalCode: 91789 Country: US RegDate: 2008-02-20 Updated: 2012-11-19 Ref: http://whois.arin.net/rest/org/PSL-86 ReferralServer: rwhois://rwhois.psychz.net:4321 ---- #MalwareMustDie @unixfreaxjp ~]$ date Thu Nov 22 18:17:29 JST 2012