API tools faq
paste
Advertisement
MalwareMustDie

#MalwareMustDie - NAUNET.RU Affiliated Malware RU Domains

MalwareMustDie
Mar 2nd, 2013
1,829
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 21.40 KB | None | 0 0
raw download clone embed print report
  1. # MalwareMustDie! @unixfreaxjp /malware]$ date
  2. # Sat Mar 16 11:42:00 JST 2013
  3.  
  4. // The update data of the BHEK domains served PWS Under registrar NAUNET.RU
  5. // Case: http://malwaremustdie.blogspot.jp/2013/02/bhek-cridex-combo-with-ransomware.html
  6. // Case: http://malwaremustdie.blogspot.com/2013/03/ru8080columnphp-hey-stealer-what-do-you.html
  7. // Case: http://unixfreaxjp.blogspot.jp/2013/03/ocjp-094-117104150170-oirase.html
  8. // Rgx: http://goo.gl/KvD2q
  9. // Status: The CRIME still goes on...
  10.  
  11. // CURRENT "Active" infection source (BHEK2/Cridex PWS Stealer)
  12. // under monitoring..
  13.  
  14. gulivaerinf.ru, 188.165.202.204...
  15.  
  16. // Previous data (Sat Mar 16 00:18:08 JST 2013)
  17. gilaogbaos.ru, 213.215.240.24, 50.22.0.2, 188.165.202.204
  18. gimiinfinfal.ru, 213.215.240.24, 50.22.0.2, 188.165.202.204
  19. guioahgl.ru, 213.215.240.24, 50.22.0.2, 188.165.202.204
  20.  
  21. // Previous data (Thu Mar 14 01:46:10 JST 2013) // same IP == no dismantle effort..
  22. gimiiiank.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  23. giminaaaao.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  24. giimiiifo.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  25.  
  26. // Previous data (Wed Mar 13 01:22:54 JST 2013) additional IP 213.215.240.24, 93.174.138.48
  27. gimihaloook.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  28. giminkfjol.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  29. giliaonso.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  30.  
  31. // OLD "ComeBacks" domains infection source (Wed Mar 13 01:22:54 JST 2013)
  32. forumny.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  33. forum-ny.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  34. forumla.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  35. forum-la.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  36. foruminanki.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  37. forumilllionois.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
  38.  
  39. // Previous data (Mon Mar 11 10:10:22 JST 2013)
  40. giminkfjol.ru, 66.249.23.64 , 94.102.14.239, 5.9.40.136
  41. giminanvok.ru, 66.249.23.64 , 94.102.14.239, 5.9.40.136
  42. gimikalno.ru, 66.249.23.64 , 94.102.14.239, 5.9.40.136
  43. giliaonso.ru, 5.9.40.136, 66.249.23.64, 94.102.14.239,
  44. forum-la.ru,5.9.40.136, 66.249.23.64, 94.102.14.239,
  45. forumla.ru,94.102.14.239, 5.9.40.136, 66.249.23.64,
  46. forumny.ru,5.9.40.136, 66.249.23.64, 94.102.14.239,
  47. forum-ny.ru,94.102.14.239, 5.9.40.136, 66.249.23.64,
  48. forumilllionois.ru,5.9.40.136, 66.249.23.64, 94.102.14.239,
  49. foruminanki.ru,5.9.40.136, 66.249.23.64, 94.102.14.239,
  50.  
  51. // huge changes in IP (Mon Mar 11 10:10:22 JST 2013)
  52. 117.104.150.170 (cleaned up), 41.72.150.100(stopped), 212.180.176.4(stopped)
  53. // why stopped?
  54.  
  55. // Previous data (Mon Mar 11 10:10:22 JST 2013)
  56. guuderia.ru 117.104.150.170, 41.72.150.100, 212.180.176.4 (a comeback IP)
  57. ginagion.ru 117.104.150.170, 41.72.150.100, 212.180.176.4 (a comeback IP)
  58. gimilako.ru 117.104.150.170, 41.72.150.100, 212.180.176.4 (a comeback IP)
  59. giminalso.ru 117.104.150.170, 41.72.150.100, 212.180.176.4 (a comeback IP)
  60.  
  61. // Previous data (Thu Mar 7 15:10:52 JST 2013) // 212.180.176.4 disappeared
  62. gimalayad.ru 117.104.150.170, 41.72.150.100
  63. ginagion.ru 117.104.150.170, 41.72.150.100
  64. giliaonso.ru 117.104.150.170, 41.72.150.100
  65. // additional: PoC at 117.104.150.170 http://unixfreaxjp.blogspot.jp/2013/03/ocjp-094-117104150170-oirase.html
  66.  
  67. // Previous (Tue Mar 5 23:58:48 2013)
  68. ginagion.ru, 212.180.176.4, 117.104.150.170, 41.72.150.100 (changed IP addresses detected)
  69. gosbfosod.ru, 212.180.176.4, 117.104.150.170, 210.71.250.131
  70. giliaonso.ru, 212.180.176.4, 117.104.150.170, 210.71.250.131 (changed IP addresses detected)
  71.  
  72. // MalwareMustDie shutdown 46.4.77.145, 198.104.62.49 (Tue Mar 5 05:58:48 2013)
  73.  
  74. // Previous (Tue Mar 6 00:46:00 JST 2013) monitoring result:
  75. giliaonso.ru, 198.104.62.49, 210.71.250.131, 46.4.77.145
  76. forumkianko.ru, 198.104.62.49, 210.71.250.131, 46.4.77.145
  77.  
  78. // Previous (Tue Mar 5 15:44:10 JST 2013) monitoring result:
  79. // detected 6(six) active domains:
  80. forumny.ru, 210.71.250.131, 198.104.62.49,
  81. forum-ny.ru, 210.71.250.131, 198.104.62.49,
  82. forumla.ru, 210.71.250.131, 198.104.62.49,
  83. forum-la.ru, 210.71.250.131, 198.104.62.49,
  84. foruminanki.ru, 210.71.250.131, 198.104.62.49,
  85. forumilllionois.ru,210.71.250.131, 198.104.62.49,
  86.  
  87. // Previous (Sat Mar 2 17:09:05 JST 2013) monitoring result:
  88. foruminanki.ru 210.71.250.131, 50.31.1.104, 66.249.23.64, // peviously detected IP...
  89. forumilllionois.ru 50.31.1.104, 66.249.23.64, 210.71.250.131, // peviously detected IP...
  90. forumnywrk.ru,,
  91. forumligandaz.ru,,
  92. forummersedec.ru,,
  93. forumkinza.ru,,
  94. forummoskowciti.ru,,
  95. forumrogario.ru,,
  96. forumbmwr.ru,,
  97. forumligandaz.ru,,
  98. forumvvz.ru,,
  99. forumusaaa.ru,,
  100. forumny.ru
  101. :
  102. fzukungda.ru,,
  103. famagatra.ru,,
  104. fuigadosi.ru,,
  105. filialkas.ru,,
  106. finalions.ru,,
  107. :
  108. emmmhhh.ru,,
  109. ejjiipprr.ru,,
  110. eiiiioovvv.ru,,
  111. errriiiijjjj.ru,,
  112. :
  113.  
  114. // Current to Historical Infector IP used...
  115. 213.215.240.24
  116. 50.22.0.2
  117. 188.165.202.204
  118. 213.215.240.24 (cleaned-up)
  119. 93.174.138.48 (cleaned-up)
  120. 94.102.14.239 (cleaned-up)
  121. 66.249.23.64 (cleaned-up)
  122. 5.9.40.136 (cleaned-up)
  123. 41.72.150.100, (cleaned)
  124. 212.180.176.4, (cleaned)
  125. 117.104.150.170, (killed)
  126. 46.4.77.145 (killed)
  127. 198.104.62.49 (killed)
  128. 210.71.250.131 (killed)
  129. 50.31.1.104 (killed)
  130. 66.249.23.64 (killed)
  131. 31.200.240.153 (killed)
  132. 83.169.41.58 (killed)
  133. 78.158.28.12 (killed)
  134. 84.23.66.74 (killed)
  135. 122.160.168.219 (killed)
  136. 87.120.40.168 (killed)
  137. :
  138.  
  139. // Current Status ACTIVE domain registration:
  140. // All registration domains released by NAUNET.RU < Utilized? Affiliated? STOP THIS ACT!!
  141.  
  142. @unixfreaxjp ~]$ date
  143. Thu Mar 8 02:10:02 JST 2013
  144.  
  145. guuderia.ru //lookup
  146. primary name server = ns1.guuderia.ru
  147. responsible mail addr = root.guuderia.ru
  148. serial = 2012010101
  149. refresh = 604800 (7 days)
  150. retry = 1800 (30 mins)
  151. expire = 1800 (30 mins)
  152. default TTL = 60 (1 min)
  153. guuderia.ru internet address = 212.180.176.4
  154. guuderia.ru internet address = 41.72.150.100
  155. guuderia.ru internet address = 117.104.150.170
  156. guuderia.ru nameserver = ns2.guuderia.ru
  157. guuderia.ru nameserver = ns5.guuderia.ru
  158. guuderia.ru nameserver = ns9.guuderia.ru
  159. guuderia.ru nameserver = ns1.guuderia.ru
  160. guuderia.ru nameserver = ns6.guuderia.ru
  161. guuderia.ru nameserver = ns8.guuderia.ru
  162. guuderia.ru nameserver = ns4.guuderia.ru
  163. guuderia.ru nameserver = ns3.guuderia.ru
  164. guuderia.ru nameserver = ns10.guuderia.ru
  165. guuderia.ru nameserver = ns7.guuderia.ru
  166.  
  167. domain: GUUDERIA.RU // whois
  168. nserver: ns1.guuderia.ru. 41.168.5.140
  169. nserver: ns2.guuderia.ru. 110.164.58.250
  170. nserver: ns3.guuderia.ru. 210.71.250.131
  171. nserver: ns4.guuderia.ru. 194.249.217.8
  172. nserver: ns5.guuderia.ru. 72.251.206.90
  173. state: REGISTERED, DELEGATED, UNVERIFIED
  174. person: Private Person
  175. registrar: NAUNET-REG-RIPN
  176. admin-contact: https://client.naunet.ru/c/whoiscontact
  177. created: 2013.03.03
  178. paid-till: 2014.03.03
  179. free-date: 2014.04.03
  180. source: TCI
  181. Last updated on 2013.03.07 21:56:36 MSK
  182.  
  183. gimalayad.ru //lookup
  184. primary name server = ns1.gimalayad.ru
  185. responsible mail addr = root.gimalayad.ru
  186. serial = 2012010101
  187. refresh = 604800 (7 days)
  188. retry = 1800 (30 mins)
  189. expire = 1800 (30 mins)
  190. default TTL = 60 (1 min)
  191. gimalayad.ru nameserver = ns1.gimalayad.ru
  192. gimalayad.ru nameserver = ns9.gimalayad.ru
  193. gimalayad.ru nameserver = ns3.gimalayad.ru
  194. gimalayad.ru nameserver = ns5.gimalayad.ru
  195. gimalayad.ru nameserver = ns10.gimalayad.ru
  196. gimalayad.ru nameserver = ns4.gimalayad.ru
  197. gimalayad.ru nameserver = ns8.gimalayad.ru
  198. gimalayad.ru nameserver = ns7.gimalayad.ru
  199. gimalayad.ru nameserver = ns2.gimalayad.ru
  200. gimalayad.ru nameserver = ns6.gimalayad.ru
  201. gimalayad.ru internet address = 41.72.150.100
  202. gimalayad.ru internet address = 117.104.150.170
  203.  
  204. domain: GIMALAYAD.RU //whois
  205. nserver: ns1.gimalayad.ru. 41.168.5.140
  206. nserver: ns2.gimalayad.ru. 110.164.58.250
  207. nserver: ns3.gimalayad.ru. 210.71.250.131
  208. nserver: ns4.gimalayad.ru. 194.249.217.8
  209. nserver: ns5.gimalayad.ru. 72.251.206.90
  210. state: REGISTERED, DELEGATED, UNVERIFIED
  211. person: Private Person
  212. registrar: NAUNET-REG-RIPN
  213. admin-contact: https://client.naunet.ru/c/whoiscontact
  214. created: 2013.03.03
  215. paid-till: 2014.03.03
  216. free-date: 2014.04.03
  217. source: TCI
  218. Last updated on 2013.03.07 10:11:35 MSK
  219.  
  220. ginagion.ru
  221. primary name server = ns1.ginagion.ru
  222. responsible mail addr = root.ginagion.ru
  223. serial = 2012010101
  224. refresh = 604800 (7 days)
  225. retry = 1800 (30 mins)
  226. expire = 1800 (30 mins)
  227. default TTL = 60 (1 min)
  228. ginagion.ru nameserver = ns1.ginagion.ru
  229. ginagion.ru nameserver = ns7.ginagion.ru
  230. ginagion.ru nameserver = ns6.ginagion.ru
  231. ginagion.ru nameserver = ns4.ginagion.ru
  232. ginagion.ru nameserver = ns5.ginagion.ru
  233. ginagion.ru nameserver = ns2.ginagion.ru
  234. ginagion.ru nameserver = ns9.ginagion.ru
  235. ginagion.ru nameserver = ns10.ginagion.ru
  236. ginagion.ru nameserver = ns8.ginagion.ru
  237. ginagion.ru nameserver = ns3.ginagion.ru
  238.  
  239. domain: GINAGION.RU
  240. nserver: ns1.ginagion.ru. 41.168.5.140
  241. nserver: ns2.ginagion.ru. 110.164.58.250
  242. nserver: ns3.ginagion.ru. 210.71.250.131
  243. nserver: ns4.ginagion.ru. 194.249.217.8
  244. nserver: ns5.ginagion.ru. 72.251.206.90
  245. state: REGISTERED, DELEGATED, UNVERIFIED
  246. person: Private Person
  247. registrar: NAUNET-REG-RIPN
  248. admin-contact: https://client.naunet.ru/c/whoiscontact
  249. created: 2013.03.03
  250. paid-till: 2014.03.03
  251. free-date: 2014.04.03
  252. source: TCI
  253. Last updated on 2013.03.06 19:31:39 MSK
  254.  
  255. gosbfosod.ru
  256. primary name server = ns1.gosbfosod.ru
  257. responsible mail addr = root.gosbfosod.ru
  258. serial = 2012010101
  259. refresh = 604800 (7 days)
  260. retry = 1800 (30 mins)
  261. expire = 1800 (30 mins)
  262. default TTL = 60 (1 min)
  263. gosbfosod.ru nameserver = ns4.gosbfosod.ru
  264. gosbfosod.ru nameserver = ns10.gosbfosod.ru
  265. gosbfosod.ru nameserver = ns3.gosbfosod.ru
  266. gosbfosod.ru nameserver = ns1.gosbfosod.ru
  267. gosbfosod.ru nameserver = ns2.gosbfosod.ru
  268. gosbfosod.ru nameserver = ns6.gosbfosod.ru
  269. gosbfosod.ru nameserver = ns7.gosbfosod.ru
  270. gosbfosod.ru nameserver = ns8.gosbfosod.ru
  271. gosbfosod.ru nameserver = ns9.gosbfosod.ru
  272. gosbfosod.ru nameserver = ns5.gosbfosod.ru
  273. gosbfosod.ru internet address = 212.180.176.4
  274. gosbfosod.ru internet address = 117.104.150.170
  275. gosbfosod.ru internet address = 210.71.250.131
  276.  
  277. domain: GOSBFOSOD.RU
  278. nserver: ns1.gosbfosod.ru. 41.168.5.140
  279. nserver: ns2.gosbfosod.ru. 110.164.58.250
  280. nserver: ns3.gosbfosod.ru. 210.71.250.131
  281. nserver: ns4.gosbfosod.ru. 194.249.217.8
  282. nserver: ns5.gosbfosod.ru. 72.251.206.90
  283. state: REGISTERED, DELEGATED, UNVERIFIED
  284. person: Private Person
  285. registrar: NAUNET-REG-RIPN <============ This registrar keep on allowing new malware domain!!!
  286. admin-contact: https://client.naunet.ru/c/whoiscontact
  287. created: 2013.03.03
  288. paid-till: 2014.03.03
  289. free-date: 2014.04.03
  290. source: TCI
  291. Last updated on 2013.03.06 10:06:37 MSK
  292.  
  293. giliaonso.ru
  294. primary name server = ns1.giliaonso.ru
  295. responsible mail addr = root.giliaonso.ru
  296. serial = 2012010101
  297. refresh = 604800 (7 days)
  298. retry = 1800 (30 mins)
  299. expire = 1800 (30 mins)
  300. default TTL = 60 (1 min)
  301. giliaonso.ru nameserver = ns4.giliaonso.ru
  302. giliaonso.ru nameserver = ns3.giliaonso.ru
  303. giliaonso.ru nameserver = ns8.giliaonso.ru
  304. giliaonso.ru nameserver = ns7.giliaonso.ru
  305. giliaonso.ru nameserver = ns5.giliaonso.ru
  306. giliaonso.ru nameserver = ns2.giliaonso.ru
  307. giliaonso.ru nameserver = ns1.giliaonso.ru
  308. giliaonso.ru nameserver = ns10.giliaonso.ru
  309. giliaonso.ru nameserver = ns6.giliaonso.ru
  310. giliaonso.ru nameserver = ns9.giliaonso.ru
  311. giliaonso.ru internet address = 212.180.176.4
  312. giliaonso.ru internet address = 117.104.150.170
  313. giliaonso.ru internet address = 210.71.250.131
  314.  
  315. domain: GILIAONSO.RU
  316. nserver: ns1.giliaonso.ru. 41.168.5.140
  317. nserver: ns2.giliaonso.ru. 110.164.58.250
  318. nserver: ns3.giliaonso.ru. 210.71.250.131
  319. nserver: ns4.giliaonso.ru. 194.249.217.8
  320. nserver: ns5.giliaonso.ru. 72.251.206.90
  321. state: REGISTERED, DELEGATED, UNVERIFIED
  322. person: Private Person
  323. registrar: NAUNET-REG-RIPN <============ This registrar keep on allowing new malware domain!!!
  324. admin-contact: https://client.naunet.ru/c/whoiscontact
  325. created: 2013.03.03
  326. paid-till: 2014.03.03
  327. free-date: 2014.04.03
  328. source: TCI
  329. Last updated on 2013.03.06 10:06:37 MSK
  330.  
  331. // previous records....
  332.  
  333. forumny.ru
  334. primary name server = ns1.forumny.ru
  335. responsible mail addr = root.forumny.ru
  336. serial = 2012010101
  337. refresh = 604800 (7 days)
  338. retry = 1800 (30 mins)
  339. expire = 1800 (30 mins)
  340. default TTL = 60 (1 min)
  341. forumny.ru nameserver = ns10.forumny.ru
  342. forumny.ru nameserver = ns5.forumny.ru
  343. forumny.ru nameserver = ns6.forumny.ru
  344. forumny.ru nameserver = ns9.forumny.ru
  345. forumny.ru nameserver = ns8.forumny.ru
  346. forumny.ru nameserver = ns1.forumny.ru
  347. forumny.ru nameserver = ns3.forumny.ru
  348. forumny.ru nameserver = ns7.forumny.ru
  349. forumny.ru nameserver = ns4.forumny.ru
  350. forumny.ru nameserver = ns2.forumny.ru
  351. forumny.ru internet address = 198.104.62.49
  352. forumny.ru internet address = 210.71.250.131
  353.  
  354. domain: FORUMNY.RU
  355. nserver: ns1.forumny.ru. 41.168.5.140
  356. nserver: ns2.forumny.ru. 110.164.58.250
  357. nserver: ns3.forumny.ru. 210.71.250.131
  358. nserver: ns4.forumny.ru. 203.171.234.53
  359. nserver: ns5.forumny.ru. 194.249.217.8
  360. state: REGISTERED, DELEGATED, UNVERIFIED
  361. person: Private Person
  362. registrar: NAUNET-REG-RIPN
  363. admin-contact: https://client.naunet.ru/c/whoiscontact
  364. created: 2013.02.24
  365. paid-till: 2014.02.24
  366. free-date: 2014.03.27
  367. source: TCI
  368. Last updated on 2013.03.05 11:06:36 MSK
  369.  
  370. forum-ny.ru
  371. primary name server = ns1.forum-ny.ru
  372. responsible mail addr = root.forum-ny.ru
  373. serial = 2012010101
  374. refresh = 604800 (7 days)
  375. retry = 1800 (30 mins)
  376. expire = 1800 (30 mins)
  377. default TTL = 60 (1 min)
  378. forum-ny.ru nameserver = ns1.forum-ny.ru
  379. forum-ny.ru nameserver = ns3.forum-ny.ru
  380. forum-ny.ru nameserver = ns6.forum-ny.ru
  381. forum-ny.ru nameserver = ns8.forum-ny.ru
  382. forum-ny.ru nameserver = ns5.forum-ny.ru
  383. forum-ny.ru nameserver = ns7.forum-ny.ru
  384. forum-ny.ru nameserver = ns2.forum-ny.ru
  385. forum-ny.ru nameserver = ns10.forum-ny.ru
  386. forum-ny.ru nameserver = ns9.forum-ny.ru
  387. forum-ny.ru nameserver = ns4.forum-ny.ru
  388. forum-ny.ru internet address = 198.104.62.49
  389. forum-ny.ru internet address = 210.71.250.131
  390.  
  391. domain: FORUM-NY.RU
  392. nserver: ns1.forum-ny.ru. 41.168.5.140
  393. nserver: ns2.forum-ny.ru. 110.164.58.250
  394. nserver: ns3.forum-ny.ru. 210.71.250.131
  395. nserver: ns4.forum-ny.ru. 203.171.234.53
  396. nserver: ns5.forum-ny.ru. 194.249.217.8
  397. state: REGISTERED, DELEGATED, UNVERIFIED
  398. person: Private Person
  399. registrar: NAUNET-REG-RIPN
  400. admin-contact: https://client.naunet.ru/c/whoiscontact
  401. created: 2013.02.24
  402. paid-till: 2014.02.24
  403. free-date: 2014.03.27
  404. source: TCI
  405. Last updated on 2013.03.05 11:06:36 MSK
  406.  
  407. forumla.ru
  408. primary name server = ns1.forumla.ru
  409. responsible mail addr = root.forumla.ru
  410. serial = 2012010101
  411. refresh = 604800 (7 days)
  412. retry = 1800 (30 mins)
  413. expire = 1800 (30 mins)
  414. default TTL = 60 (1 min)
  415. forumla.ru nameserver = ns9.forumla.ru
  416. forumla.ru nameserver = ns4.forumla.ru
  417. forumla.ru nameserver = ns1.forumla.ru
  418. forumla.ru nameserver = ns5.forumla.ru
  419. forumla.ru nameserver = ns3.forumla.ru
  420. forumla.ru nameserver = ns8.forumla.ru
  421. forumla.ru nameserver = ns2.forumla.ru
  422. forumla.ru nameserver = ns7.forumla.ru
  423. forumla.ru nameserver = ns10.forumla.ru
  424. forumla.ru nameserver = ns6.forumla.ru
  425. forumla.ru internet address = 198.104.62.49
  426. forumla.ru internet address = 210.71.250.131
  427.  
  428. domain: FORUMLA.RU
  429. nserver: ns1.forumla.ru. 41.168.5.140
  430. nserver: ns2.forumla.ru. 110.164.58.250
  431. nserver: ns3.forumla.ru. 210.71.250.131
  432. nserver: ns4.forumla.ru. 203.171.234.53
  433. nserver: ns5.forumla.ru. 194.249.217.8
  434. state: REGISTERED, DELEGATED, UNVERIFIED
  435. person: Private Person
  436. registrar: NAUNET-REG-RIPN
  437. admin-contact: https://client.naunet.ru/c/whoiscontact
  438. created: 2013.02.24
  439. paid-till: 2014.02.24
  440. free-date: 2014.03.27
  441. source: TCI
  442. Last updated on 2013.03.05 11:06:36 MSK
  443.  
  444.  
  445. forum-la.ru
  446. primary name server = ns1.forum-la.ru
  447. responsible mail addr = root.forum-la.ru
  448. serial = 2012010101
  449. refresh = 604800 (7 days)
  450. retry = 1800 (30 mins)
  451. expire = 1800 (30 mins)
  452. default TTL = 60 (1 min)
  453. forum-la.ru nameserver = ns4.forum-la.ru
  454. forum-la.ru nameserver = ns3.forum-la.ru
  455. forum-la.ru nameserver = ns1.forum-la.ru
  456. forum-la.ru nameserver = ns9.forum-la.ru
  457. forum-la.ru nameserver = ns10.forum-la.ru
  458. forum-la.ru nameserver = ns2.forum-la.ru
  459. forum-la.ru nameserver = ns6.forum-la.ru
  460. forum-la.ru nameserver = ns5.forum-la.ru
  461. forum-la.ru nameserver = ns8.forum-la.ru
  462. forum-la.ru nameserver = ns7.forum-la.ru
  463. forum-la.ru internet address = 210.71.250.131
  464. forum-la.ru internet address = 198.104.62.49
  465.  
  466. domain: FORUM-LA.RU
  467. nserver: ns1.forum-la.ru. 41.168.5.140
  468. nserver: ns2.forum-la.ru. 110.164.58.250
  469. nserver: ns3.forum-la.ru. 210.71.250.131
  470. nserver: ns4.forum-la.ru. 203.171.234.53
  471. nserver: ns5.forum-la.ru. 194.249.217.8
  472. state: REGISTERED, DELEGATED, UNVERIFIED
  473. person: Private Person
  474. registrar: NAUNET-REG-RIPN
  475. admin-contact: https://client.naunet.ru/c/whoiscontact
  476. created: 2013.02.24
  477. paid-till: 2014.02.24
  478. free-date: 2014.03.27
  479. source: TCI
  480. Last updated on 2013.03.05 11:06:36 MSK
  481.  
  482. foruminanki.ru
  483. primary name server = ns1.foruminanki.ru
  484. responsible mail addr = root.foruminanki.ru
  485. serial = 2012010101
  486. refresh = 604800 (7 days)
  487. retry = 1800 (30 mins)
  488. expire = 1800 (30 mins)
  489. default TTL = 60 (1 min)
  490. foruminanki.ru nameserver = ns7.foruminanki.ru
  491. foruminanki.ru nameserver = ns5.foruminanki.ru
  492. foruminanki.ru nameserver = ns6.foruminanki.ru
  493. foruminanki.ru nameserver = ns4.foruminanki.ru
  494. foruminanki.ru nameserver = ns3.foruminanki.ru
  495. foruminanki.ru nameserver = ns10.foruminanki.ru
  496. foruminanki.ru nameserver = ns9.foruminanki.ru
  497. foruminanki.ru nameserver = ns8.foruminanki.ru
  498. foruminanki.ru nameserver = ns1.foruminanki.ru
  499. foruminanki.ru nameserver = ns2.foruminanki.ru
  500. foruminanki.ru internet address = 210.71.250.131
  501. foruminanki.ru internet address = 198.104.62.49
  502.  
  503. domain: FORUMINANKI.RU
  504. nserver: ns1.foruminanki.ru. 41.168.5.140
  505. nserver: ns2.foruminanki.ru. 110.164.58.250
  506. nserver: ns3.foruminanki.ru. 210.71.250.131
  507. nserver: ns4.foruminanki.ru. 203.171.234.53
  508. nserver: ns5.foruminanki.ru. 194.249.217.8
  509. state: REGISTERED, DELEGATED, UNVERIFIED
  510. person: Private Person
  511. registrar: NAUNET-REG-RIPN
  512. admin-contact: https://client.naunet.ru/c/whoiscontact
  513. created: 2013.02.24
  514. paid-till: 2014.02.24
  515. free-date: 2014.03.27
  516. source: TCI
  517. Last updated on 2013.03.05 11:06:36 MSK
  518.  
  519. forumilllionois.ru
  520. primary name server = ns1.forumilllionois.ru
  521. responsible mail addr = root.forumilllionois.ru
  522. serial = 2012010101
  523. refresh = 604800 (7 days)
  524. retry = 1800 (30 mins)
  525. expire = 1800 (30 mins)
  526. default TTL = 60 (1 min)
  527. forumilllionois.ru nameserver = ns5.forumilllionois.ru
  528. forumilllionois.ru nameserver = ns6.forumilllionois.ru
  529. forumilllionois.ru nameserver = ns10.forumilllionois.ru
  530. forumilllionois.ru nameserver = ns1.forumilllionois.ru
  531. forumilllionois.ru nameserver = ns2.forumilllionois.ru
  532. forumilllionois.ru nameserver = ns7.forumilllionois.ru
  533. forumilllionois.ru nameserver = ns4.forumilllionois.ru
  534. forumilllionois.ru nameserver = ns3.forumilllionois.ru
  535. forumilllionois.ru nameserver = ns8.forumilllionois.ru
  536. forumilllionois.ru nameserver = ns9.forumilllionois.ru
  537. forumilllionois.ru internet address = 198.104.62.49
  538. forumilllionois.ru internet address = 210.71.250.131
  539.  
  540. domain: FORUMILLLIONOIS.RU
  541. nserver: ns1.forumilllionois.ru. 41.168.5.140
  542. nserver: ns2.forumilllionois.ru. 110.164.58.250
  543. nserver: ns3.forumilllionois.ru. 210.71.250.131
  544. nserver: ns4.forumilllionois.ru. 203.171.234.53
  545. nserver: ns5.forumilllionois.ru. 194.249.217.8
  546. state: REGISTERED, DELEGATED, UNVERIFIED
  547. person: Private Person
  548. registrar: NAUNET-REG-RIPN
  549. admin-contact: https://client.naunet.ru/c/whoiscontact
  550. created: 2013.02.24
  551. paid-till: 2014.02.24
  552. free-date: 2014.03.27
  553. source: TCI
  554. Last updated on 2013.03.05 11:06:36 MSK
  555.  
  556. //ps: rgx: \/[a-z]{4,}\.ru\:[0-9]{4}\/[a-z]{4,}\/[a-z]{4,}
  557. ----
  558. #MalwareMustDie!!!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!