Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # MalwareMustDie! @unixfreaxjp /malware]$ date
- # Sat Mar 16 11:42:00 JST 2013
- // The update data of the BHEK domains served PWS Under registrar NAUNET.RU
- // Case: http://malwaremustdie.blogspot.jp/2013/02/bhek-cridex-combo-with-ransomware.html
- // Case: http://malwaremustdie.blogspot.com/2013/03/ru8080columnphp-hey-stealer-what-do-you.html
- // Case: http://unixfreaxjp.blogspot.jp/2013/03/ocjp-094-117104150170-oirase.html
- // Rgx: http://goo.gl/KvD2q
- // Status: The CRIME still goes on...
- // CURRENT "Active" infection source (BHEK2/Cridex PWS Stealer)
- // under monitoring..
- gulivaerinf.ru, 188.165.202.204...
- // Previous data (Sat Mar 16 00:18:08 JST 2013)
- gilaogbaos.ru, 213.215.240.24, 50.22.0.2, 188.165.202.204
- gimiinfinfal.ru, 213.215.240.24, 50.22.0.2, 188.165.202.204
- guioahgl.ru, 213.215.240.24, 50.22.0.2, 188.165.202.204
- // Previous data (Thu Mar 14 01:46:10 JST 2013) // same IP == no dismantle effort..
- gimiiiank.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- giminaaaao.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- giimiiifo.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- // Previous data (Wed Mar 13 01:22:54 JST 2013) additional IP 213.215.240.24, 93.174.138.48
- gimihaloook.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- giminkfjol.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- giliaonso.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- // OLD "ComeBacks" domains infection source (Wed Mar 13 01:22:54 JST 2013)
- forumny.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- forum-ny.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- forumla.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- forum-la.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- foruminanki.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- forumilllionois.ru, 94.102.14.239, 213.215.240.24, 93.174.138.48
- // Previous data (Mon Mar 11 10:10:22 JST 2013)
- giminkfjol.ru, 66.249.23.64 , 94.102.14.239, 5.9.40.136
- giminanvok.ru, 66.249.23.64 , 94.102.14.239, 5.9.40.136
- gimikalno.ru, 66.249.23.64 , 94.102.14.239, 5.9.40.136
- giliaonso.ru, 5.9.40.136, 66.249.23.64, 94.102.14.239,
- forum-la.ru,5.9.40.136, 66.249.23.64, 94.102.14.239,
- forumla.ru,94.102.14.239, 5.9.40.136, 66.249.23.64,
- forumny.ru,5.9.40.136, 66.249.23.64, 94.102.14.239,
- forum-ny.ru,94.102.14.239, 5.9.40.136, 66.249.23.64,
- forumilllionois.ru,5.9.40.136, 66.249.23.64, 94.102.14.239,
- foruminanki.ru,5.9.40.136, 66.249.23.64, 94.102.14.239,
- // huge changes in IP (Mon Mar 11 10:10:22 JST 2013)
- 117.104.150.170 (cleaned up), 41.72.150.100(stopped), 212.180.176.4(stopped)
- // why stopped?
- // Previous data (Mon Mar 11 10:10:22 JST 2013)
- guuderia.ru 117.104.150.170, 41.72.150.100, 212.180.176.4 (a comeback IP)
- ginagion.ru 117.104.150.170, 41.72.150.100, 212.180.176.4 (a comeback IP)
- gimilako.ru 117.104.150.170, 41.72.150.100, 212.180.176.4 (a comeback IP)
- giminalso.ru 117.104.150.170, 41.72.150.100, 212.180.176.4 (a comeback IP)
- // Previous data (Thu Mar 7 15:10:52 JST 2013) // 212.180.176.4 disappeared
- gimalayad.ru 117.104.150.170, 41.72.150.100
- ginagion.ru 117.104.150.170, 41.72.150.100
- giliaonso.ru 117.104.150.170, 41.72.150.100
- // additional: PoC at 117.104.150.170 http://unixfreaxjp.blogspot.jp/2013/03/ocjp-094-117104150170-oirase.html
- // Previous (Tue Mar 5 23:58:48 2013)
- ginagion.ru, 212.180.176.4, 117.104.150.170, 41.72.150.100 (changed IP addresses detected)
- gosbfosod.ru, 212.180.176.4, 117.104.150.170, 210.71.250.131
- giliaonso.ru, 212.180.176.4, 117.104.150.170, 210.71.250.131 (changed IP addresses detected)
- // MalwareMustDie shutdown 46.4.77.145, 198.104.62.49 (Tue Mar 5 05:58:48 2013)
- // Previous (Tue Mar 6 00:46:00 JST 2013) monitoring result:
- giliaonso.ru, 198.104.62.49, 210.71.250.131, 46.4.77.145
- forumkianko.ru, 198.104.62.49, 210.71.250.131, 46.4.77.145
- // Previous (Tue Mar 5 15:44:10 JST 2013) monitoring result:
- // detected 6(six) active domains:
- forumny.ru, 210.71.250.131, 198.104.62.49,
- forum-ny.ru, 210.71.250.131, 198.104.62.49,
- forumla.ru, 210.71.250.131, 198.104.62.49,
- forum-la.ru, 210.71.250.131, 198.104.62.49,
- foruminanki.ru, 210.71.250.131, 198.104.62.49,
- forumilllionois.ru,210.71.250.131, 198.104.62.49,
- // Previous (Sat Mar 2 17:09:05 JST 2013) monitoring result:
- foruminanki.ru 210.71.250.131, 50.31.1.104, 66.249.23.64, // peviously detected IP...
- forumilllionois.ru 50.31.1.104, 66.249.23.64, 210.71.250.131, // peviously detected IP...
- forumnywrk.ru,,
- forumligandaz.ru,,
- forummersedec.ru,,
- forumkinza.ru,,
- forummoskowciti.ru,,
- forumrogario.ru,,
- forumbmwr.ru,,
- forumligandaz.ru,,
- forumvvz.ru,,
- forumusaaa.ru,,
- forumny.ru
- :
- fzukungda.ru,,
- famagatra.ru,,
- fuigadosi.ru,,
- filialkas.ru,,
- finalions.ru,,
- :
- emmmhhh.ru,,
- ejjiipprr.ru,,
- eiiiioovvv.ru,,
- errriiiijjjj.ru,,
- :
- // Current to Historical Infector IP used...
- 213.215.240.24
- 50.22.0.2
- 188.165.202.204
- 213.215.240.24 (cleaned-up)
- 93.174.138.48 (cleaned-up)
- 94.102.14.239 (cleaned-up)
- 66.249.23.64 (cleaned-up)
- 5.9.40.136 (cleaned-up)
- 41.72.150.100, (cleaned)
- 212.180.176.4, (cleaned)
- 117.104.150.170, (killed)
- 46.4.77.145 (killed)
- 198.104.62.49 (killed)
- 210.71.250.131 (killed)
- 50.31.1.104 (killed)
- 66.249.23.64 (killed)
- 31.200.240.153 (killed)
- 83.169.41.58 (killed)
- 78.158.28.12 (killed)
- 84.23.66.74 (killed)
- 122.160.168.219 (killed)
- 87.120.40.168 (killed)
- :
- // Current Status ACTIVE domain registration:
- // All registration domains released by NAUNET.RU < Utilized? Affiliated? STOP THIS ACT!!
- @unixfreaxjp ~]$ date
- Thu Mar 8 02:10:02 JST 2013
- guuderia.ru //lookup
- primary name server = ns1.guuderia.ru
- responsible mail addr = root.guuderia.ru
- serial = 2012010101
- refresh = 604800 (7 days)
- retry = 1800 (30 mins)
- expire = 1800 (30 mins)
- default TTL = 60 (1 min)
- guuderia.ru internet address = 212.180.176.4
- guuderia.ru internet address = 41.72.150.100
- guuderia.ru internet address = 117.104.150.170
- guuderia.ru nameserver = ns2.guuderia.ru
- guuderia.ru nameserver = ns5.guuderia.ru
- guuderia.ru nameserver = ns9.guuderia.ru
- guuderia.ru nameserver = ns1.guuderia.ru
- guuderia.ru nameserver = ns6.guuderia.ru
- guuderia.ru nameserver = ns8.guuderia.ru
- guuderia.ru nameserver = ns4.guuderia.ru
- guuderia.ru nameserver = ns3.guuderia.ru
- guuderia.ru nameserver = ns10.guuderia.ru
- guuderia.ru nameserver = ns7.guuderia.ru
- domain: GUUDERIA.RU // whois
- nserver: ns1.guuderia.ru. 41.168.5.140
- nserver: ns2.guuderia.ru. 110.164.58.250
- nserver: ns3.guuderia.ru. 210.71.250.131
- nserver: ns4.guuderia.ru. 194.249.217.8
- nserver: ns5.guuderia.ru. 72.251.206.90
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2013.03.03
- paid-till: 2014.03.03
- free-date: 2014.04.03
- source: TCI
- Last updated on 2013.03.07 21:56:36 MSK
- gimalayad.ru //lookup
- primary name server = ns1.gimalayad.ru
- responsible mail addr = root.gimalayad.ru
- serial = 2012010101
- refresh = 604800 (7 days)
- retry = 1800 (30 mins)
- expire = 1800 (30 mins)
- default TTL = 60 (1 min)
- gimalayad.ru nameserver = ns1.gimalayad.ru
- gimalayad.ru nameserver = ns9.gimalayad.ru
- gimalayad.ru nameserver = ns3.gimalayad.ru
- gimalayad.ru nameserver = ns5.gimalayad.ru
- gimalayad.ru nameserver = ns10.gimalayad.ru
- gimalayad.ru nameserver = ns4.gimalayad.ru
- gimalayad.ru nameserver = ns8.gimalayad.ru
- gimalayad.ru nameserver = ns7.gimalayad.ru
- gimalayad.ru nameserver = ns2.gimalayad.ru
- gimalayad.ru nameserver = ns6.gimalayad.ru
- gimalayad.ru internet address = 41.72.150.100
- gimalayad.ru internet address = 117.104.150.170
- domain: GIMALAYAD.RU //whois
- nserver: ns1.gimalayad.ru. 41.168.5.140
- nserver: ns2.gimalayad.ru. 110.164.58.250
- nserver: ns3.gimalayad.ru. 210.71.250.131
- nserver: ns4.gimalayad.ru. 194.249.217.8
- nserver: ns5.gimalayad.ru. 72.251.206.90
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2013.03.03
- paid-till: 2014.03.03
- free-date: 2014.04.03
- source: TCI
- Last updated on 2013.03.07 10:11:35 MSK
- ginagion.ru
- primary name server = ns1.ginagion.ru
- responsible mail addr = root.ginagion.ru
- serial = 2012010101
- refresh = 604800 (7 days)
- retry = 1800 (30 mins)
- expire = 1800 (30 mins)
- default TTL = 60 (1 min)
- ginagion.ru nameserver = ns1.ginagion.ru
- ginagion.ru nameserver = ns7.ginagion.ru
- ginagion.ru nameserver = ns6.ginagion.ru
- ginagion.ru nameserver = ns4.ginagion.ru
- ginagion.ru nameserver = ns5.ginagion.ru
- ginagion.ru nameserver = ns2.ginagion.ru
- ginagion.ru nameserver = ns9.ginagion.ru
- ginagion.ru nameserver = ns10.ginagion.ru
- ginagion.ru nameserver = ns8.ginagion.ru
- ginagion.ru nameserver = ns3.ginagion.ru
- domain: GINAGION.RU
- nserver: ns1.ginagion.ru. 41.168.5.140
- nserver: ns2.ginagion.ru. 110.164.58.250
- nserver: ns3.ginagion.ru. 210.71.250.131
- nserver: ns4.ginagion.ru. 194.249.217.8
- nserver: ns5.ginagion.ru. 72.251.206.90
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2013.03.03
- paid-till: 2014.03.03
- free-date: 2014.04.03
- source: TCI
- Last updated on 2013.03.06 19:31:39 MSK
- gosbfosod.ru
- primary name server = ns1.gosbfosod.ru
- responsible mail addr = root.gosbfosod.ru
- serial = 2012010101
- refresh = 604800 (7 days)
- retry = 1800 (30 mins)
- expire = 1800 (30 mins)
- default TTL = 60 (1 min)
- gosbfosod.ru nameserver = ns4.gosbfosod.ru
- gosbfosod.ru nameserver = ns10.gosbfosod.ru
- gosbfosod.ru nameserver = ns3.gosbfosod.ru
- gosbfosod.ru nameserver = ns1.gosbfosod.ru
- gosbfosod.ru nameserver = ns2.gosbfosod.ru
- gosbfosod.ru nameserver = ns6.gosbfosod.ru
- gosbfosod.ru nameserver = ns7.gosbfosod.ru
- gosbfosod.ru nameserver = ns8.gosbfosod.ru
- gosbfosod.ru nameserver = ns9.gosbfosod.ru
- gosbfosod.ru nameserver = ns5.gosbfosod.ru
- gosbfosod.ru internet address = 212.180.176.4
- gosbfosod.ru internet address = 117.104.150.170
- gosbfosod.ru internet address = 210.71.250.131
- domain: GOSBFOSOD.RU
- nserver: ns1.gosbfosod.ru. 41.168.5.140
- nserver: ns2.gosbfosod.ru. 110.164.58.250
- nserver: ns3.gosbfosod.ru. 210.71.250.131
- nserver: ns4.gosbfosod.ru. 194.249.217.8
- nserver: ns5.gosbfosod.ru. 72.251.206.90
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN <============ This registrar keep on allowing new malware domain!!!
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2013.03.03
- paid-till: 2014.03.03
- free-date: 2014.04.03
- source: TCI
- Last updated on 2013.03.06 10:06:37 MSK
- giliaonso.ru
- primary name server = ns1.giliaonso.ru
- responsible mail addr = root.giliaonso.ru
- serial = 2012010101
- refresh = 604800 (7 days)
- retry = 1800 (30 mins)
- expire = 1800 (30 mins)
- default TTL = 60 (1 min)
- giliaonso.ru nameserver = ns4.giliaonso.ru
- giliaonso.ru nameserver = ns3.giliaonso.ru
- giliaonso.ru nameserver = ns8.giliaonso.ru
- giliaonso.ru nameserver = ns7.giliaonso.ru
- giliaonso.ru nameserver = ns5.giliaonso.ru
- giliaonso.ru nameserver = ns2.giliaonso.ru
- giliaonso.ru nameserver = ns1.giliaonso.ru
- giliaonso.ru nameserver = ns10.giliaonso.ru
- giliaonso.ru nameserver = ns6.giliaonso.ru
- giliaonso.ru nameserver = ns9.giliaonso.ru
- giliaonso.ru internet address = 212.180.176.4
- giliaonso.ru internet address = 117.104.150.170
- giliaonso.ru internet address = 210.71.250.131
- domain: GILIAONSO.RU
- nserver: ns1.giliaonso.ru. 41.168.5.140
- nserver: ns2.giliaonso.ru. 110.164.58.250
- nserver: ns3.giliaonso.ru. 210.71.250.131
- nserver: ns4.giliaonso.ru. 194.249.217.8
- nserver: ns5.giliaonso.ru. 72.251.206.90
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN <============ This registrar keep on allowing new malware domain!!!
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2013.03.03
- paid-till: 2014.03.03
- free-date: 2014.04.03
- source: TCI
- Last updated on 2013.03.06 10:06:37 MSK
- // previous records....
- forumny.ru
- primary name server = ns1.forumny.ru
- responsible mail addr = root.forumny.ru
- serial = 2012010101
- refresh = 604800 (7 days)
- retry = 1800 (30 mins)
- expire = 1800 (30 mins)
- default TTL = 60 (1 min)
- forumny.ru nameserver = ns10.forumny.ru
- forumny.ru nameserver = ns5.forumny.ru
- forumny.ru nameserver = ns6.forumny.ru
- forumny.ru nameserver = ns9.forumny.ru
- forumny.ru nameserver = ns8.forumny.ru
- forumny.ru nameserver = ns1.forumny.ru
- forumny.ru nameserver = ns3.forumny.ru
- forumny.ru nameserver = ns7.forumny.ru
- forumny.ru nameserver = ns4.forumny.ru
- forumny.ru nameserver = ns2.forumny.ru
- forumny.ru internet address = 198.104.62.49
- forumny.ru internet address = 210.71.250.131
- domain: FORUMNY.RU
- nserver: ns1.forumny.ru. 41.168.5.140
- nserver: ns2.forumny.ru. 110.164.58.250
- nserver: ns3.forumny.ru. 210.71.250.131
- nserver: ns4.forumny.ru. 203.171.234.53
- nserver: ns5.forumny.ru. 194.249.217.8
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2013.02.24
- paid-till: 2014.02.24
- free-date: 2014.03.27
- source: TCI
- Last updated on 2013.03.05 11:06:36 MSK
- forum-ny.ru
- primary name server = ns1.forum-ny.ru
- responsible mail addr = root.forum-ny.ru
- serial = 2012010101
- refresh = 604800 (7 days)
- retry = 1800 (30 mins)
- expire = 1800 (30 mins)
- default TTL = 60 (1 min)
- forum-ny.ru nameserver = ns1.forum-ny.ru
- forum-ny.ru nameserver = ns3.forum-ny.ru
- forum-ny.ru nameserver = ns6.forum-ny.ru
- forum-ny.ru nameserver = ns8.forum-ny.ru
- forum-ny.ru nameserver = ns5.forum-ny.ru
- forum-ny.ru nameserver = ns7.forum-ny.ru
- forum-ny.ru nameserver = ns2.forum-ny.ru
- forum-ny.ru nameserver = ns10.forum-ny.ru
- forum-ny.ru nameserver = ns9.forum-ny.ru
- forum-ny.ru nameserver = ns4.forum-ny.ru
- forum-ny.ru internet address = 198.104.62.49
- forum-ny.ru internet address = 210.71.250.131
- domain: FORUM-NY.RU
- nserver: ns1.forum-ny.ru. 41.168.5.140
- nserver: ns2.forum-ny.ru. 110.164.58.250
- nserver: ns3.forum-ny.ru. 210.71.250.131
- nserver: ns4.forum-ny.ru. 203.171.234.53
- nserver: ns5.forum-ny.ru. 194.249.217.8
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2013.02.24
- paid-till: 2014.02.24
- free-date: 2014.03.27
- source: TCI
- Last updated on 2013.03.05 11:06:36 MSK
- forumla.ru
- primary name server = ns1.forumla.ru
- responsible mail addr = root.forumla.ru
- serial = 2012010101
- refresh = 604800 (7 days)
- retry = 1800 (30 mins)
- expire = 1800 (30 mins)
- default TTL = 60 (1 min)
- forumla.ru nameserver = ns9.forumla.ru
- forumla.ru nameserver = ns4.forumla.ru
- forumla.ru nameserver = ns1.forumla.ru
- forumla.ru nameserver = ns5.forumla.ru
- forumla.ru nameserver = ns3.forumla.ru
- forumla.ru nameserver = ns8.forumla.ru
- forumla.ru nameserver = ns2.forumla.ru
- forumla.ru nameserver = ns7.forumla.ru
- forumla.ru nameserver = ns10.forumla.ru
- forumla.ru nameserver = ns6.forumla.ru
- forumla.ru internet address = 198.104.62.49
- forumla.ru internet address = 210.71.250.131
- domain: FORUMLA.RU
- nserver: ns1.forumla.ru. 41.168.5.140
- nserver: ns2.forumla.ru. 110.164.58.250
- nserver: ns3.forumla.ru. 210.71.250.131
- nserver: ns4.forumla.ru. 203.171.234.53
- nserver: ns5.forumla.ru. 194.249.217.8
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2013.02.24
- paid-till: 2014.02.24
- free-date: 2014.03.27
- source: TCI
- Last updated on 2013.03.05 11:06:36 MSK
- forum-la.ru
- primary name server = ns1.forum-la.ru
- responsible mail addr = root.forum-la.ru
- serial = 2012010101
- refresh = 604800 (7 days)
- retry = 1800 (30 mins)
- expire = 1800 (30 mins)
- default TTL = 60 (1 min)
- forum-la.ru nameserver = ns4.forum-la.ru
- forum-la.ru nameserver = ns3.forum-la.ru
- forum-la.ru nameserver = ns1.forum-la.ru
- forum-la.ru nameserver = ns9.forum-la.ru
- forum-la.ru nameserver = ns10.forum-la.ru
- forum-la.ru nameserver = ns2.forum-la.ru
- forum-la.ru nameserver = ns6.forum-la.ru
- forum-la.ru nameserver = ns5.forum-la.ru
- forum-la.ru nameserver = ns8.forum-la.ru
- forum-la.ru nameserver = ns7.forum-la.ru
- forum-la.ru internet address = 210.71.250.131
- forum-la.ru internet address = 198.104.62.49
- domain: FORUM-LA.RU
- nserver: ns1.forum-la.ru. 41.168.5.140
- nserver: ns2.forum-la.ru. 110.164.58.250
- nserver: ns3.forum-la.ru. 210.71.250.131
- nserver: ns4.forum-la.ru. 203.171.234.53
- nserver: ns5.forum-la.ru. 194.249.217.8
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2013.02.24
- paid-till: 2014.02.24
- free-date: 2014.03.27
- source: TCI
- Last updated on 2013.03.05 11:06:36 MSK
- foruminanki.ru
- primary name server = ns1.foruminanki.ru
- responsible mail addr = root.foruminanki.ru
- serial = 2012010101
- refresh = 604800 (7 days)
- retry = 1800 (30 mins)
- expire = 1800 (30 mins)
- default TTL = 60 (1 min)
- foruminanki.ru nameserver = ns7.foruminanki.ru
- foruminanki.ru nameserver = ns5.foruminanki.ru
- foruminanki.ru nameserver = ns6.foruminanki.ru
- foruminanki.ru nameserver = ns4.foruminanki.ru
- foruminanki.ru nameserver = ns3.foruminanki.ru
- foruminanki.ru nameserver = ns10.foruminanki.ru
- foruminanki.ru nameserver = ns9.foruminanki.ru
- foruminanki.ru nameserver = ns8.foruminanki.ru
- foruminanki.ru nameserver = ns1.foruminanki.ru
- foruminanki.ru nameserver = ns2.foruminanki.ru
- foruminanki.ru internet address = 210.71.250.131
- foruminanki.ru internet address = 198.104.62.49
- domain: FORUMINANKI.RU
- nserver: ns1.foruminanki.ru. 41.168.5.140
- nserver: ns2.foruminanki.ru. 110.164.58.250
- nserver: ns3.foruminanki.ru. 210.71.250.131
- nserver: ns4.foruminanki.ru. 203.171.234.53
- nserver: ns5.foruminanki.ru. 194.249.217.8
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2013.02.24
- paid-till: 2014.02.24
- free-date: 2014.03.27
- source: TCI
- Last updated on 2013.03.05 11:06:36 MSK
- forumilllionois.ru
- primary name server = ns1.forumilllionois.ru
- responsible mail addr = root.forumilllionois.ru
- serial = 2012010101
- refresh = 604800 (7 days)
- retry = 1800 (30 mins)
- expire = 1800 (30 mins)
- default TTL = 60 (1 min)
- forumilllionois.ru nameserver = ns5.forumilllionois.ru
- forumilllionois.ru nameserver = ns6.forumilllionois.ru
- forumilllionois.ru nameserver = ns10.forumilllionois.ru
- forumilllionois.ru nameserver = ns1.forumilllionois.ru
- forumilllionois.ru nameserver = ns2.forumilllionois.ru
- forumilllionois.ru nameserver = ns7.forumilllionois.ru
- forumilllionois.ru nameserver = ns4.forumilllionois.ru
- forumilllionois.ru nameserver = ns3.forumilllionois.ru
- forumilllionois.ru nameserver = ns8.forumilllionois.ru
- forumilllionois.ru nameserver = ns9.forumilllionois.ru
- forumilllionois.ru internet address = 198.104.62.49
- forumilllionois.ru internet address = 210.71.250.131
- domain: FORUMILLLIONOIS.RU
- nserver: ns1.forumilllionois.ru. 41.168.5.140
- nserver: ns2.forumilllionois.ru. 110.164.58.250
- nserver: ns3.forumilllionois.ru. 210.71.250.131
- nserver: ns4.forumilllionois.ru. 203.171.234.53
- nserver: ns5.forumilllionois.ru. 194.249.217.8
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2013.02.24
- paid-till: 2014.02.24
- free-date: 2014.03.27
- source: TCI
- Last updated on 2013.03.05 11:06:36 MSK
- //ps: rgx: \/[a-z]{4,}\.ru\:[0-9]{4}\/[a-z]{4,}\/[a-z]{4,}
- ----
- #MalwareMustDie!!!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement