daily pastebin goal
25%
SHARE
TWEET

Styx EK installing Simda @ eternal-todo.com: Domain/IP info

a guest Oct 20th, 2013 891 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Initial domains:
  2.  
  3. 178.170.104.124
  4. actes-lyon.org
  5. aybabtu.ru
  6. brave.net.nz
  7. goozix.com
  8. gylaqim.com
  9. healthpharmacydrug.in
  10. moniwild.sakura.ne.jp
  11. rodinr.511.com1.ru
  12. rxtreatments.ru
  13. southeasterntrains-fail.com
  14. toys-store.net
  15. webhydro.com
  16. www.sweetscape.com
  17.  
  18. Styx domains:
  19.  
  20. www1.l5yhg95szx7k42.usa.cc
  21. www1.o-6vuo7jzwff5fv.usa.cc
  22. www1.qejt8wkvxre5a98.usa.cc
  23. www1.xjfvtg6bagx8.usa.cc
  24. www1.yi4f59df9s509dmg7.usa.cc
  25. www2.lmm3jn8un9e0t3.mohamed.me
  26. www2.pz16hdco9zmw1.mohamed.me
  27. www3.ad63gyomll2jo237-1.usa.cc
  28. www3.ev2okgoe5o6.usa.cc
  29. www3.x1ediwc0h9zrdzaud.4pu.com
  30. www3.x-8hlldq1w50.usa.cc
  31. www3.y-83m4wjpzlx6.usa.cc
  32.  
  33. Binary IPs:
  34.  
  35. 212.117.176.187
  36. 79.133.196.94
  37. 69.57.173.222
  38. 46.105.131.126
  39.  
  40. Binary IPs whois info:
  41.  
  42. ** 212.117.176.187 **
  43.  
  44. inetnum:        212.117.176.0 - 212.117.190.255
  45. netname:        SERVER-NETWORK
  46. descr:          root SA
  47. country:        LU
  48. admin-c:        AB99-RIPE
  49. tech-c:         RE655-RIPE
  50. status:         ASSIGNED PA
  51. mnt-by:         ROOT-MNT
  52. source:         RIPE # Filtered
  53.  
  54. role:           root eSolutions
  55. address:        35, rue John F. Kennedy
  56. address:        7327 Steinsel
  57. address:        Luxembourg
  58. phone:          +352 20.500
  59. fax-no:         +352 20.500.500
  60. abuse-mailbox:  abuse@as5577.net
  61. remarks:
  62. remarks:        +------------------------------------+
  63. remarks:        | Operational Issues:                |
  64. remarks:        |                     noc@as5577.net |
  65. remarks:        +------------------------------------+
  66. remarks:        | Abuse and Spam:                    |
  67. remarks:        |                   abuse@as5577.net |
  68. remarks:        +------------------------------------+
  69. remarks:
  70. admin-c:        RE655-RIPE
  71. tech-c:         AB99-RIPE
  72. nic-hdl:        RE655-RIPE
  73. mnt-by:         ROOT-MNT
  74. source:         RIPE # Filtered
  75.  
  76. person:         Andy BIERLAIR
  77. address:        root SA
  78. address:        35, rue John F. Kennedy
  79. address:        7327 Steinsel
  80. address:        Luxembourg
  81. phone:          +352 20.500
  82. fax-no:         +352 20.500.500
  83. nic-hdl:        AB99-RIPE
  84. mnt-by:         ROOT-MNT
  85. remarks:
  86. remarks:        +------------------------------------+
  87. remarks:        | I did *NOT* spam your mailbox!     |
  88. remarks:        | I will *NOT* reply to abuse mails! |
  89. remarks:        |                                    |
  90. remarks:        | Please contact abuse@as5577.net !  |
  91. remarks:        +------------------------------------+
  92. remarks:
  93. source:         RIPE # Filtered
  94.  
  95. % Information related to '212.117.160.0/19AS5577'
  96.  
  97. route:          212.117.160.0/19
  98. descr:          root SA
  99. origin:         AS5577
  100. mnt-by:         ROOT-MNT
  101. source:         RIPE # Filtered
  102.  
  103.  
  104. ** 79.133.196.94 **
  105.  
  106. inetnum:        79.133.196.80 - 79.133.196.95
  107. netname:        HOSTLAB-NET
  108. descr:          eTOP http://www.etop.pl
  109. country:        PL
  110. admin-c:        ETOP1-RIPE
  111. tech-c:         ETOP1-RIPE
  112. status:         ASSIGNED PA
  113. mnt-by:         ETOP-MNT
  114. source:         RIPE # Filtered
  115.  
  116. role:           eTOP RIPE Administrators
  117. address:        eTOP Sp. z o.o.
  118. address:        Al.Jerozolimskie 200
  119. address:        02-222 Warsaw
  120. address:        Poland
  121. phone:          +48 22 5780100
  122. fax-no:         +48 22 5780101
  123. remarks:        from fixed network in Poland dial 0801 081 221
  124. remarks:        trouble:      Information and questions: mailto:etop@etop.pl
  125. remarks:        trouble:      Abuse and bug reports: mailto:abuse@etop.pl
  126. admin-c:        KO1097-RIPE
  127. admin-c:        MICB1-RIPE
  128. admin-c:        AGA444-RIPE
  129. tech-c:         KO1097-RIPE
  130. tech-c:         MICB1-RIPE
  131. tech-c:         AGA444-RIPE
  132. nic-hdl:        ETOP1-RIPE
  133. mnt-by:         ETOP-MNT
  134. source:         RIPE # Filtered
  135. abuse-mailbox:  abuse@etop.pl
  136.  
  137. % Information related to '79.133.192.0/19AS20853'
  138.  
  139. route:          79.133.192.0/19
  140. descr:          eTOP NET
  141. origin:         AS20853
  142. mnt-by:         ETOP-MNT
  143. source:         RIPE # Filtered
  144.  
  145.  
  146.  
  147. ** 69.57.173.222 **
  148.  
  149.  
  150. %rwhois V-1.0,V-1.5:00090h:00 my.dedicatednow.com (Ubersmith RWhois
  151. Server V-2.3.0)
  152. autharea=69.57.173.0/24
  153. xautharea=69.57.173.0/24
  154. network:Class-Name:network
  155. network:Auth-Area:69.57.173.0/24
  156. network:ID:NET-3225.69.57.173.216/29
  157. network:Network-Name:69.57.173.216/29
  158. network:IP-Network:69.57.173.216/29
  159. network:IP-Network-Block:69.57.173.216 - 69.57.173.223
  160. network:Org-Name:ISCP SIA
  161. network:Street-Address:Lubanas iela 121-37
  162. network:City:Riga
  163. network:State:Tortolla
  164. network:Postal-Code:VG 1110
  165. network:Country-Code:LV
  166. network:Tech-Contact:MAINT-3225.69.57.173.216/29
  167. network:Created:20100915020908000
  168. network:Updated:20100915020908000
  169. network:Updated-By:network@fortressitx.com
  170. contact:POC-Name:FortressITX Network
  171. contact:POC-Email:network@fortressitx.com
  172. contact:POC-Phone:973-572-1070
  173. contact:Tech-Name:FortressITX Network
  174. contact:Tech-Email:network@fortressitx.com
  175. contact:Tech-Phone:973-572-1070
  176. contact:Abuse-Name:FortressITX Abuse
  177. contact:Abuse-Email:abuse@fortressitx.com
  178. contact:Abuse-Phone:973-572-1070
  179.  
  180.  
  181.  
  182. ** 46.105.131.126 ** (another IP related to the malware)
  183.  
  184. inetnum:        46.105.131.120 - 46.105.131.127
  185. netname:        marysanders1
  186. descr:          marysanders1net
  187. country:        IE
  188. org:            ORG-OH5-RIPE
  189. admin-c:        OTC9-RIPE
  190. tech-c:         OTC9-RIPE
  191. status:         ASSIGNED PA
  192. mnt-by:         OVH-MNT
  193. source:         RIPE # Filtered
  194.  
  195. organisation:   ORG-OH5-RIPE
  196. org-name:       OVH Hosting Limited
  197. org-type:       OTHER
  198. address:        5 Fitzwilliam Place
  199. address:        Dublin 2
  200. address:        Ireland
  201. abuse-mailbox:  abuse@ovh.net
  202. mnt-ref:        OVH-MNT
  203. mnt-by:         OVH-MNT
  204. source:         RIPE # Filtered
  205.  
  206. role:           OVH IE Technical Contact
  207. address:        OVH Hosting Limited
  208. address:        5 Fitzwilliam Place
  209. address:        Dublin 2
  210. address:        Ireland
  211. admin-c:        OK217-RIPE
  212. tech-c:         GM84-RIPE
  213. nic-hdl:        OTC9-RIPE
  214. abuse-mailbox:  abuse@ovh.net
  215. mnt-by:         OVH-MNT
  216. source:         RIPE # Filtered
  217.  
  218. % Information related to '46.105.0.0/16AS16276'
  219.  
  220. route:          46.105.0.0/16
  221. descr:          OVH ISP
  222. descr:          Paris, France
  223. origin:         AS16276
  224. mnt-by:         OVH-MNT
  225. source:         RIPE # Filtered
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top