Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ================================
- #MalwareMustDie!!!
- BHEK2 PluginDetect 0.7.9 Infector Info
- Domain: hamasutra.ru
- ===============================
- //Domain Queried :
- hamasutra.ru
- //RefererCase:
- http://pastebin.com/raw.php?i=JLeHk54m
- // currently these hosts holds A records...
- hamasutra.ru has address 202.180.221.186
- hamasutra.ru has address 203.80.16.81
- hamasutra.ru has address 216.24.196.66
- hamasutra.ru has address 82.165.193.26
- // currently cached in DNS like this....
- Tracing to hamasutra.ru[a] via a.root-servers.net., maximum of 1 retries
- a.root-servers.net. (198.41.0.4)
- |\___ a.dns.ripn.net [ru] (2001:0678:0017:0000:0193:0232:0128:0006) Not queried
- |\___ a.dns.ripn.net [ru] (193.232.128.6)
- | |\___ ns3.hamasutra.ru [hamasutra.ru] (132.248.49.112) Got authoritative answer
- | |\___ ns4.hamasutra.ru [hamasutra.ru] (209.51.221.247) *
- | |\___ ns1.hamasutra.ru [hamasutra.ru] (62.76.178.233) Got authoritative answer
- | \___ ns2.hamasutra.ru [hamasutra.ru] (41.168.5.140) *
- |\___ d.dns.ripn.net [ru] (2001:0678:0018:0000:0194:0190:0124:0017) Not queried
- |\___ d.dns.ripn.net [ru] (194.190.124.17)
- | |\___ ns1.hamasutra.ru [hamasutra.ru] (62.76.178.233) (cached)
- | |\___ ns2.hamasutra.ru [hamasutra.ru] (41.168.5.140) *
- | |\___ ns4.hamasutra.ru [hamasutra.ru] (209.51.221.247) *
- | \___ ns3.hamasutra.ru [hamasutra.ru] (132.248.49.112) (cached)
- |\___ e.dns.ripn.net [ru] (2001:0678:0015:0000:0193:0232:0142:0017) Not queried
- |\___ e.dns.ripn.net [ru] (193.232.142.17)
- | |\___ ns3.hamasutra.ru [hamasutra.ru] (132.248.49.112) (cached)
- | |\___ ns4.hamasutra.ru [hamasutra.ru] (209.51.221.247) *
- | |\___ ns1.hamasutra.ru [hamasutra.ru] (62.76.178.233) (cached)
- | \___ ns2.hamasutra.ru [hamasutra.ru] (41.168.5.140) *
- |\___ b.dns.ripn.net [ru] (2001:0678:0016:0000:0194:0085:0252:0062) Not queried
- |\___ b.dns.ripn.net [ru] (194.85.252.62)
- | |\___ ns2.hamasutra.ru [hamasutra.ru] (41.168.5.140) *
- | |\___ ns1.hamasutra.ru [hamasutra.ru] (62.76.178.233) (cached)
- | |\___ ns4.hamasutra.ru [hamasutra.ru] (209.51.221.247) *
- | \___ ns3.hamasutra.ru [hamasutra.ru] (132.248.49.112) (cached)
- |\___ f.dns.ripn.net [ru] (2001:0678:0014:0000:0193:0232:0156:0017) Not queried
- \___ f.dns.ripn.net [ru] (193.232.156.17)
- |\___ ns4.hamasutra.ru [hamasutra.ru] (209.51.221.247) *
- |\___ ns2.hamasutra.ru [hamasutra.ru] (41.168.5.140) *
- |\___ ns3.hamasutra.ru [hamasutra.ru] (132.248.49.112) (cached)
- \___ ns1.hamasutra.ru [hamasutra.ru] (62.76.178.233) (cached)
- // Want to see the whois? Not so much...
- domain: HAMASUTRA.RU
- nserver: ns1.hamasutra.ru. 62.76.178.233
- nserver: ns2.hamasutra.ru. 41.168.5.140
- nserver: ns3.hamasutra.ru. 132.248.49.112
- nserver: ns4.hamasutra.ru. 209.51.221.247
- state: REGISTERED, DELEGATED, UNVERIFIED
- person: Private Person
- registrar: NAUNET-REG-RIPN
- admin-contact: https://client.naunet.ru/c/whoiscontact
- created: 2012.11.12
- paid-till: 2013.11.12
- free-date: 2013.12.13
- source: TCI
- // Unbelievable..
- //see how many NS supporting this domain...
- ;; QUESTION SECTION:
- ;hamasutra.ru. IN ANY
- ;; ANSWER SECTION:
- hamasutra.ru. 45 IN A 202.180.221.186
- hamasutra.ru. 45 IN A 203.80.16.81
- hamasutra.ru. 45 IN A 216.24.196.66
- hamasutra.ru. 45 IN A 82.165.193.26
- hamasutra.ru. 45 IN NS ns8.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns2.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns39.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns37.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns40.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns23.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns4.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns35.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns10.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns16.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns30.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns43.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns12.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns28.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns5.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns41.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns13.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns3.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns38.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns36.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns25.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns33.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns9.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns1.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns6.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns17.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns26.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns15.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns29.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns21.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns19.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns27.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns31.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns14.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns7.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns42.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns22.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns18.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns24.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns11.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns20.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns32.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns44.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns34.hamasutra.ru.
- ;; AUTHORITY SECTION:
- hamasutra.ru. 45 IN NS ns23.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns9.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns44.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns38.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns24.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns13.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns19.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns40.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns2.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns39.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns34.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns7.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns8.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns28.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns25.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns33.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns21.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns32.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns31.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns26.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns4.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns6.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns37.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns3.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns27.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns43.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns30.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns14.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns22.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns11.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns15.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns1.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns18.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns29.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns36.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns12.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns35.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns20.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns42.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns17.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns5.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns16.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns41.hamasutra.ru.
- hamasutra.ru. 45 IN NS ns10.hamasutra.ru.
- ;; ADDITIONAL SECTION:
- ns1.hamasutra.ru. 3585 IN A 62.76.178.233
- ns2.hamasutra.ru. 3585 IN A 41.168.5.140
- ns3.hamasutra.ru. 3585 IN A 132.248.49.112
- ns4.hamasutra.ru. 3585 IN A 209.51.221.247
- ns5.hamasutra.ru. 45 IN A 50.22.102.132
- ns6.hamasutra.ru. 45 IN A 41.168.5.140
- ns7.hamasutra.ru. 45 IN A 209.51.221.247
- ns8.hamasutra.ru. 45 IN A 203.80.16.81
- ns9.hamasutra.ru. 45 IN A 175.136.239.146
- ns10.hamasutra.ru. 45 IN A 88.84.130.46
- ns11.hamasutra.ru. 45 IN A 89.216.41.8
- ns12.hamasutra.ru. 45 IN A 41.66.137.155
- ns13.hamasutra.ru. 45 IN A 79.142.32.36
- ns14.hamasutra.ru. 45 IN A 87.120.41.155
- ns15.hamasutra.ru. 45 IN A 72.55.156.167
- ns16.hamasutra.ru. 45 IN A 91.194.122.8
- ns17.hamasutra.ru. 45 IN A 202.3.245.13
- ns18.hamasutra.ru. 45 IN A 178.79.146.49
- ns19.hamasutra.ru. 45 IN A 69.64.89.82
- ns20.hamasutra.ru. 45 IN A 70.38.31.71
- ns21.hamasutra.ru. 45 IN A 132.248.49.112
- ns22.hamasutra.ru. 45 IN A 74.117.59.55
- ns23.hamasutra.ru. 45 IN A 62.76.178.233
- ns24.hamasutra.ru. 45 IN A 62.76.188.138
- ns25.hamasutra.ru. 45 IN A 216.24.194.130
- ns26.hamasutra.ru. 45 IN A 79.98.27.9
- ns27.hamasutra.ru. 45 IN A 209.44.116.18
- ns28.hamasutra.ru. 45 IN A 173.224.220.180
- ns29.hamasutra.ru. 45 IN A 78.83.233.242
- ns30.hamasutra.ru. 45 IN A 87.204.199.100
- ns31.hamasutra.ru. 45 IN A 199.71.212.78
- ns32.hamasutra.ru. 45 IN A 173.224.209.66
- ns33.hamasutra.ru. 45 IN A 62.76.188.246
- ns34.hamasutra.ru. 45 IN A 50.23.137.202
- ns35.hamasutra.ru. 45 IN A 95.154.43.193
- ns36.hamasutra.ru. 45 IN A 188.138.92.16
- ns37.hamasutra.ru. 45 IN A 64.150.187.72
- ns38.hamasutra.ru. 45 IN A 84.22.100.108
- ns39.hamasutra.ru. 45 IN A 184.106.189.124
- ns40.hamasutra.ru. 45 IN A 116.12.49.68
- ns41.hamasutra.ru. 45 IN A 178.63.51.54
- ns42.hamasutra.ru. 45 IN A 120.89.91.57
- ns43.hamasutra.ru. 45 IN A 213.251.171.30
- ns44.hamasutra.ru. 45 IN A 85.125.81.51
- // Breakdown per IPs of the infector servers...
- // IP: 82.165.193.26, 202.180.221.186, 203.80.16.81, 216.24.196.66
- ===========================
- 202.180.221.186
- ===========================
- Country: Mongolia mn flag
- Latitude: 46
- Longitude: 105
- Type: Static
- inetnum: 202.180.216.0 - 202.180.223.255
- netname: GNET
- descr: Internet Service Provider
- country: MN
- admin-c: MB272-AP
- tech-c: MB272-AP
- status: ALLOCATED PORTABLE
- mnt-by: APNIC-HM
- mnt-lower: MAINT-MN-GNET
- mnt-routes: MAINT-MN-GNET
- route: 202.180.221.0/24
- descr: MN-MONGOLIA-GNET
- origin: AS24496
- mnt-by: MAINT-MN-GNET
- changed: hm-changed@apnic.net 20081210
- source: APNIC
- person: Myagmarsuren Baldorj
- nic-hdl: MB272-AP
- e-mail: myagmarsuren@gnet.mn
- address: Central Cultural Tower
- address: Sukhbaatar square-3, floor-10
- address: Ulaanbaatar
- phone: +976-11-3333-55
- fax-no: +976-11-3333-55
- country: MN
- changed: myagmarsuren@gnet.mn 20051106
- mnt-by: MAINT-NEW
- source: APNIC
- ===========================
- 82.165.193.26
- ===========================
- Country: Germany de flag
- Latitude: 51
- Longitude: 9
- Type: Static
- inetnum: 82.165.192.0 - 82.165.199.255
- netname: SCHLUND-CUSTOMERS
- descr: 1&1 Internet AG
- country: DE
- admin-c: IPAD-RIPE
- tech-c: IPOP-RIPE
- remarks: NCC#2004115007
- remarks: in case of abuse or spam, please mailto: abuse@1und1.de
- status: ASSIGNED PA
- mnt-by: AS8560-MNT
- source: RIPE # Filtered
- Additional: '82.165.0.0/16AS8560'
- route: 82.165.0.0/16
- descr: SCHLUND-PA-4
- origin: AS8560
- mnt-by: AS8560-MNT
- source: RIPE # Filtered
- ===========================
- 203.80.16.81
- ===========================
- Country: Malaysia my flag
- Latitude: 2.5
- Longitude: 112.5
- Type: Static
- inetnum: 203.80.16.0 - 203.80.16.127
- netname: MYREN-INFRA
- country: MY
- descr: MYREN Infrastructure
- admin-c: KK753-AP
- tech-c: SA286-AP
- status: ASSIGNED NON-PORTABLE
- changed: kamal@myren.net.my 20060216
- mnt-by: MAINT-MY-MYREN-NET
- source: APNIC
- person: Kamal Hisham Kamaruddin
- nic-hdl: KK753-AP
- e-mail: kamal@myren.net.my
- address: MYREN NOC,
- address: 1, MDC, Jalan Teknokrat 3,
- address: Enterprise Building 1,
- address: 63000 Cyberjaya,
- address: MALAYSIA
- phone: +603-8318-5784
- fax-no: +603-8318-5034
- country: MY
- changed: kamal@myren.net.my 20051011
- mnt-by: MAINT-MY-MYREN-NET
- changed: hm-changed@apnic.net 20051012
- changed: hm-changed@apnic.net 20051018
- source: APNIC
- person: Siti Fauziah Abu
- nic-hdl: SA286-AP
- e-mail: sitifauziah@mdc.com.my
- address: MSC Headquarters
- address: 2360 Persiaran APEC
- address: 63000 Cyberjaya
- address: Selangor
- phone: +60-3-8315-3234
- fax-no: +60-3-8318-8511
- country: MY
- changed: sitifauziah@mdc.com.my 20051018
- mnt-by: MAINT-MY-MYREN-NET
- source: APNIC
- ===========================
- 203.80.16.81
- ===========================
- Country: China cn flag
- State/Region: Beijing
- City: Beijing
- Latitude: 39.9289
- Longitude: 116.3883
- Type: Static
- NetRange: 216.24.192.0 - 216.24.207.255
- CIDR: 216.24.192.0/20
- OriginAS:
- NetName: PSYCHZ-NETWORKS
- NetHandle: NET-216-24-192-0-1
- Parent: NET-216-0-0-0-0
- NetType: Direct Allocation
- RegDate: 2010-10-14
- Updated: 2012-02-24
- Ref: http://whois.arin.net/rest/net/NET-216-24-192-0-1
- OrgName: Psychz Networks
- OrgId: PSL-86
- Address: 20687-2 Amar Rd. #312
- City: Walnut
- StateProv: CA
- PostalCode: 91789
- Country: US
- RegDate: 2008-02-20
- Updated: 2012-11-19
- Ref: http://whois.arin.net/rest/org/PSL-86
- ReferralServer: rwhois://rwhois.psychz.net:4321
- ----
- #MalwareMustDie
- @unixfreaxjp ~]$ date
- Thu Nov 22 18:17:29 JST 2012
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement