API tools faq
paste
Advertisement
MalwareMustDie

#MalwareMustDie - mynumber.org related domain infectors #DGA

MalwareMustDie
Nov 19th, 2012
1,524
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 7.02 KB | None | 0 0
raw download clone embed print report
  1. #MalwareMustDie! @unixfreaxjp /malware]$ date
  2. Tue Nov 20 13:44:37 JST 2012
  3.  
  4. Supporting to Denis's case,
  5. PseudoRandom/DGA of EK infector misusing mynumber.org
  6. Source Service/Dmain'S Credential Leaks
  7. "A record" pointing to VPS 204.16.173.30
  8. Below 2(two) points of investigation:
  9.  
  10. [1] Positive Affected Possibility domains is as per below suspected UrlQuerry Result:
  11. Base Report: http://urlquery.net/search.php?q=204.16.173.30&type=string&start=2011-06-25&end=2012-11-20&max=50
  12. *) PoC: justdied.com included in this domain list, is having an infection report of BHEK (TODAY, sifferent case handle)
  13. -----------------------------------------------------------------------------------------------------------------------
  14. Date (CET) Rep/Alerts/IDS URL IP
  15. -----------------------------------------------------------------------------------------------------------------------
  16. 2012-11-18 06:19:57 0 / 0 http://lflinkup.com 204.16.173.30 [United States]
  17. 2012-11-16 23:55:29 0 / 0 http://ftp1.biz 204.16.173.30 [United States]
  18. 2012-11-16 05:59:38 0 / 0 http://sellclassics.com 204.16.173.30 [United States]
  19. 2012-11-15 21:26:46 0 / 0 http://xxxy.info 204.16.173.30 [United States]
  20. 2012-11-15 13:01:12 0 / 0 http://almostmy.com 204.16.173.30 [United States]
  21. 2012-11-14 21:24:40 0 / 0 http://mynumber.org 204.16.173.30 [United States]
  22. 2012-11-14 11:37:02 0 / 0 http://gr8domain.biz 204.16.173.30 [United States]
  23. 2012-11-14 04:31:35 1 / 0 http://www.ddns.info 204.16.173.30 [United States]
  24. 2012-11-14 03:49:35 0 / 0 http://ddns.info 204.16.173.30 [United States]
  25. 2012-11-14 01:04:55 0 / 0 http://ddns.info 204.16.173.30 [United States]
  26. 2012-11-13 19:35:17 0 / 0 http://itemdb.com 204.16.173.30 [United States]
  27. 2012-11-13 14:08:34 1 / 0 http://www.onmypc.us/ 204.16.173.30 [United States]
  28. 2012-11-13 12:38:37 0 / 0 http://onmypc.us/ 204.16.173.30 [United States]
  29. 2012-11-12 05:45:12 1 / 0 http://justdied.com 204.16.173.30 [United States]
  30. 2012-11-12 02:47:54 0 / 0 http://port25.biz 204.16.173.30 [United States]
  31. 2012-11-11 14:02:36 1 / 1 http://xxxy.info/t/vc.php?go=2 204.16.173.30 [United States]
  32. 2012-11-10 21:30:49 0 / 0 http://portrelay.com 204.16.173.30 [United States]
  33. 2012-11-10 01:52:15 0 / 0 http://ddns.info 204.16.173.30 [United States]
  34. 2012-11-09 19:02:54 0 / 0 http://acmetoy.com 204.16.173.30 [United States]
  35. 2012-11-09 18:58:37 0 / 0 http://acmetoy.com 204.16.173.30 [United States]
  36. 2012-11-09 14:56:14 0 / 0 http://itemdb.com 204.16.173.30 [United States]
  37. 2012-11-09 14:26:55 0 / 0 http://justdied.com 204.16.173.30 [United States]
  38. 2012-11-09 05:43:00 0 / 0 http://trickip.net 204.16.173.30 [United States]
  39. 2012-11-08 15:38:45 0 / 0 http://ddns.us 204.16.173.30 [United States]
  40. 2012-11-08 15:36:23 0 / 0 http://ftpserver.biz 204.16.173.30 [United States]
  41. 2012-11-08 13:35:56 0 / 0 http://justdied.com 204.16.173.30 [United States]
  42. 2012-11-08 13:32:04 0 / 0 http://ftp1.biz 204.16.173.30 [United States]
  43. 2012-11-08 01:30:31 0 / 0 http://fartit.com/nt/stats.php 204.16.173.30 [United States]
  44. 2012-11-07 22:23:10 0 / 0 http://justdied.com 204.16.173.30 [United States]
  45. 2012-11-07 17:17:38 0 / 0 http://almostmy.com 204.16.173.30 [United States]
  46. 2012-11-07 15:07:34 0 / 0 http://dynamicdns.org.uk 204.16.173.30 [United States]
  47. 2012-11-07 14:38:44 0 / 0 http://dynamicdns.org.uk 204.16.173.30 [United States]
  48. 2012-11-07 12:48:40 0 / 0 http://lflinkup.com 204.16.173.30 [United States]
  49. 2012-11-06 21:04:04 0 / 0 http://ftp1.biz 204.16.173.30 [United States]
  50. 2012-11-06 21:01:30 0 / 0 http://justdied.com 204.16.173.30 [United States]
  51. 2012-11-06 03:10:33 0 / 0 http://trickip.net 204.16.173.30 [United States]
  52. 2012-11-06 00:00:25 1 / 0 http://www.lflinkup.com/index.php?c=RaENOjEayDF925cOxP3ACC60zajgAjCTlcK0liA (...) 204.16.173.30 [United States]
  53. 2012-11-05 20:06:43 0 / 0 http://lflinkup.com 204.16.173.30 [United States]
  54. 2012-11-05 00:51:34 0 / 0 http://lflinkup.com 204.16.173.30 [United States]
  55. 2012-11-04 23:52:01 0 / 0 http://25u.com 204.16.173.30 [United States]
  56. 2012-11-04 22:02:20 0 / 0 http://justdied.com 204.16.173.30 [United States]
  57. 2012-11-04 03:24:29 0 / 0 http://ftp1.biz 204.16.173.30 [United States]
  58. 2012-11-02 01:22:06 0 / 0 http://ftp1.biz 204.16.173.30 [United States]
  59. 2012-11-01 13:02:59 0 / 0 http://lflinkup.com 204.16.173.30 [United States]
  60. 2012-11-01 12:37:48 0 / 0 http://ftp1.biz 204.16.173.30 [United States]
  61. 2012-11-01 09:28:55 0 / 0 http://lflinkup.com 204.16.173.30 [United States]
  62. 2012-11-01 03:40:47 0 / 0 http://dns04.com 204.16.173.30 [United States]
  63. 2012-10-31 22:19:09 0 / 0 http://ftp1.biz 204.16.173.30 [United States]
  64.  
  65. [2]The shared IP of the below domains POSSIBLY afftected too..(alphabetical order)
  66. By seeing the name used by some domains below, seeing some suspicious already...
  67. --------------start-----------------------
  68. 1dumb.com
  69. 204-16-171-129.changeip.com
  70. 204-16-171-132.changeip.com
  71. 204-16-171-135.changeip.com
  72. 204-16-171-141.changeip.com
  73. 204-16-171-155.changeip.com
  74. 204-16-171-162.changeip.com
  75. 204-16-171-165.changeip.com
  76. 204-16-171-178.changeip.com
  77. 204-16-171-181.changeip.com
  78. 204-16-171-186.changeip.com
  79. 204-16-171-189.changeip.com
  80. 204-16-171-193.changeip.com
  81. 204-16-171-196.changeip.com
  82. 204-16-171-218.changeip.com
  83. 204-16-171-220.changeip.com
  84. 204-16-171-222.changeip.com
  85. 204-16-171-224.changeip.com
  86. 204-16-171-228.changeip.com
  87. 204-16-171-229.changeip.com
  88. 865a.changeip.com
  89. anitysmtp.changeip.com
  90. authorizeddns.net
  91. authorizeddns.org
  92. changeip.net
  93. cleansite.us
  94. ddns.com.co
  95. dns-stuff.com
  96. dns2.us
  97. dnsfailover.net
  98. dynamicdns.biz
  99. dynamicdns.org.uk
  100. edns.biz
  101. fartit.com
  102. freewww.info
  103. ftp.4pu.com
  104. ftp.mynumber.org
  105. gdsgdfsghhsh.changeip.com
  106. gettrials.com
  107. gr8name.biz
  108. jkub.com
  109. kcif.changeip.com
  110. lflinkup.net
  111. mrnorris.com
  112. myddns.com
  113. mypicture.info
  114. mypop3.net
  115. ns01.biz
  116. ns1.name
  117. ns2.name
  118. ourhobby.com
  119. rebatesrule.net
  120. relay.changeip.com
  121. rm-1-br2-1.changeip.com
  122. sexxxy.biz
  123. ssl443.org
  124. trickip.net
  125. trickip.org
  126. vanity.changeip.com
  127. vizvaz.com
  128. winupdate.changeip.com
  129. woaiwojia.changeip.com
  130. www.4mydomain.com
  131. www.almostmy.com
  132. www.cleansite.info
  133. www.compress.to
  134. www.dns1.us
  135. www.dnyp.com
  136. www.dynamicdns.co.uk
  137. www.dynamicdns.me.uk
  138. www.edns.biz
  139. www.esmtp.biz
  140. www.fartit.com
  141. www.freewww.info
  142. www.got-game.org
  143. www.gr8name.biz
  144. www.isasecret.com
  145. www.itsaol.com
  146. www.lflinkup.com
  147. www.longmusic.com
  148. www.mefound.com
  149. www.misecure.com
  150. www.mrface.com
  151. www.my03.com
  152. www.mypop3.org
  153. www.mysecondarydns.com
  154. www.ns01.biz
  155. www.ns2.name
  156. www.onedumb.com
  157. www.organiccrap.com
  158. www.poppop.com
  159. www.portrelay.com
  160. www.proxydns.com
  161. www.sellclassics.com
  162. www.trickip.net
  163. www.www1.biz
  164. www.ygto.com
  165. x24hr.com
  166. xxxy.info
  167. yakima.changeip.com
  168. ----end------
  169. #MalwareMustDie
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!