API tools faq
paste
Advertisement
Guest User

Clean voice malware / steam scam

a guest
Jul 24th, 2015
764
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 8.04 KB | None | 0 0
raw download clone embed print report diff
  1. Skype username: xotbobs
  2. The skype user currently resolves to this IP: 193.109.128.190 (Source: https://www.hanzresolver.com/skype2).
  3. Skype Display name: Bohdan Bardachov
  4.  
  5. Steam user: http://steamcommunity.com/id/k1llawatt
  6. SK-Gaming profile: http://www.sk-gaming.com/member/k1llawatt
  7. Twitch profile: http://www.twitch.tv/k1lawatt
  8. Brutalcs profile: http://stats.brutalcs.nu/playerinfo/313036
  9. Real Name: David Lobach (Sometimes uses false name: David Kalashnikov)
  10. DOB: 15.11.1995 (19 years old)
  11. Country: Slovenia
  12. City: Ljubljana
  13.  
  14. General IP Information
  15. IP: 193.109.128.190
  16. Decimal: 3245179070
  17. Hostname: 193-109-128-190.ukrcom.kherson.ua
  18. ASN: 21151
  19. ISP: Ukrcom Ltd.
  20. Organization: Ukrcom Ltd.
  21. Services: None detected
  22. Type: Broadband
  23. Assignment: Static IP
  24. Geolocation Information
  25.  
  26. Continent: Europe
  27. Country: Ukraine ua flag
  28. State/Region: Khersons'ka Oblast'
  29. City: Kherson
  30. Latitude: 46.6558 (46° 39′ 20.88″ N)
  31. Longitude: 32.6178 (32° 37′ 4.08″ E)
  32.  
  33. ISP website: http://translate.google.no/translate?hl=no&sl=ru&u=http://ukr-com.net/&prev=search
  34. ISP contact: info@ukr-com.net
  35.  
  36.  
  37. nmap scan of IP:
  38. Starting Nmap 6.00 ( http://nmap.org ) at 2015-07-24 18:14 EEST
  39. NSE: Loaded 17 scripts for scanning.
  40. Initiating Ping Scan at 18:14
  41. Scanning 193.109.128.190 [4 ports]
  42. Completed Ping Scan at 18:14, 0.10s elapsed (1 total hosts)
  43. Initiating SYN Stealth Scan at 18:14
  44. Scanning 193-109-128-190.ukrcom.kherson.ua (193.109.128.190) [22 ports]
  45. Discovered open port 1723/tcp on 193.109.128.190
  46. Completed SYN Stealth Scan at 18:14, 1.84s elapsed (22 total ports)
  47. Initiating Service scan at 18:14
  48. Scanning 1 service on 193-109-128-190.ukrcom.kherson.ua (193.109.128.190)
  49. Completed Service scan at 18:15, 31.34s elapsed (1 service on 1 host)
  50. Initiating OS detection (try #1) against 193-109-128-190.ukrcom.kherson.ua (193.109.128.190)
  51. Retrying OS detection (try #2) against 193-109-128-190.ukrcom.kherson.ua (193.109.128.190)
  52. Initiating Traceroute at 18:15
  53. Completed Traceroute at 18:15, 0.07s elapsed
  54. NSE: Script scanning 193.109.128.190.
  55. Initiating NSE at 18:15
  56. Completed NSE at 18:15, 0.13s elapsed
  57.  
  58. Nmap scan report for 193-109-128-190.ukrcom.kherson.ua (193.109.128.190)
  59. Host is up (0.067s latency).
  60.  
  61. PORT STATE SERVICE VERSION
  62. 21/tcp filtered ftp
  63. 22/tcp filtered ssh
  64. 23/tcp filtered telnet
  65. 25/tcp filtered smtp
  66. 80/tcp filtered http
  67. 110/tcp filtered pop3
  68. 143/tcp filtered imap
  69. 179/tcp filtered bgp
  70. 443/tcp filtered https
  71. 465/tcp filtered smtps
  72. 993/tcp filtered imaps
  73. 995/tcp filtered pop3s
  74. 1433/tcp filtered ms-sql-s
  75. 1720/tcp filtered H.323/Q.931
  76. 1723/tcp open pptp FreeBSD MPD (Firmware: 257)
  77. 3306/tcp filtered mysql
  78. 3389/tcp filtered ms-wbt-server
  79. 5060/tcp filtered sip
  80. 5900/tcp filtered vnc
  81. 8000/tcp filtered http-alt
  82. 8080/tcp filtered http-proxy
  83. 8443/tcp filtered https-alt
  84.  
  85. Device type: general purpose|PBX
  86. Running (JUST GUESSING): FreeBSD 7.X|8.X|9.X (90%), Vodavi embedded (85%)
  87. OS CPE: cpe:/o:freebsd:freebsd:7 cpe:/o:freebsd:freebsd:8 cpe:/o:freebsd:freebsd:9
  88.  
  89. Aggressive OS guesses: FreeBSD 7.1-RELEASE - 9.0-CURRENT (90%), FreeBSD 8.1-STABLE (89%), FreeBSD 7.0-STABLE (88%), FreeBSD 8.0-RELEASE (87%), FreeBSD 7.1-PRERELEASE - 7.3-RELEASE (87%), FreeBSD 8.0-STABLE (87%), FreeBSD 8.1-RELEASE (86%), FreeBSD 7.0-BETA4 - 7.0 (86%), FreeBSD 7.0-RELEASE-p1 - 9.0-PRERELEASE (86%), FreeBSD 7.1-RELEASE (86%)
  90. No exact OS matches for host (test conditions non-ideal).
  91. Uptime guess: 0.000 days (since Fri Jul 24 18:15:20 2015)
  92. Network Distance: 9 hops
  93. TCP Sequence Prediction: Difficulty=257 (Good luck!)
  94. IP ID Sequence Generation: Incremental
  95. Service Info: Host: sat3.stronglan.net
  96.  
  97.  
  98. TRACEROUTE (using port 1723/tcp)
  99. HOP RTT ADDRESS
  100. 1 0.53 ms router2-lon.linode.com (212.111.33.230)
  101. 2 1.32 ms 212.111.33.237
  102. 3 0.94 ms xe-1-3-0.lon21.ip4.gtt.net (141.136.96.245)
  103. 4 14.92 ms xe-3-0-0.fra61.ip4.gtt.net (89.149.182.74)
  104. 5 46.57 ms az-international-gw.ip4.gtt.net (77.67.66.34)
  105. 6 42.78 ms 194.44.212.253
  106. 7 59.74 ms 194.44.100.254
  107. 8 60.71 ms 193.109.128.78
  108. 9 62.69 ms 193-109-128-190.ukrcom.kherson.ua (193.109.128.190)
  109.  
  110. OS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .
  111.  
  112. Nmap done: 1 IP address (1 host up) scanned in 39.85 seconds
  113. Raw packets sent: 132 (9.396KB) | Rcvd: 37 (2.506KB)
  114.  
  115.  
  116.  
  117. Domain: cleanvoice.net
  118. Whois of cleanvoice.net:
  119. Domain Name: CLEANVOICE.NET
  120. Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC
  121. Sponsoring Registrar IANA ID: 1606
  122. Whois Server: whois.reg.ru
  123. Referral URL: http://www.reg.ru
  124. Name Server: NS1.REG.RU
  125. Name Server: NS2.REG.RU
  126. Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
  127. Updated Date: 02-jul-2015
  128. Creation Date: 02-jul-2015
  129. Expiration Date: 02-jul-2016
  130.  
  131. Domain name: cleanvoice.net
  132. Domain idn name: cleanvoice.net
  133. Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
  134. Registry Domain ID:
  135. Registrar WHOIS Server: whois.reg.ru
  136. Registrar URL: https://www.reg.com/
  137. Registrar URL: https://www.reg.ru/
  138. Registrar URL: https://www.reg.ua/
  139. Updated Date: 2015-07-02
  140. Creation Date: 2015-07-02T18:27:38Z
  141. Registrar Registration Expiration Date: 2016-07-02
  142. Registrar: Domain names registrar REG.RU LLC
  143. Registrar IANA ID: 1606
  144. Registrar Abuse Contact Email: email@reg.ru
  145. Registrar Abuse Contact Phone: +7.4955801111
  146. Registry Registrant ID:
  147. Registrant Name: Domain Admin
  148. Registrant Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org
  149. Registrant Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator
  150. Registrant City: Nobby Beach
  151. Registrant State/Province: Queensland
  152. Registrant Postal Code: QLD 4218
  153. Registrant Country: AU
  154. Registrant Phone: +45.36946676
  155. Registrant Phone Ext:
  156. Registrant Fax:
  157. Registrant Fax Ext:
  158. Registrant Email: email@privacyprotect.org
  159. Registry Admin ID:
  160. Admin Name: Domain Admin
  161. Admin Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org
  162. Admin Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator
  163. Admin City: Nobby Beach
  164. Admin State/Province: Queensland
  165. Admin Postal Code: QLD 4218
  166. Admin Country: AU
  167. Admin Phone: +45.36946676
  168. Admin Phone Ext:
  169. Admin Fax:/
  170. Admin Fax Ext:
  171. Admin Email: email@privacyprotect.org
  172. Registry Tech ID:
  173. Tech Name: Domain Admin
  174. Tech Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org
  175. Tech Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator
  176. Tech City: Nobby Beach
  177. Tech State/Province: Queensland
  178. Tech Postal Code: QLD 4218
  179. Tech Country: AU
  180. Tech Phone: +45.36946676
  181. Tech Phone Ext:
  182. Tech Fax:
  183. Tech Fax Ext:
  184. Tech Email: email@privacyprotect.org
  185. Name Server: ns1.reg.ru
  186. Name Server: ns2.reg.ru
  187. DNSSEC: Unsigned
  188. URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
  189. >>> Last update of WHOIS database: 2015-07-24T17:34:42Z <<<
  190.  
  191. For more information on Whois status codes, please visit
  192. https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en.
  193.  
  194.  
  195. % By submitting a query to REG.RU Whois Service
  196. % you agree to abide by the following terms of use:
  197. % http://www.reg.ru/whois/servpol (in Russian)
  198. % http://www.reg.com/whois/servpol (in English)
  199.  
  200.  
  201.  
  202.  
  203. *** DO NOT EXECUTE ***
  204. Binary: Cleanvoice v 0.5.2b.exe (renamed from Day3.exe)
  205. Binary downloaded from cleanvoice.net or from https://drive.google.com/uc?export=download&id=0B6hJLzgFkxuYQURTVENQT1hPN3c
  206. *** DO NOT EXECUTE ***
  207. Binary MD5: 613b2761dc4f0cfa1b1cace7faf3e42c
  208. Binary SHA1: 5793ea3cf814722a8050c6a54079d5f78315e84a
  209. Binary SHA256: 4124061962f103f8332fcf571fb3c42066b85e5a6177b65ae7d2ad526772d50f
  210. Binary size: 2.4 MB (2543616 bytes)
  211.  
  212. Virustotal.com reports 9/56 detection rate.
  213. Virustotal.com scan: https://www.virustotal.com/en/file/4124061962f103f8332fcf571fb3c42066b85e5a6177b65ae7d2ad526772d50f/analysis/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!