Asprox - domains November 21 2008
November 21, 2008 - 23:13 — Rune
After what appears to be some trouble with their C&C after McColo nosedived, Asprox is again back on track.
A natural question could be: Where are the C&C now? Is McColo back up somewhere?
The old "infection scripts" at the root level seem to be gone; script.js, add.js, b.js, etc cannot be found. Have they skipped them or is there a new .js file?
The phishing is business as usual though.
11tag.in, 18err.eu, 20ver.cc, 58keep.bz, 63root.jp, libid5.tv, offset9.name, sslcom5.cc
nutrienter@
11tag.in
Domain ID:D3190551-AFIN Domain Name:11TAG.IN Created On:21-Nov-2008 10:39:45 UTC Last Updated On:21-Nov-2008 10:48:28 UTC Expiration Date:21-Nov-2009 10:39:45 UTC Sponsoring Registrar:Directi Internet Solutions Pvt. Ltd. dba PublicDomainRegistry.com (R5-AFIN) Status:CLIENT TRANSFER PROHIBITED Status:TRANSFER PROHIBITED Registrant ID:DI_9006281 Registrant Name:Samuel Ventura Registrant Organization:Samuel Ventura Registrant Street1:8709 Celita Ct Registrant Street2: Registrant Street3: Registrant City:Jessup Registrant State/Province:Maryland Registrant Postal Code:20794 Registrant Country:US Registrant Phone:+3.3014985875 Registrant Phone Ext.: Registrant FAX: Registrant FAX Ext.: Registrant Email:nutrienter@instruction.com Admin ID:DI_9006281 Admin Name:Samuel Ventura Admin Organization:Samuel Ventura Admin Street1:8709 Celita Ct Admin Street2: Admin Street3: Admin City:Jessup Admin State/Province:Maryland Admin Postal Code:20794 Admin Country:US Admin Phone:+3.3014985875 Admin Phone Ext.: Admin FAX: Admin FAX Ext.: Admin Email:nutrienter@instruction.com Billing ID:DI_9006281 Billing Name:Samuel Ventura Billing Organization:Samuel Ventura Billing Street1:8709 Celita Ct Billing Street2: Billing Street3: Billing City:Jessup Billing State/Province:Maryland Billing Postal Code:20794 Billing Country:US Billing Phone:+3.3014985875 Billing Phone Ext.: Billing FAX: Billing FAX Ext.: Billing Email:nutrienter@instruction.com Tech ID:DI_9006281 Tech Name:Samuel Ventura Tech Organization:Samuel Ventura Tech Street1:8709 Celita Ct Tech Street2: Tech Street3: Tech City:Jessup Tech State/Province:Maryland Tech Postal Code:20794 Tech Country:US Tech Phone:+3.3014985875 Tech Phone Ext.: Tech FAX: Tech FAX Ext.: Tech Email:nutrienter@instruction.com Name Server:NS1.11TAG.IN Name Server:NS2.11TAG.IN Name Server:NS3.11TAG.IN Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: ; <<>> DiG 9.3.5-P2 <<>> 11tag.in ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: query, status: noerror, id: 48607 ;; flags: qr rd ra; query: 1, answer: 14, authority: 3, additional: 0 ;; question section: ;11tag.in. in a ;; answer section: 11tag.in. 600 in a 24.151.161.136 11tag.in. 600 in a 24.192.176.178 11tag.in. 600 in a 67.186.48.227 11tag.in. 600 in a 68.72.35.57 11tag.in. 600 in a 69.132.226.210 11tag.in. 600 in a 69.249.147.235 11tag.in. 600 in a 71.93.209.252 11tag.in. 600 in a 71.121.129.212 11tag.in. 600 in a 74.138.74.188 11tag.in. 600 in a 75.13.236.18 11tag.in. 600 in a 98.209.249.15 11tag.in. 600 in a 206.72.19.27 11tag.in. 600 in a 216.231.35.164 11tag.in. 600 in a 12.208.104.167 ;; authority section: 11tag.in. 86400 in ns ns3.11tag.in. 11tag.in. 86400 in ns ns2.11tag.in. 11tag.in. 86400 in ns ns1.11tag.in. ;; query time: 256 msec ;; server: 217.13.7.140#53(217.13.7.140) ;; when: fri nov 21 21:46:41 2008 ;; msg size rcvd: 304
18err.eu
Domain Name 18err Status REGISTERED (What this means) Registered November 21, 2008 Last update November 22, 2008, 7:12 am Registrant Language English Email nutrienter@mail.com Registrar technical contacts Name Domain Manager Organisation PublicDomainRegistry.com Language English Address Phone Fax Email Registrar Organisation PublicDomainRegistry.com Website www.publicdomainregistry.com ; <<>> DiG 9.3.5-P2 <<>> 18err.eu ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30466 ;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ;18err.eu. IN A ;; ANSWER SECTION: 18err.eu. 600 IN A 69.182.29.156 18err.eu. 600 IN A 69.221.229.60 18err.eu. 600 IN A 71.93.209.252 18err.eu. 600 IN A 74.138.74.188 18err.eu. 600 IN A 75.21.158.18 18err.eu. 600 IN A 76.110.89.189 18err.eu. 600 IN A 98.196.113.58 18err.eu. 600 IN A 166.82.107.218 18err.eu. 600 IN A 206.72.19.27 18err.eu. 600 IN A 24.1.10.183 18err.eu. 600 IN A 24.192.176.178 18err.eu. 600 IN A 65.65.210.74 18err.eu. 600 IN A 65.102.56.213 18err.eu. 600 IN A 68.125.31.130 ;; AUTHORITY SECTION: 18err.eu. 29095 IN NS ns2.18err.eu. 18err.eu. 29095 IN NS ns3.18err.eu. 18err.eu. 29095 IN NS ns1.18err.eu. ;; Query time: 332 msec ;; SERVER: 217.13.7.140#53(217.13.7.140) ;; WHEN: Sat Nov 22 10:35:58 2008 ;; MSG SIZE rcvd: 304
20ver.cc
Domain Name: 20VER.CC Registrar: DYNADOT, LLC Whois Server: whois.dynadot.com Referral URL: http://www.dynadot.com Name Server: NS1.20VER.CC Name Server: NS2.20VER.CC Name Server: NS3.20VER.CC Status: CLIENT-XFER-PROHIBITED Updated Date: 21-nov-2008 Creation Date: 21-nov-2008 Expiration Date: 21-nov-2009 Domain Name: 20ver.cc Registered at http://www.dynadot.com Registrant: Bruce Hallowell 8100 N. Romero Ave. Tucson, AZ 85704 United States Administrative Contact: Bruce Hallowell 8100 N. Romero Ave. Tucson, AZ 85704 United States nutrienter@iname.com +4 5204055193 Technical Contact: Bruce Hallowell 8100 N. Romero Ave. Tucson, AZ 85704 United States nutrienter@iname.com +4 5204055193 Record expires on 2009/11/21 UTC Record created on 2008/11/21 UTC Domain servers in listed order: ns1.20ver.cc ns2.20ver.cc ns3.20ver.cc ; <<>> DiG 9.3.5-P2 <<>> 20ver.cc ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6697 ;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 3, ADDITIONAL: 0 ;; QUESTION SECTION: ;20ver.cc. IN A ;; ANSWER SECTION: 20ver.cc. 600 IN A 74.138.74.188 20ver.cc. 600 IN A 75.21.158.18 20ver.cc. 600 IN A 98.216.166.53 20ver.cc. 600 IN A 206.72.19.27 20ver.cc. 600 IN A 24.151.161.136 20ver.cc. 600 IN A 24.192.176.178 20ver.cc. 600 IN A 65.65.210.74 20ver.cc. 600 IN A 65.102.56.213 20ver.cc. 600 IN A 67.189.143.91 20ver.cc. 600 IN A 69.182.29.156 20ver.cc. 600 IN A 69.221.229.60 20ver.cc. 600 IN A 70.242.127.128 20ver.cc. 600 IN A 70.246.193.92 20ver.cc. 600 IN A 71.84.225.196 ;; AUTHORITY SECTION: 20ver.cc. 172800 IN NS NS3.20ver.cc. 20ver.cc. 172800 IN NS NS1.20ver.cc. 20ver.cc. 172800 IN NS NS2.20ver.cc. ;; Query time: 234 msec ;; SERVER: 217.13.7.140#53(217.13.7.140) ;; WHEN: Sat Nov 22 10:30:20 2008 ;; MSG SIZE rcvd: 304
58keep.bz
Registration Service Provided By: REGISTERAWEBSITENAME.CA
Contact: +905.7211144
Domain Name: 58keep.bz
Registrant:
Jared Wittland
Jared Wittland (nutrienter@mail.com)
53801 Hadan Place
New Londan
Missouri,63459
US
Tel. +3.5739853489
Creation Date: 21-Nov-2008
Expiration Date: 21-Nov-2009
Domain servers in listed order:
ns1.suspended-domain.com
ns2.suspended-domain.com
Administrative Contact:
Jared Wittland
Jared Wittland (nutrienter@mail.com)
53801 Hadan Place
New Londan
Missouri,63459
US
Tel. +3.5739853489
Technical Contact:
Jared Wittland
Jared Wittland (nutrienter@mail.com)
53801 Hadan Place
New Londan
Missouri,63459
US
Tel. +3.5739853489
Billing Contact:
Jared Wittland
Jared Wittland (nutrienter@mail.com)
53801 Hadan Place
New Londan
Missouri,63459
US
Tel. +3.5739853489
Status:SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.
; <<>> DiG 9.3.5-P2 <<>> 58keep.bz
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63309
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;58keep.bz. IN A
;; AUTHORITY SECTION:
bz. 0 IN SOA a0.cctld.afilias-nst.info. noc.afilias-nst.info. 2008078566 1800 900 604800 86400
;; Query time: 96 msec
;; SERVER: 217.13.7.140#53(217.13.7.140)
;; WHEN: Sat Nov 22 10:40:30 2008
;; MSG SIZE rcvd: 92
63root.jp
Domain Information:
[Domain Name] 63ROOT.JP
[Registrant] Michael Willbur
[Name Server] ns1.63root.jp
[Name Server] ns2.63root.jp
[Name Server] ns3.63root.jp
[Created on] 2008/11/21
[Expires on] 2009/11/30
[Status] Active
[Last Updated] 2008/11/21 21:07:30 (JST)
Contact Information:
[Name] Michael Willbur
[Email] nutrienter@mobsters.com
[Web Page]
[Postal code]
[Postal Address] 465 E. Hickory Rd.
465 E. Hickory Rd.
[Phone] 2697213846
[Fax]
; <<>> DiG 9.3.5-P2 <<>> 63root.jp
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: query, status: noerror, id: 19367
;; flags: qr rd ra; query: 1, answer: 14, authority: 3, additional: 0
;; question section:
;63root.jp. in a
;; answer section:
63root.jp. 600 in a 206.72.19.27
63root.jp. 600 in a 216.231.35.164
63root.jp. 600 in a 12.208.104.167
63root.jp. 600 in a 24.151.161.136
63root.jp. 600 in a 24.192.176.178
63root.jp. 600 in a 67.186.48.227
63root.jp. 600 in a 68.72.35.57
63root.jp. 600 in a 69.132.226.210
63root.jp. 600 in a 69.249.147.235
63root.jp. 600 in a 71.93.209.252
63root.jp. 600 in a 71.121.129.212
63root.jp. 600 in a 74.138.74.188
63root.jp. 600 in a 75.13.236.18
63root.jp. 600 in a 98.209.249.15
;; authority section:
63root.jp. 86400 in ns ns3.63root.jp.
63root.jp. 86400 in ns ns2.63root.jp.
63root.jp. 86400 in ns ns1.63root.jp.
;; query time: 309 msec
;; server: 217.13.7.140#53(217.13.7.140)
;; when: fri nov 21 21:48:32 2008
;; msg size rcvd: 305
libid5.tv
Domain Name: LIBID5.TV
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Name Server: NS1.LIBID5.TV
Name Server: NS2.LIBID5.TV
Name Server: NS3.LIBID5.TV
Status: CLIENT-XFER-PROHIBITED
Updated Date: 21-nov-2008
Creation Date: 21-nov-2008
Expiration Date: 21-nov-2009
Registration Service Provided By: ANSWERABLE.COM
Contact: +1.3104837168
Website: http://www.answerable.com
Domain Name: LIBID5.TV
Registrant:
Samuel Ventura
Samuel Ventura (nutrienter@instruction.com)
8709 Celita Ct
Jessup
Maryland,20794
US
Tel. +3.3014985875
Creation Date: 21-Nov-2008
Expiration Date: 21-Nov-2009
Domain servers in listed order:
ns3.libid5.tv
ns2.libid5.tv
ns1.libid5.tv
Administrative Contact:
Samuel Ventura
Samuel Ventura (nutrienter@instruction.com)
8709 Celita Ct
Jessup
Maryland,20794
US
Tel. +3.3014985875
Technical Contact:
Samuel Ventura
Samuel Ventura (nutrienter@instruction.com)
8709 Celita Ct
Jessup
Maryland,20794
US
Tel. +3.3014985875
Billing Contact:
Samuel Ventura
Samuel Ventura (nutrienter@instruction.com)
8709 Celita Ct
Jessup
Maryland,20794
US
Tel. +3.3014985875
Status:ACTIVE
; <<>> DiG 9.3.5-P2 <<>> libid5.tv
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: query, status: noerror, id: 47023
;; flags: qr rd ra; query: 1, answer: 14, authority: 3, additional: 0
;; question section:
;libid5.tv. in a
;; answer section:
libid5.tv. 600 in a 98.216.166.53
libid5.tv. 600 in a 206.72.19.27
libid5.tv. 600 in a 216.231.35.164
libid5.tv. 600 in a 12.208.104.167
libid5.tv. 600 in a 24.151.161.136
libid5.tv. 600 in a 24.192.176.178
libid5.tv. 600 in a 68.72.35.57
libid5.tv. 600 in a 69.132.226.210
libid5.tv. 600 in a 69.249.147.235
libid5.tv. 600 in a 71.93.209.252
libid5.tv. 600 in a 71.121.129.212
libid5.tv. 600 in a 74.138.74.188
libid5.tv. 600 in a 75.13.236.18
libid5.tv. 600 in a 98.209.249.15
;; authority section:
libid5.tv. 172800 in ns ns2.libid5.tv.
libid5.tv. 172800 in ns ns3.libid5.tv.
libid5.tv. 172800 in ns ns1.libid5.tv.
;; query time: 266 msec
;; server: 217.13.7.140#53(217.13.7.140)
;; when: fri nov 21 21:53:42 2008
;; msg size rcvd: 305
offset9.name
Domain Name ID: 4197166DOMAIN-NAME Domain Name: OFFSET9.NAME Sponsoring Registrar ID: 202REGISTRAR-NAME Sponsoring Registrar: UK2 Group Ltd. Domain Status: clientTransferProhibited Registrant ID: 3227253CONTACT-NAME Admin ID: 3227253CONTACT-NAME Tech ID: 3227253CONTACT-NAME Billing ID: 3227253CONTACT-NAME Name Server ID: 1497113HOST-NAME Name Server: NS1.OFFSET9.NAME Name Server ID: 1497114HOST-NAME Name Server: NS2.OFFSET9.NAME Name Server ID: 1497115HOST-NAME Name Server: NS3.OFFSET9.NAME Created On: 2008-11-21T10:06:38Z Expires On: 2009-11-21T10:06:38Z Updated On: 2008-11-21T10:09:35Z
sslcom5.cc
Domain Name: SSLCOM5.CC
Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Name Server: NS2.SSLCOM5.CC
Name Server: NS3.SSLCOM5.CC
Name Server: NS1.SSLCOM5.CC
Status: CLIENT-XFER-PROHIBITED
Updated Date: 21-nov-2008
Creation Date: 21-nov-2008
Expiration Date: 21-nov-2009
Registration Service Provided By: DOMAIN CENTRAL
Contact: +61.386867708
Domain Name: SSLCOM5.CC
Registrant:
Todd Messinger
Todd Messinger (nutrienter@monarchy.com)
1805 NY RT
harpursville
New York,13787
US
Tel. +4.6076931198
Creation Date: 21-Nov-2008
Expiration Date: 21-Nov-2009
Domain servers in listed order:
ns2.suspended-domain.com
ns1.suspended-domain.com
Administrative Contact:
Todd Messinger
Todd Messinger (nutrienter@monarchy.com)
1805 NY RT
harpursville
New York,13787
US
Tel. +4.6076931198
Technical Contact:
Todd Messinger
Todd Messinger (nutrienter@monarchy.com)
1805 NY RT
harpursville
New York,13787
US
Tel. +4.6076931198
Billing Contact:
Todd Messinger
Todd Messinger (nutrienter@monarchy.com)
1805 NY RT
harpursville
New York,13787
US
Tel. +4.6076931198
Status:SUSPENDED
Note: This Domain Name is Suspended.
In this status the domain name is InActive and will not function.
; <<>> DiG 9.3.5-P2 <<>> sslcom5.cc
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26296
;; flags: qr rd ra; QUERY: 1, ANSWER: 14, AUTHORITY: 3, ADDITIONAL: 0
;; QUESTION SECTION:
;sslcom5.cc. IN A
;; ANSWER SECTION:
sslcom5.cc. 600 IN A 69.182.29.156
sslcom5.cc. 600 IN A 69.221.229.60
sslcom5.cc. 600 IN A 70.242.127.128
sslcom5.cc. 600 IN A 70.246.193.92
sslcom5.cc. 600 IN A 71.84.225.196
sslcom5.cc. 600 IN A 74.138.74.188
sslcom5.cc. 600 IN A 75.9.217.153
sslcom5.cc. 600 IN A 75.21.158.18
sslcom5.cc. 600 IN A 98.216.166.53
sslcom5.cc. 600 IN A 206.72.19.27
sslcom5.cc. 600 IN A 24.151.161.136
sslcom5.cc. 600 IN A 24.192.176.178
sslcom5.cc. 600 IN A 65.102.56.213
sslcom5.cc. 600 IN A 67.189.143.91
;; AUTHORITY SECTION:
sslcom5.cc. 172800 IN NS NS1.sslcom5.cc.
sslcom5.cc. 172800 IN NS NS3.sslcom5.cc.
sslcom5.cc. 172800 IN NS NS2.sslcom5.cc.
;; Query time: 307 msec
;; SERVER: 217.13.7.140#53(217.13.7.140)
;; WHEN: Sat Nov 22 10:24:24 2008
;; MSG SIZE rcvd: 306
Similar
Syndicate
Recent comments
41 weeks 3 days ago
41 weeks 6 days ago
42 weeks 2 days ago
42 weeks 3 days ago
43 weeks 5 days ago
1 year 22 weeks ago
1 year 22 weeks ago
1 year 24 weeks ago
1 year 25 weeks ago
1 year 26 weeks ago