WsIRT^(TM)

• whois
• dig
• host
• fetch
• asn

---

whois

at 28 Nov, 2007 @ 19:51:06
CastleCops Local Cached Whois at 2007-11-28 18:38:42 GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Checking server [whois.ripn.net] Results: % By submitting a query to RIPN's Whois Service % you agree to abide by the following terms of use: % http://www.ripn.net/about/servpol.html#3.2 (in Russian) % http://www.ripn.net/about/en/servpol.html#3.2 (in English). domain: CHAT.RU type: CORPORATE nserver: ns2.internal.ru. nserver: ns3.internal.ru. nserver: ns1.internal.ru. state: REGISTERED, DELEGATED org: Suntor Limited phone: +1 213 4772352 fax-no: +1 213 4772352 e-mail: domain4ru@gmail.com registrar: RUCENTER-REG-RIPN created: 1996.11.05 paid-till: 2008.12.01 source: TC-RIPN Last updated on 2007.11.28 21:32:13 MSK/MSD Results brought to you by the GeekTools WHOIS Proxy Server results may be copyrighted and are used with permission. Your host (CastleCops WsIRT) has visited 197 times today.

---

whois

at 01 Dec, 2007 @ 01:15:51
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Checking server [whois.crsnic.net] Checking server [whois.enom.com] Results: =-=-=-= Visit AboutUs.org for more information about weedns.com <a href="http://www.aboutus.org/weedns.com">AboutUs: weedns.com</a> Registration Service Provided By: whyI.org Contact: dns@whyI.org Visit: http://www.whyI.org/ Domain name: weedns.com Registrant Contact: Crackerjack Networking Solutions Tyler MacDonald (dns@whyI.org) +1.6045218080 Fax: PO Box 48546 Vancouver, BC V7X 1A3 CA Administrative Contact: Crackerjack Networking Solutions Tyler MacDonald (dns@whyI.org) +1.6045218080 Fax: PO Box 48546 Vancouver, BC V7X 1A3 CA Technical Contact: Crackerjack Networking Solutions Tyler MacDonald (dns@whyI.org) +1.6045218080 Fax: PO Box 48546 Vancouver, BC V7X 1A3 CA Status: Locked Name Servers: connubialis.crackerjack.net fumo-viridus.crackerjack.net Creation date: 23 Nov 2001 20:55:19 Expiration date: 23 Nov 2008 20:55:19 =-=-=-= The data in this whois database is provided to you for information purposes only, that is, to assist you in obtaining information about or related to a domain name registration record. We make this information available "as is," and do not guarantee its accuracy. By submitting a whois query, you agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to: (1) enable high volume, automated, electronic processes that stress or load this whois database system providing you this information; or (2) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via direct mail, electronic mail, or by telephone. The compilation, repackaging, dissemination or other use of this data is expressly prohibited without prior written consent from us. We reserve the right to modify these terms at any time. By submitting this query, you agree to abide by these terms. Version 6.3 4/3/2002 Results brought to you by the GeekTools WHOIS Proxy Server results may be copyrighted and are used with permission. Your host (CastleCops WsIRT) has visited 44 times today.

---

whois

at 01 Dec, 2007 @ 01:16:12
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Checking server [whois.nic.nu] Results: ------------------------------------------------------------------------ .NU Domain Ltd Whois service Domain Name (ASCII): bpa.nu Technical Contact: Alan Yates alany@ay.com.au AY Communications PO Box 103 Harbord AU Phone: +61 2 9905 2883 (voice) +61 2 9938 5952 (fax) Record last updated on 07-Sep-2007. Record expires on 20-May-2009. Record created on 20-May-2000. Record status: Active. Domain servers in listed order: ns1.ddns.nu ns2.ddns.nu ns3.ddns.nu ns4.ddns.nu Owner and Administrative Contact information for this domain name is available upon request from support@nic.nu Copyright by .NU Domain Ltd - http://www.nunames.nu ------------------------------------------------------------------------ Database last updated: Fri Nov 30 19:18:27 2007 ------------------------------------------------------------------------ Results brought to you by the GeekTools WHOIS Proxy Server results may be copyrighted and are used with permission. Your host (CastleCops WsIRT) has visited 45 times today.

---

whois

at 01 Dec, 2007 @ 01:16:27
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Results: The TLD "ne" has no known working whois server. Results brought to you by the GeekTools WHOIS Proxy Server results may be copyrighted and are used with permission. Your host (CastleCops WsIRT) has visited 46 times today.

---

whois

at 01 Dec, 2007 @ 01:16:41
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Checking server [whois.dns.be] Results: % .be Whois Server 4.0 % % (c) dns.be 2001-2004 (http://www.dns.be) % %- The WHOIS service offered by DNS and the access to the records in the DNS %- WHOIS database are provided for information purposes only. It allows %- persons to check whether a specific domain name is still available or not %- and to obtain information related to the registration records of %- existing domain names. %- %- DNS cannot, under any circumstances, be held liable where the stored %- information would prove to be incomplete or inaccurate in any sense. %- %- By submitting a query you agree not to use the information made available %- to: %- - allow, enable or otherwise support the transmission of unsolicited, %- commercial advertising or other solicitations whether via email or otherwise; %- - target advertising in any possible way; %- - to cause nuisance in any possible way to the domain name holders by sending %- messages to them (whether by automated, electronic processes capable of %- enabling high volumes or other possible means). %- %- Without prejudice to the above, it is explicitly forbidden to extract, copy %- and/or use or re-utilise in any form and by any means (electronically or %- not) the whole or a quantitatively or qualitatively substantial part %- of the contents of the WHOIS database without prior and explicit permission %- by DNS, nor in any attempt thereof, to apply automated, electronic %- processes to DNS (or its systems). %- %- You agree that any reproduction and/or transmission of data for commercial %- purposes will always be considered as the extraction of a substantial %- part of the content of the WHOIS database. %- %- By submitting the query you agree to abide by this policy and accept that %- DNS can take measures to limit the use of its whois services in order to %- protect the privacy of its registrants or the integrity of the database. %- % WHOIS opendns Domain: opendns Status: REGISTERED Registered: Fri May 24 2002 Licensee: Not shown, please visit www.dns.be for webbased whois. Agent Technical Contacts: Last Name: Charlier Olivier Company Name: ANAGRAMME sprl Language: en Street: Rue Jules Destree 170 Location: 6150 Anderlues Country: BE Phone: +32.70660554 Fax: +32.70660686 Email: dnsmaster@belhosting.net Agent: Name: Are you IN for business? Website: http://www.inforbusiness.com Nameservers: dns3.belhosting.net dns1.belhosting.net dns2.belhosting.net dns4.belhosting.net Results brought to you by the GeekTools WHOIS Proxy Server results may be copyrighted and are used with permission. Your host (CastleCops WsIRT) has visited 47 times today.

---

whois

at 01 Dec, 2007 @ 01:16:55
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Checking server [whois.dns.be] Results: % .be Whois Server 4.0 % % (c) dns.be 2001-2004 (http://www.dns.be) % %- The WHOIS service offered by DNS and the access to the records in the DNS %- WHOIS database are provided for information purposes only. It allows %- persons to check whether a specific domain name is still available or not %- and to obtain information related to the registration records of %- existing domain names. %- %- DNS cannot, under any circumstances, be held liable where the stored %- information would prove to be incomplete or inaccurate in any sense. %- %- By submitting a query you agree not to use the information made available %- to: %- - allow, enable or otherwise support the transmission of unsolicited, %- commercial advertising or other solicitations whether via email or otherwise; %- - target advertising in any possible way; %- - to cause nuisance in any possible way to the domain name holders by sending %- messages to them (whether by automated, electronic processes capable of %- enabling high volumes or other possible means). %- %- Without prejudice to the above, it is explicitly forbidden to extract, copy %- and/or use or re-utilise in any form and by any means (electronically or %- not) the whole or a quantitatively or qualitatively substantial part %- of the contents of the WHOIS database without prior and explicit permission %- by DNS, nor in any attempt thereof, to apply automated, electronic %- processes to DNS (or its systems). %- %- You agree that any reproduction and/or transmission of data for commercial %- purposes will always be considered as the extraction of a substantial %- part of the content of the WHOIS database. %- %- By submitting the query you agree to abide by this policy and accept that %- DNS can take measures to limit the use of its whois services in order to %- protect the privacy of its registrants or the integrity of the database. %- % WHOIS blueline Domain: blueline Status: REGISTERED Registered: Thu Sep 11 1997 Licensee: Not shown, please visit www.dns.be for webbased whois. Agent Technical Contacts: First Name: Octave Last Name: Klaba Company Name: OVH Language: fr Street: 140, quai du Sartel Location: 59100 Roubaix Country: FR Phone: +33.320200957 Fax: +33.320200958 Email: tech@ovh.net First Name: Octave Last Name: Klaba Company Name: OVH Language: fr Street: 140, quai du Sartel Location: 59100 Roubaix Country: FR Phone: +33.320200957 Fax: +33.320200958 Email: tech@ovh.net Agent: Name: OVH SARL Website: ovh.fr Nameservers: indra.blueline.be (194.78.199.172) xeres.bluelinesoft.be Results brought to you by the GeekTools WHOIS Proxy Server results may be copyrighted and are used with permission. Your host (CastleCops WsIRT) has visited 48 times today.

---

whois

at 01 Dec, 2007 @ 01:17:13
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Checking server [whois.crsnic.net] Checking server [whois.gabia.com] Results: Welcome to GABIA.COM's WHOIS data service. The Data in Gabia' WHOIS database is provided by Gabia for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. Gabia does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail(spam); or (2) enable high volume, automated, electronic processes that apply to Gabia (or its systems). Gabia reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Registrant : HolyNet 713, Hyundai Arion Offitel 147 Kumkok-Dong Bundang-Gu Sungnam-Si Kyungki-Do (135280) Domain Name: DNIP.NET Registrar: Gabia,Inc. (GABIA.COM) Administrative, Technical, Billing Contact: JunSeon Oh hollywar@holywar.net 713, Hyundai Arion Offitel 147 Kumkok-Dong Bundang-Gu Sungnam-Si Kyungki-Do (Tel) 031-712-2250 (fax) 031-712-2256 Record created on JULY 15, 2000 Record expires on JULY 15, 2008 Record last updated on DECEMBER 07, 2005 Domain servers in listed order: NS.DNIP.NET NS2.DNIP.NET Register a domain name at www.gabia.com Results brought to you by the GeekTools WHOIS Proxy Server results may be copyrighted and are used with permission. Your host (CastleCops WsIRT) has visited 49 times today.

---

whois

at 01 Dec, 2007 @ 01:31:00
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Final results obtained from whois.ripe.net. Results: % This is the RIPE Whois query server #3. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '195.161.119.0 - 195.161.119.255' inetnum: 195.161.119.0 - 195.161.119.255 netname: EHOUSE descr: eHouse (co-location) network country: RU admin-c: YR1-RIPE admin-c: YR1-RIPE tech-c: YR1-RIPE status: ASSIGNED PA mnt-by: AS8342-MNT source: RIPE # Filtered person: Yuri A. Ryazantsev address: eHouse address: 14 bld. 1, Kedrova str. address: RU-117218, Moscow address: Russia remarks: phone: +7 095 7190521 phone: +7 495 7190521 remarks: fax-no: +7 095 1257949 fax-no: +7 495 1257949 e-mail: yuri@ehouse.ru nic-hdl: YR1-RIPE source: RIPE # Filtered remarks: modified for Russian phone area changes % Information related to '195.161.0.0/16AS8342' route: 195.161.0.0/16 descr: RTCOMM-RU origin: AS8342 mnt-by: AS8342-MNT source: RIPE # Filtered

---

dig any

at 28 Nov, 2007 @ 19:51:06
;hotraebywka.chat.ru. IN A hotraebywka.chat.ru. 86400 IN A 195.161.119.84 chat.ru. 82050 IN NS ns3.internal.ru. chat.ru. 82050 IN NS ns2.internal.ru. chat.ru. 82050 IN NS ns1.internal.ru. ;chat.ru. IN A chat.ru. 82050 IN A 195.161.119.67 ;chat.ru. IN MX chat.ru. 82050 IN MX 20 relay1.chat.ru. chat.ru. 82050 IN MX 60 relay3.chat.ru. ;chat.ru. IN NS chat.ru. 82050 IN NS ns2.internal.ru. chat.ru. 82050 IN NS ns3.internal.ru. chat.ru. 82050 IN NS ns1.internal.ru. ;chat.ru. IN SOA chat.ru. 82050 IN SOA ns1.internal.ru. postmaster.internal.ru. 1195125577 28800 7200 604800 86400 ;chat.ru. IN TXT ;hotraebywka.chat.ru. IN CNAME ;hotraebywka.chat.ru. IN PTR ;chat.ru. IN KEY ;hotraebywka.chat.ru. IN HINFO ;hotraebywka.chat.ru. IN AAAA ;; Query time: 220 msec ;; SERVER: 204.152.187.13#53(204.152.187.13) ;; WHEN: Wed Nov 28 19:51:06 2007 ;; MSG SIZE rcvd: 97

---

dig any

at 01 Dec, 2007 @ 01:15:51
; <<>> DiG 9.3.4 <<>> weedns.com any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56058 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;weedns.com. IN ANY ;; ANSWER SECTION: weedns.com. 604800 IN MX 20 crackerjack.yi.org. weedns.com. 86400 IN A 72.55.129.46 weedns.com. 604800 IN NS connubialis.crackerjack.net. weedns.com. 604800 IN NS fumo-viridus.crackerjack.net. ;; AUTHORITY SECTION: weedns.com. 604800 IN NS connubialis.crackerjack.net. weedns.com. 604800 IN NS fumo-viridus.crackerjack.net. ;; ADDITIONAL SECTION: connubialis.crackerjack.net. 172799 IN A 72.55.129.45 fumo-viridus.crackerjack.net. 172799 IN A 72.55.145.119 ;; Query time: 0 msec ;; SERVER: 204.152.184.68#53(204.152.184.68) ;; WHEN: Sat Dec 1 01:15:51 2007 ;; MSG SIZE rcvd: 206

---

dig any

at 01 Dec, 2007 @ 01:16:12
; <<>> DiG 9.3.4 <<>> bpa.nu any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44164 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;bpa.nu. IN ANY ;; ANSWER SECTION: bpa.nu. 60 IN A 203.32.117.20 bpa.nu. 60 IN NS ns1.ddns.nu. bpa.nu. 60 IN NS ns4.ddns.nu. bpa.nu. 60 IN NS ns3.ddns.nu. bpa.nu. 60 IN NS ns2.ddns.nu. ;; AUTHORITY SECTION: bpa.nu. 60 IN NS ns2.ddns.nu. bpa.nu. 60 IN NS ns3.ddns.nu. bpa.nu. 60 IN NS ns4.ddns.nu. bpa.nu. 60 IN NS ns1.ddns.nu. ;; ADDITIONAL SECTION: ns1.ddns.nu. 86399 IN A 203.32.117.1 ns2.ddns.nu. 86399 IN A 203.32.117.2 ns3.ddns.nu. 86399 IN A 72.32.30.238 ns4.ddns.nu. 86399 IN A 72.32.58.31 ;; Query time: 0 msec ;; SERVER: 204.152.184.68#53(204.152.184.68) ;; WHEN: Sat Dec 1 01:16:12 2007 ;; MSG SIZE rcvd: 237

---

dig any

at 01 Dec, 2007 @ 01:16:27
; <<>> DiG 9.3.4 <<>> dnip.ne any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 33033 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;dnip.ne. IN ANY ;; AUTHORITY SECTION: ne. 10800 IN SOA ns.intnet.ne. root.intnet.ne. 2007111200 21600 3600 3600000 10800 ;; Query time: 1 msec ;; SERVER: 204.152.184.68#53(204.152.184.68) ;; WHEN: Sat Dec 1 01:16:27 2007 ;; MSG SIZE rcvd: 76

---

dig any

at 01 Dec, 2007 @ 01:16:41
; <<>> DiG 9.3.4 <<>> opendns.be any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23574 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 4, ADDITIONAL: 4 ;; QUESTION SECTION: ;opendns.be. IN ANY ;; ANSWER SECTION: opendns.be. 2560 IN SOA dns1.belhosting.net. dnsmaster.belhosting.net. 2003750430 10800 2048 604800 2560 opendns.be. 60 IN MX 10 smtp.belhosting.net. opendns.be. 60 IN A 217.117.159.84 opendns.be. 86400 IN NS dns2.belhosting.net. opendns.be. 86400 IN NS dns3.belhosting.net. opendns.be. 86400 IN NS dns4.belhosting.net. opendns.be. 86400 IN NS dns1.belhosting.net. ;; AUTHORITY SECTION: opendns.be. 86400 IN NS dns4.belhosting.net. opendns.be. 86400 IN NS dns3.belhosting.net. opendns.be. 86400 IN NS dns1.belhosting.net. opendns.be. 86400 IN NS dns2.belhosting.net. ;; ADDITIONAL SECTION: dns1.belhosting.net. 172800 IN A 217.117.159.82 dns2.belhosting.net. 172800 IN A 91.121.25.33 dns3.belhosting.net. 172800 IN A 217.112.179.20 dns4.belhosting.net. 172800 IN A 213.219.170.202 ;; Query time: 161 msec ;; SERVER: 204.152.184.68#53(204.152.184.68) ;; WHEN: Sat Dec 1 01:16:41 2007 ;; MSG SIZE rcvd: 321

---

dig any

at 01 Dec, 2007 @ 01:16:55
; <<>> DiG 9.3.4 <<>> blueline.be any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43111 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;blueline.be. IN ANY ;; ANSWER SECTION: blueline.be. 3600 IN MX 10 mail.blueline.be. blueline.be. 3600 IN NS xeres.bluelinesoft.be. blueline.be. 3600 IN NS indra.blueline.be. ;; AUTHORITY SECTION: blueline.be. 3600 IN NS indra.blueline.be. blueline.be. 3600 IN NS xeres.bluelinesoft.be. ;; ADDITIONAL SECTION: mail.blueline.be. 3600 IN A 91.121.31.67 ;; Query time: 1 msec ;; SERVER: 204.152.184.68#53(204.152.184.68) ;; WHEN: Sat Dec 1 01:16:55 2007 ;; MSG SIZE rcvd: 147

---

dig any

at 01 Dec, 2007 @ 01:17:13
; <<>> DiG 9.3.4 <<>> dnip.net any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23710 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 0 ;; QUESTION SECTION: ;dnip.net. IN ANY ;; ANSWER SECTION: dnip.net. 3597 IN A 222.122.132.211 dnip.net. 3597 IN NS ns.dnip.net. dnip.net. 3597 IN NS ns2.dnip.net. ;; AUTHORITY SECTION: dnip.net. 3597 IN NS ns.dnip.net. dnip.net. 3597 IN NS ns2.dnip.net. ;; Query time: 764 msec ;; SERVER: 204.152.184.68#53(204.152.184.68) ;; WHEN: Sat Dec 1 01:17:12 2007 ;; MSG SIZE rcvd: 105

---

host

at 28 Nov, 2007 @ 19:51:06

---

host

at 01 Dec, 2007 @ 01:15:51

---

host

at 01 Dec, 2007 @ 01:16:12

---

host

at 01 Dec, 2007 @ 01:16:27

---

host

at 01 Dec, 2007 @ 01:16:41

---

host

at 01 Dec, 2007 @ 01:16:55

---

host

at 01 Dec, 2007 @ 01:17:13

---

host

at 01 Dec, 2007 @ 01:31:00

---

fetched page

at 28 Nov, 2007 @ 19:51:05
MD5 Fingerprint: 6cfff36d525fc69af6157ce05d3b367d
SHA1 Fingerprint: 0e47291d6398aa8d97d3ef9ecd69aea8a1603fa5
HTTP/1.1 200 OK Date: Wed, 28 Nov 2007 19:51:05 GMT Server: Apache Vary: Host Last-Modified: Tue, 27 Nov 2007 11:23:59 GMT ETag: "644c6a-3970-5130f1c0" Accept-Ranges: bytes Content-Length: 14704 Content-Type: text/plain <? set_time_limit(0); ini_set("max_execution_time",0); set_magic_quotes_runtime(0); ini_set('output_buffering',0); error_reporting(0); ignore_user_abort(); $td263a566 = array ( "po" => 8080, "sp" => "qdHH3KWXlISXmA==", "ch" => "WY/U", "ke" => "o9CZ0qGWjA==", "ha" => "ZaaOi2pjTlGFm1dS", &qu TRUNCATED BY CASTLECOPS FOR PUBLIC DISPLAY -- CONTACT STAFF FOR DETAILS

---

Corresponding BGP Origin ASN

at 01 Dec, 2007 @ 01:31:00
AS | BGP Prefix | CC | Registry | Allocated
"8342 | 195.161.0.0/16 | RU | ripencc | 1997-06-05"

---

Possible BGP peer ASNs one AS hop away from BGP Origin ASN

at 01 Dec, 2007 @ 01:31:00
AS Peers | BGP Prefix | CC | Registry | Allocated
"174 701 1239 1273 3356 10310 13237 | 195.161.0.0/16 | RU | ripencc | 1997-06-05"

---

AS Description of a given BGP ASN

at 01 Dec, 2007 @ 01:31:47
AS | CC | Registry | Allocated | AS Name
"8342 | RU | ripencc | 1997-06-11 | RTCOMM-AS RTComm.RU Autonomous System"