WsIRT^(TM)

• whois
• dig
• host
• fetch
• asn

---

whois

at 03 Dec, 2007 @ 12:50:08
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Results: The TLD "es" has no known working whois server. Information may be available from the following location: http://www.nic.es/whois/ Results brought to you by the GeekTools WHOIS Proxy Server results may be copyrighted and are used with permission. Your host (CastleCops WsIRT) has visited 110 times today.

---

whois

at 04 Dec, 2007 @ 05:04:27
GeekTools Whois Proxy v5.0.4 Ready. Checking access for CastleCops WsIRT... ok. Final results obtained from whois.ripe.net. Results: % This is the RIPE Whois query server #3. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html % Note: This output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '212.78.204.0 - 212.78.205.255' inetnum: 212.78.204.0 - 212.78.205.255 netname: LYCOS-TRIPOD descr: Tripod free hosting descr: Lycos Europe country: SE admin-c: JS5687-RIPE tech-c: SH2596-RIPE tech-c: KD849-RIPE status: ASSIGNED PA remarks: For abuse issues, please contact abuse@lycos-europe.com mnt-by: MNT-LYCEU source: RIPE # Filtered person: Johannes Spangenberg address: Lycos Europe GmbH phone: +49 5241 8071 313 mnt-by: MNT-LYCEU nic-hdl: JS5687-RIPE source: RIPE # Filtered person: Stefan Hegger address: Lycos Europe GmbH address: Carl Bertelsmann Str 29 address: DE-33311 Guetersloh address: Germany phone: +49 5241 8071 334 fax-no: +49 5241 80671 334 remarks: ---------------------------------------------- remarks: do NOT e-mail abuse to contacts given here, remarks: e-mail them to abuse@lycos-europe.com instead. remarks: (as shown below at "abuse-mailbox:") You will receive a ticket number. remarks: or contact our service desk under +49 5154 705 413 after receiving a ticket number from our ticket system abuse-mailbox: abuse@lycos-europe.com mnt-by: MNT-LYCEU nic-hdl: SH2596-RIPE source: RIPE # Filtered person: Konstantion Dounaev address: Lycos Europe GmbH address: Carl Bertelsmann Str 29 address: DE-33311 Guetersloh address: Germany phone: +49 5241 8071 327 mnt-by: MNT-LYCEU nic-hdl: KD849-RIPE source: RIPE # Filtered % Information related to '212.78.192.0/19AS12832' route: 212.78.192.0/19 descr: Lycos Europe Gmbh origin: AS12832 mnt-by: MNT-LYCEU source: RIPE # Filtered Results brought to you by the GeekTools WHOIS Proxy Server results may be copyrighted and are used with permission. Your host (CastleCops WsIRT) has visited 44 times today.

---

dig any

at 03 Dec, 2007 @ 12:50:07
;usuarios.lycos.es. IN A usuarios.lycos.es. 3600 IN A 212.78.204.20 usuarios.lycos.es. 3600 IN NS dns2-1.lycos.de. usuarios.lycos.es. 3600 IN NS stons02.st1.spray.net. usuarios.lycos.es. 3600 IN NS stons01.st1.spray.net. usuarios.lycos.es. 3600 IN NS dns1-1.lycos.de. ;lycos.es. IN A lycos.es. 3600 IN A 213.193.14.149 ;lycos.es. IN MX lycos.es. 3600 IN MX 10 mx2.mail.spray.net. lycos.es. 3600 IN MX 10 mx1.mail.spray.net. ;lycos.es. IN NS lycos.es. 86400 IN NS ns4.lyceu.net. lycos.es. 86400 IN NS ns1.lyceu.net. lycos.es. 86400 IN NS ns2.lyceu.net. lycos.es. 86400 IN NS ns3.lyceu.net. ;lycos.es. IN SOA lycos.es. 3600 IN SOA ns1.lyceu.net. hostmaster.lycos-europe.net. 2007120300 10800 1800 3024000 180 ;lycos.es. IN TXT lycos.es. 3600 IN TXT "v=spf1 ip4:212.78.202.0/23 ip4:212.78.207.0/24 ?all" ;usuarios.lycos.es. IN CNAME ;usuarios.lycos.es. IN PTR ;lycos.es. IN KEY ;usuarios.lycos.es. IN HINFO ;usuarios.lycos.es. IN AAAA ;; Query time: 185 msec ;; SERVER: 204.152.187.13#53(204.152.187.13) ;; WHEN: Mon Dec 3 12:50:07 2007 ;; MSG SIZE rcvd: 113

---

host

at 03 Dec, 2007 @ 12:50:08

---

host

at 04 Dec, 2007 @ 05:04:27

---

fetched page

at 03 Dec, 2007 @ 12:50:05
MD5 Fingerprint: 26f22bdcde1f193ad5de4e9f1907034c
SHA1 Fingerprint: 48767f73dac16ed61379602d0d0f0d251903b603
HTTP/1.1 200 OK Date: Mon, 03 Dec 2007 12:50:06 GMT Server: Apache Vary: Accept-Encoding Set-Cookie: Apache=198.172.204.254.185961196686207267; path=/ Last-Modified: Wed, 29 Aug 2007 13:43:10 GMT ETag: "1038fff4-28fb6-46d577ee" Accept-Ranges: bytes Content-Length: 167862 Content-Type: text/plain <?php /* ****************************************************************************************************** * * c99shell.php v.1.0 pre-release build #5 * Freeware license. * TRUNCATED BY CASTLECOPS FOR PUBLIC DISPLAY -- CONTACT STAFF FOR DETAILS

---

fetched page

at 04 Dec, 2007 @ 05:02:57
MD5 Fingerprint: 669617c94ca55ace85ac96338a012116
SHA1 Fingerprint: c60d43a3ffe6faf837c70618193f2b6541f27a30
HTTP/1.1 200 OK Date: Tue, 04 Dec 2007 05:02:54 GMT Server: Apache Vary: Accept-Encoding Set-Cookie: Apache=209.59.34.62.201091196744574474; path=/ Last-Modified: Thu, 30 Aug 2007 18:41:41 GMT ETag: "1038fff6-18942-46d70f65" Accept-Ranges: bytes Content-Length: 100674 Content-Type: text/plain <?php /******************************************************************************************************/ /* /* /* ssssssss pppp pppp yyyyyy yyyyyy gggg gggg rrrr rrrr uuuu uuuu pppp pppp /* ss pppp pp yy yy gg gggg rrrr uu uu pppp pp /* sss TRUNCATED BY CASTLECOPS FOR PUBLIC DISPLAY -- CONTACT STAFF FOR DETAILS

---

Corresponding BGP Origin ASN

at 04 Dec, 2007 @ 05:02:07
AS | BGP Prefix | CC | Registry | Allocated
"12832 | 212.78.192.0/19 | DE | ripencc | 1999-05-04"

---

Possible BGP peer ASNs one AS hop away from BGP Origin ASN

at 04 Dec, 2007 @ 05:02:07
AS Peers | BGP Prefix | CC | Registry | Allocated
"1299 | 212.78.192.0/19 | DE | ripencc | 1999-05-04"

---

AS Description of a given BGP ASN

at 04 Dec, 2007 @ 05:02:57
AS | CC | Registry | Allocated | AS Name
"12832 | DE | ripencc | 1999-12-01 | LYCOS-EUROPE Lycos Europe GmbH"