Domain > sophos.skypetm.com.tw

This indicator is referenced in AlienVault OTX pulse ""

Reports

http://blog.cassidiancybersecurity.com/post/2014/0...

https://bitbucket.org/cybertools/whitepapers/downl...

Files that talk to sophos.skypetm.com.tw

MD5	A/V
4ab74387f7a02c115deea2110f961fd3	[Pakes_c.AMPX] [TR/Kazy.269574]
79e48961d1ee982a466d222671a42ccb	[Trojan*Win32/Sisproc]
2b3149926ebced31284867e71648094b
bf95e89906b8a17fd611002660ffff32
ed35e43142b42b57f518197d930471d9	[RTF.Exploit.2014.1761] [CVE-2014-1761.A] [Exploit.MSWord.CVE-2014-1761.a] [RTF:Malware.OddRTF/Heur!1.9E6F] [Exp/20141761-A] [UnclassifiedMalware] [Exploit.Rtf.CVE2012-0158] [Exploit:Win32/CVE-2012-2539] [Word.Exploit.Cve-2014-1761.Alij] [Exploit.Win32.CVE-2012] [virus.exp.20141761]
f4df831f061f9f4b11d865731d650273
839af8eea3d2d077418acfee08551f4d	[W32/Trojan.YQGG-0912] [TR/Kazy.269574] [TrojanRansom.Blocker.r3] [Pakes_c.AMPX] [Trojan.Rerol] [Trojan-Ransom.Win32.Blocker.divb] [Trojan.Blocker.NR] [RDN/Ransom!eo] [Troj/Rerol-A] [Trojan.Pittyger]
1b0e8fbbace9272c8b8225fa0889c73d
ac653cad2dfc4dcdcdfa374d4a0e3537
5e2360a8c4a0cce1ae22919d8bff49fd	[TrojanRansom.Blocker.r3] [Trojan.Blocker.Win32.13870] [Trojan.Kazy.D41D06] [Trojan.Win32.Blocker.cuclmv] [Backdoor.Trojan] [Trojan-Ransom.Win32.Blocker.divb] [Trojan.Blocker!bpINWZ8JgEs] [Win32.Trojan.Blocker.Swut] [Troj/Rerol-A] [UnclassifiedMalware] [BehavesLike.Win32.Downloader.lm] [W32/Trojan.XPTA-0912] [Trojan/Blocker.agwe] [TR/Kazy.269574] [Trojan[Ransom]/Win32.Blocker] [Win32.Troj.Undef.(kcloud)] [Trojan:Win32/Rimod!gmb] [Trojan.Win32.Z.Blocker.15872.A[h]] [Trojan/Win32.Pittyger] [Trojan.Win32.Ransomlock.divb] [PE:Malware.RDM.01!5.7[F1]] [Trojan.Rerol] [W32/Blocker.A!tr] [Trj/CI.A]

Whois

Property	Value
Name	long sa
Organization	information of network company
Email	longsa33@yahoo.com
Address	No.520.gongye road.shanghai
City	shanghai, shanghai
Country	CN
Phone	+86.88885918
NameServer	ns2.world-server.net
Created	2011-01-10 00:00:00
Expires	2015-01-10 00:00:00
Registrar	AsiaRegister,Inc.

DNS Resolutions

Date	IP Address
2013-09-27	101.1.27.128 (ClassC)
2013-11-22	198.100.121.15 (ClassC)
2013-12-02	198.100.121.15 (ClassC)
2014-04-09	198.100.113.27 (ClassC)
2014-07-04	66.220.4.100 (ClassC)
2014-12-14	127.0.0.1 (ClassC)
2019-11-04	23.253.126.58 (ClassC)
2019-11-04	104.239.157.210 (ClassC)
2025-07-09	210.71.232.10 (ClassC)
2026-02-01	210.71.232.9 (ClassC)

Port 80

HTTP/1.1 200 OKContent-Type: text/htmlSet-Cookie: sess_uuid44eb59b6-5de7-4e38-a885-340d227d3ff1Content-Length: 13383Date: Sat, 07 Dec 2024 03:09:22 GMTServer: Python/3.10 aiohttp/3.8.3

!DOCTYPE html>html classclient-nojs dirltr langen>head>meta charsetutf-8/>title>users Wiki!/title>script>document.documentElement.classNamedocument.documentElement.className.replace(/(^|s)client-nojs(s|$)/,$1client-js$2);/script>script>(window.RLQwindow.RLQ||).push(function(){mw.config.set({wgCanonicalNamespace:,wgCanonicalSpecialPageName:false,wgNamespaceNumber:0,wgPageName:Main_Page,wgTitle:Main Page,wgCurRevisionId:1,wgRevisionId:1,wgArticleId:1,wgIsArticle:true,wgIsRedirect:false,wgAction:view,wgUserName:null,wgUserGroups:*,wgCategories:,wgBreakFrames:false,wgPageContentLanguage:en,wgPageContentModel:wikitext,wgSeparatorTransformTable:,,wgDigitTransformTable:,,wgDefaultDateFormat:dmy,wgMonthNames:,January,February,March,April,May,June,July,August,September,October,November,December,wgMonthNamesShort:,Jan,Feb,Mar,Apr,May,Jun,Jul,Aug,Sep,Oct,Nov,Dec,wgRelevantPageName:Main_Page,wgRelevantArticleId:1,wgRequestId:b5ecdfee0a5447bf157774fd,wgIsProbablyEditable:true,wgRelevantPageIsProbablyEditable:true,wgRestrictionEdit:,wgRestrictionMove:,wgIsMainPage:true});mw.loader.state({site.styles:ready,noscript:ready,user.styles:ready,user:ready,site:ready,user.options:ready,user.tokens:loading,mediawiki.legacy.shared:ready,mediawiki.legacy.commonPrint:ready,mediawiki.sectionAnchor:ready,mediawiki.skinning.interface:ready,skins.vector.styles:ready});mw.loader.implement(user.tokens@1cmymd6,function($,jQuery,require,module){mw.user.tokens.set({editToken:+\,patrolToken:+\,watchToken:+\,csrfToken:+\});});mw.loader.load(mediawiki.page.startup,mediawiki.user,mediawiki.hidpi,mediawiki.page.ready,mediawiki.searchSuggest,skins.vector.js);});/script>link href/A.load.php,qdebugfalse,alangen,amodulesmediawiki.legacy.commonPrint,P2Cshared,P7Cmediawiki.sectionAnchor,P7Cmediawiki.skinning.interface,P7Cskins.vector.styles,aonlystyles,askinvector.pagespeed.cf.X4-fbx4L4w.css relstylesheet/>script async src/load.php,qdebugfalse,alangen,amodulesstartup,aonlyscripts,askinvector.pagespeed.jm.VdeaCFxk6_.js>/script>meta content nameResourceLoaderD

Subdomains

Date	Domain	IP
ms11.skypetm.com.tw	2014-12-14	202.174.130.110
newb02.skypetm.com.tw	2014-12-14	127.0.0.1
032gunlike.skypetm.com.tw	2019-07-01	23.253.126.58
asdf.skypetm.com.tw	2014-12-14	113.10.240.54
zeng.skypetm.com.tw	2014-05-30	101.1.25.74
link.skypetm.com.tw	2014-12-14	127.0.0.1
botemail.skypetm.com.tw	2014-12-14	216.18.208.4
gmail.skypetm.com.tw	2013-04-27	122.208.59.188
tm.skypetm.com.tw	2013-12-11	198.100.121.15
margo.skypetm.com.tw	2014-05-09	113.10.169.162
qinoo.skypetm.com.tw	2014-12-14	113.10.240.54
ripper.skypetm.com.tw	2014-12-14	67.198.154.246
super.skypetm.com.tw	2014-12-14	211.75.195.1
sophos.skypetm.com.tw	2014-12-14	127.0.0.1
supports.skypetm.com.tw	2014-07-17	2.3.5.7
killerhost.skypetm.com.tw	2013-04-01	113.10.240.54
aniu.skypetm.com.tw	2013-05-28	61.220.44.244

View on OTX | View on ThreatMiner

Data with thanks to AlienVault OTX, VirusTotal, Malwr and others. [Sitemap]