Author Topic: New Zeus server  (Read 386592 times)

0 Members and 1 Guest are viewing this topic.

August 02, 2010, 10:51:52 am
Reply #390

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - DTZ-MOS-NET DTZ Debenham Zadelhoff LLC
IP 193.109.246.77
AS43074
Registrant/Registrant Email: Private Person/admin@alarmingzone.ru
Code: [Select]
hxxp://ghyas.ru/2a.binmd5sum ===> 798f79b6dedd01b1de9d7671775d0b4e
Code: [Select]
hxxp://ghyas.ru/abc.php
IP Location: Netherlands - LeaseWeb AS
IP 95.211.129.43
[hosted-by.leaseweb.com]
AS16265
Registrant/Registrant Email: Volkaamens DataHome/vbastenstill@yahoo.com
Code: [Select]
hxxp://veridatalookup.com/ftp3287t32gu5yg3287g/config.binmd5sum ===> c580bdcef0e64bf8d4a4b23e1302d499
Code: [Select]
hxxp://veridatalookup.com/ftp3287t32gu5yg3287g/mydata37g3f.php
hxxp://veridatalookup.com/ftp3287t32gu5yg3287g/rpp.exe
md5sum ===> eddab8f73f2b72b96fb9f15a574a1c14
http://www.virustotal.com/es/analisis/ae627b5e2e6242c5f0cc05ec2a14486feb86d33de186028116de97f990d838b4-1280742615
VT 3/42 (7.15%)

FAKE AV:
Code: [Select]
hxxp://store.natebennettfleming.com/main.php?i=Jc6vg9UVrvitihj7U8VCwpsXog==&e=3md5sum ===> 590534bc85412af298d5f751117de896
http://www.virustotal.com/es/analisis/ad3d47f9732d4e69b6d53ff325ee202e9249de8a3f49ff2b61dfad912091de82-1280741025
VT 11/42 (26.2%)
related:
Code: [Select]
hxxp://tjwlkss.pohuy.ws

August 02, 2010, 07:36:08 pm
Reply #391

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: China - CHINANET-BJ-METRO BeijingTelecom
IP 121.101.216.234
AS4847
Registrant/Registrant Email: Chang So/changso@yahoo.com
Code: [Select]
hxxp://cavemonsterfromhell.net/jabulani/config.binmd5sum ===> 71d5da4ffea20a22f18bd7ba48da20cc
Code: [Select]
hxxp://cavemonsterfromhell.net/jabulani/fifaworldcup/jan.php

September 03, 2010, 09:20:33 am
Reply #392

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Kazakhstan - AlfaHost LLP. Route Object - ALFAHOSTNET Alfa-Host LLP
IP 193.105.207.105
AS50793
Registrant Email: dns@inkognittto.ru
Code: [Select]
hxxp://inkognittto.ru/wireshark/wire.rawmd5sum ===> 152e45400e2e68a1dd4ee7ccb2da0060
Code: [Select]
hxxp://wireshark/wireshark.exemd5sum ===> cb74fb88f36b667e26f41671de8e1841
http://www.virustotal.com/file-scan/report.html?id=73b9732ff7e8464bc49b756d21bf291feaf00447b01d0769623379c1625c596e-1283504801
VT 5/43 (11.6%)
Code: [Select]
hxxp://inkognittto.ru/wireshark/sniff.php

September 04, 2010, 03:54:07 pm
Reply #393

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Iran - DCI-Route - DCI-AS DCI Autonomous System Data communication Company of Iran
IP 78.39.243.50
AS12880
Registrant/Registrant Email: Andrey Malkov/admin@first-wave-aug.com
Code: [Select]
hxxp://first-wave-aug.com/EUADM/conf_uk01.binmd5sum ===> 31147dc05d1eac3b91470b67d1174f83
Code: [Select]
hxxp://first-wave-aug.com/EUADM/gotobot.php
Code: [Select]
hxxp://first-wave-aug.com/EUADM/rapport.exemd5sum ===> e6f3d5b66fe92432e1d8c9a585eec8ea
http://www.virustotal.com/file-scan/report.html?id=b070196d76c262e8af803499af76c0474ac1927256c3f5fa8c81570d4f270c19-1283615030
VT 22/43 (51.2%)

September 05, 2010, 07:54:00 am
Reply #394

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - Proxy-registered route object
IP 173.242.114.146
AS46664
Registrant/Registrant Email: Chang So/changso@yahoo.com
Code: [Select]
hxxp://festivaloffire.net/augur/cfg.binmd5sum ===> efe005636b6e29d96ea33d0bd8e81fdd
Code: [Select]
hxxp://festivaloffire.net/augur/hanna/power.php

September 05, 2010, 12:02:17 pm
Reply #395

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Latvia - ALTNET - ALTNET-LV DG Holding SIA
IP 195.3.145.92
AS41390
Registrant ID:   DI_12346142
Registrant/Registrant Email: Max Ali/max.ali@live.com
Code: [Select]
hxxp://zsbiznet.in/php/cfg002.binmd5sum ===> 8a10fcdca608fc237a9206ed8872e066
Code: [Select]
hxxp://zsbiznet.in/php/002.exemd5sum ===> 0ebde2c89c40493f9c6ca2f9a46a830c
https://www.virustotal.com/file-scan/report.html?id=798093458211da6a0aa0f4951088ce06fcbc029e127e7f37d00f3c6361e2dd30-1283686469
VT 21/43 (48.8%)
Code: [Select]
hxxp://zsbiznet.in/php/gate.php
IP Location: Romania - STARNET-AS
IP 195.206.246.40
AS31252
Registrant ID:TOD-42526144
Registrant/Registrant Email: Jozef Bogdanowitch/bingobingo@gmail.com
Code: [Select]
hxxp://bingoshow.org/new_game/index/gort.somd5sum ===> 8d55a6d1ddf095dd971b6d430651e242
Code: [Select]
hxxp://bingoshow.org/new_game/202.php
IP Location: Latvia - LATNET - LatnetServiss-AS
IP 159.148.117.159
AS2588
Registrant/Registrant Email: Leonid S Virov/admin@secr86838.com
Code: [Select]
hxxp://secr86838.com/f34r3regwrew/d34f34r335z.binmd5sum ===> d3085218b21483adde20990e461e8b3c

September 06, 2010, 05:13:04 pm
Reply #396

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Moldova - STARNET-AS
IP 195.5.161.5
AS31252
Registrant/Registrant Email: Arnold Gee/listrecilert@yahoo.com
Code: [Select]
hxxp://gizmatool.net/server/config.binmd5sum ===> 264336e8bbc6a3ce6bd73f560fc76e6f
Code: [Select]
hxxp://gizmatool.net/server/gate.php
IP Location: China - CNC Group CHINA
LFT trace to tenziloper.com
[4837] [target open] 221.10.252.223
Registrant/Registrant Email: Sharon Lewers/d6eb7c720e608061729450f83e4ad10584976080@whois.gkg.net
Code: [Select]
hxxp://tenziloper.com/percent/update.binmd5sum ===> 756f826d4c40340cc064860dbcaf6285
Code: [Select]
hxxp://tenziloper.com/percent/update.exemd5sum ===> 1a018e43fd4ceb71a3b783d67a22c3bd
http://www.virustotal.com/file-scan/report.html?id=d74ad3e40d587ac2207c340cf42cab2e0656c1e8cbfcd5a7a59cfc44a99465ec-1283792157
VT 19/43 (44.2%)
Code: [Select]
hxxp://tenziloper.com/percent/update.php
config file for Spyeye:
IP Location: Russian Federation - Antaro Ltd
[hosted-by.antaro-hosting.ru]
AS12695
Code: [Select]
hxxp://195.88.208.250/maincp/bin/config.binmd5sum ===> 0eb9772e8065cedc0f3bacdd3b818b50
pending:
Code: [Select]
hxxp://195.88.208.250/maincp/bin/upload/

September 08, 2010, 08:15:41 am
Reply #397

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - Proxy-registered route object
IP 173.242.114.146
AS46664
Registrant/Registrant Email: Chang So/changso@yahoo.com
Code: [Select]
hxxp://nagatkeaneworld.net/nagakeane/config.binmd5sum ===> d82afbc19efeb0a40af35bbf1462620d
Code: [Select]
hxxp://nagatkeaneworld.net/nagakeane/peacesoldier/roulet.php
IP Location: China - China Telecom jiangsu Province
IP 218.93.205.105
AS4134
Registrant/Registrant Email: maxim solncev/sonverr@gmail.com
Code: [Select]
hxxp://rapsvsvsn21.net/urla/c2.binmd5sum ===> c1cb2e663b8864e104ebb672c4d03a28

September 08, 2010, 09:26:04 am
Reply #398

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - SP1 datacenter - Yahoo-SP1
IP 67.195.140.220
[p8p1.geo.sp2.yahoo.com]
AS36752
Registrant Email: contact@myprivateregistration.com
Code: [Select]
hxxp://varvavabest.com/config.binmd5sum ===> a6d54f8a6aa001e30353b5684bbdcc9b
Code: [Select]
hxxp://varvavabest.com/bot.exemd5sum ===> 41298cedbef6979dcdb54ae1d9f4db4f
http://www.virustotal.com/file-scan/report.html?id=c179d848f0b6e65baa3c7ff96a04ef1f3c3c11521f2a7586354a6fc8f7d992a7-1283937399
VT 26/41 (63.4%)
Code: [Select]
hxxp://varvavabest.com/redir.php

September 09, 2010, 08:53:29 am
Reply #399

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Moldova - STARNET-AS
IP 195.5.161.192
AS31252
Registrant/Registrant Email: Marcello Bologna/admin@greyrace8872.com
Code: [Select]
hxxp://interparceltd.com/xed/config.binmd5sum ===> 47c3f75d316e162423096dd4fb5fa27f
Code: [Select]
hxxp://interparceltd.com/xed/yourbot.exemd5sum ===> e16513ca4759f296acbed14f26495c1d
http://www.virustotal.com/file-scan/report.html?id=b35c774dc4320413e5bb1d82ee316e70d1b07eef34be837fae5481f02ecc61bb-1284021738
VT 11/43 (25.6%)
Code: [Select]
hxxp://interparceltd.com/xed/config.bin
IP Location: Suriname - GlobalNET Bosnia - BA-GLOBALNET-AS
IP 77.78.248.75
AS42560
Registrant/Registrant Email: Georgy Lamakov/admin@onlinefinancesecurity.net
Code: [Select]
hxxp://yourbankingsecurity.com/trololo/igrek.iksmd5sum ===> 0e15740410482eb86d1050f57099f17e
Code: [Select]
hxxp://yourbankingsecurity.com/zerkalo.php

September 10, 2010, 11:26:47 am
Reply #400

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://113.11.194.152/us27/usdase.dbmd5sum ===> 1946ef16e5cc83ddbe91950bf60cf3ba
Code: [Select]
hxxp://113.11.194.152/us27/us.exemd5sum ===> 2e860582172ee256abf515c476ac1718
http://www.virustotal.com/file-scan/report.html?id=0bb8230cc9dd45f87267d5a22fa62294136870560806b68cd673319e7d5ab66e-1284111787
VT 14/42 (33.3%)
Code: [Select]
hxxp://91.216.215.101/woops/ttf.php

September 10, 2010, 11:29:22 pm
Reply #401

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Czech Republic - Softel Consulting s.r.o
IP 193.104.146.65
AS50134
Code: [Select]
hxxp://tsd1online.com/f_32thg2ihfloeil/yif3hj373959fd/up2/mxconfig.binmd5sum ===> fb063c4bb547d0d2d08647c5460c103a
Code: [Select]
hxxp:///tsd1online.com/f_32thg2ihfloeil/yif3hj373959fd/up2/bot_upp2_6.exemd5sum ===> f0118c4e79b3189a37ee198a3a3ca557
http://www.virustotal.com/file-scan/report.html?id=d2fa8a12604abd3186f7afcb845bed492633c987f08778c48271a8d83ea0221e-1284160923
VT 15/43 (34.9%)
Code: [Select]
hxxp:///tsd1online.com/f_32thg2ihfloeil/yif3hj373959fd/gate_38g72fugh32ufi.php
Code: [Select]
hxxp://tsd1online.com/f_32thg2ihfloeil/yif3hj373959fd/rprt_315.exemd5sum ===> 88744a40f85d0d148bebbf9e26c8f018
http://www.virustotal.com/file-scan/report.html?id=f3c43e4b3a88fff78616adf22c33e16cf5cf4699bb7f7d0d6dcab5819c2bdb62-1284161692
VT 4/43 (9.3%)

September 11, 2010, 11:39:36 am
Reply #402

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Netherlands - ECATEL-AS
[hosted-by-ecatel.net]
AS29073
Code: [Select]
hxxp://94.102.51.38/sasmate/sas.exemd5sum ===> 7d010f60efa087953dc7827391481cda
http://www.virustotal.com/file-scan/report.html?id=1c32982c2e626f4cb61f74c4b2d09157b93495c54f5ba3a1d4fe2ce9668e4ea1-1284204454
VT 7/42 (16.7%)
related (already listed):
Code: [Select]
hxxp://nfruhskhfts.com/bs/nal.bin

September 11, 2010, 04:18:58 pm
Reply #403

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: France - PROXAD Free SAS
IP 78.235.237.55
[sgn49-1-78-235-237-55.fbx.proxad.net]
AS12322
Registrant/Registrant Email: Tammy Holley/rexona1948@live.com
Registrant/Registrant Email: Sondra Bozard/procesingp@yahoo.com
Code: [Select]
hxxp://eminemm.net/~usa/us/img/init.bin
hxxp://platinumalbumm.com/~usa/us/img/init.bin
md5sum ===> c238be1a7cbceab3262b08fbf928b9a7
Code: [Select]
hxxp://eminemm.net/~usa/us/img/rent_jaba.exe
hxxp://platinumalbumm.com/~usa/us/img/rent_jaba.exe
md5sum ===> a66ffc9159456792cc87f5f7b5fd9d10
http://www.virustotal.com/file-scan/report.html?id=9470a6f789cf7bd4d9e338a391c25268960080b64a4fb152f65d876729627949-1284220915
VT 19/42 (45.2%)
Code: [Select]
hxxp://eminemm.net/~usa/us/img/rent_jaba2.exe
hxxp://platinumalbumm.com/~usa/us/img/rent_jaba2.exe
md5sum ===> c077bbf21959ac104e3898b0505a0ad1
http://www.virustotal.com/file-scan/report.html?id=1a00774fc6798b2145774cc180ed5b7109af6faaedfd9d5747500be39d4ca807-1284220945
VT 19/40 (47.5%)
Code: [Select]
hxxp://eminemm.net/~usa/us/img/rent_jaba3.exe
hxxp://platinumalbumm.com/~usa/us/img/rent_jaba3.exe
md5sum ===> 390f232ccba503b33b89ae0044c07030
http://www.virustotal.com/file-scan/report.html?id=5ceb9c66249f0df60f80625b755862aeec4d1ca077be74f100f834d95afbc5d3-1284220894
VT 5/43 (11.6%)
Code: [Select]
hxxp://eminemm.net/~usa/us/img/2070.exe
hxxp://platinumalbumm.com/~usa/us/img/2070.exe
md5sum ===> 665f2f38ffd51675aead02837bf1275f
http://www.virustotal.com/file-scan/report.html?id=4a58303897fdafea1f030a1bfaaafa325a5f839ec42822a9740dd4f7c217074d-1284220924
VT 13/43 (30.2%)
Code: [Select]
hxxp://eminemm.net/~usa/us/img/2070.jpg
hxxp://platinumalbumm.com/~usa/us/img/2070.jpg
md5sum ===> 25f9e03ae83b9e8783cbd472f261a97d
http://www.virustotal.com/file-scan/report.html?id=da96109628e8c53a975be129eeccc074a47c37bd276e872af43a11c86d7eba51-1284220932
VT 17/43 (39.5%)
Code: [Select]
hxxp://eminemm.net/~usa/us/img/sep_02.exe
hxxp://platinumalbumm.com/~usa/us/img/sep_02.exe
md5sum ===> 952541082fb78db4504706b81abaf1d4
http://www.virustotal.com/file-scan/report.html?id=0a7c7206533fcbaac91c0e6c7f8e912932db598783d367ebb8e534118b2b858a-1284220886
VT 7/42 (16.7%)
Code: [Select]
hxxp://eminemm.net/~usa/us/img/shd093js.jpg
hxxp://platinumalbumm.com/~usa/us/img/shd093js.jpg
md5sum ===> e6d37230df1e94d1c9a0f552d4d8fb1b
http://www.virustotal.com/file-scan/report.html?id=df566662f56d40210f4df59cf87a0a1c54da672dad216d3062b6b578c4541c09-1284220877
VT 8/43 (18.6%)
Code: [Select]
hxxp://eminemm.net/~usa/us/shluz.php
hxxp://platinumalbumm.com/~usa/us/shluz.php

September 11, 2010, 06:24:28 pm
Reply #404

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Netherlands - MTO Telecom inc. Proxy Route Object Gogax - Maintainer for Tenino Telephone
[elixir.healthtopicstoday.com]
AS21793
Code: [Select]
hxxp://76.76.96.188/ps/hu.exemd5sum ===> d1a83126f62b036428aa1bd813443b37
http://www.virustotal.com/file-scan/report.html?id=8af625dea5a638825673a5668a2aa6a00cc79861d66e6c18b3860336e7949e3b-1284228998
VT 7/42 (16.7%)
related (already listed):
Code: [Select]
hxxp://nfruhskhfts.com/bs/lusa.bin