Author Topic: New Zeus server  (Read 379851 times)

0 Members and 2 Guests are viewing this topic.

March 12, 2011, 09:59:16 pm
Reply #615

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  France - IKOULA Net SAS
IP 213.246.42.87
[25156hd42087.ikexpress.com]
AS21409
Name Server: ns1.ipstates.net  ns2.ipstates.net    
Code: [Select]
http://sl0rd.codzs.com/zs/slord1.bin               md5sum ===> 158a443f701bcf580ea0b5ef5ca56b4c
http://sl0rd.codzs.com/zs/slord.exe                md5sum ===> 057c8df21745439e0786309c0a51efbe
http://sl0rd.codzs.com/zs/slord.php?m=login
http://www.virustotal.com/file-scan/report.html?id=bb79049b0ace8077f435c54af057cb3c20e8a15819117b14d91414ed2b786ec7-1299966505
VT 1/42 (2.4%)

March 14, 2011, 09:47:03 am
Reply #616

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  United States - Bluehost Inc.
IP 67.222.57.92
[57-92.hostmonster.com]
AS11798
Name Server: NS1.HOSTMONSTER.COM  NS2.HOSTMONSTER.COM
Registrant/Email Registrant: Hostmonster Inc/support@hostmonster.com
Code: [Select]
http://ufo1.com/1/x.exe         md5sum ===> 625f7d7b9ac0a7e2849051e9c6aa6ff5http://www.virustotal.com/file-scan/report.html?id=0cea8591755385bef9f75f70fc557297097d62c24b9f5c93952ada39e13b6dfc-1300095170
VT 13/39 (33.3%)
Code: [Select]
http://ufo1.com/1/1.exe         md5sum ===> b554b4b7be187d1af7ef964fc34cd196http://www.virustotal.com/file-scan/report.html?id=732523779f97a1ed353a28ccf05be9867be8c25801b9192602c20678ab05c9d8-1300095186
VT 15/43 (34.9%)
related (already listed):
Code: [Select]
http://gohitweb.org/q4.drv
IP Location:  France - IKOULA Net SAS
IP 213.246.38.36
AS21409
Name Server: ns1.cz.cc  ns2.cz.cc     
Code: [Select]
http://interpower1.cz.cc/saimwebs/yguy4565475UYGuyf76789/canon.tif               md5sum ===> 4e9239bfe8677c903dc0697869111b42

March 14, 2011, 06:35:06 pm
Reply #617

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Russian Federation - Info-Media route - HAKVA LLC 2H Akva Group
IP 91.213.29.58
AS51786
Name Server: ns3.cnmsn.com  ns4.cnmsn.com
Registrant/Email Registrant: Robin Beck/Robin.Beck@yahoo.com     
Code: [Select]
http://statistic-www.com:81/bt/upload/syst.bin               md5sum ===> 2707fca6567d1f8a0d86d9c0cedc578b
http://statistic-www.com:81/bt/input.php

IP Location:  Germany - DE-HEC-217-115-128 - HOSTEUROPE-AS
IP 217.115.136.150
[n217-115-136-150.cnet.hosteurope.de]
AS20773
Name Server: ns1.nsnoc.com  ns2.nsnoc.com  ns3.nsnoc.com  ns4.nsnoc.com
Registrant/Email Registrant: Sergej Marshinin/whips@ca4.ru     
Code: [Select]
http://textilprom.com/sshinf/cfg.bin               md5sum ===> fa4570235a3e9967f1269ec93188209e
http://textilprom.com/sshinf/cs/server.php

IP Location:  Romania - Adral Srl
IP 95.64.9.13
AS50244
Name Server: ns1.cs2gameme.com  ns2.cs2gameme.com
Registrant/Email Registrant: Lina Koshkina/mazes@cheapbox.ru     
Code: [Select]
http://cs2gameme.com/update/db1               md5sum ===> 0027be3ff6d8f6329b7c8ad410556493
IP Location:  United States - PNAP-LAX softlayerexempt - SOFTLAYER Technologies Inc
IP 208.101.9.140
[hosting1-us.santrex.net]
AS36351
Name Server: ns4.santrex.net  ns1.santrex.net   
Code: [Select]
http://televisionfree.co.tv/maknyus/cfg.bin               md5sum ===> babce5ce76fdb02ccc8780a6a2e7c11b
http://televisionfree.co.tv/maknyus/bt.exe                md5sum ===> bc4ee6e6d1348a5da94f8af23009eb27
http://televisionfree.co.tv/maknyus/gate.php
http://www.virustotal.com/file-scan/report.html?id=4115287b886040991fb6b7949233f937ac0874d3b575b65f8b90ea0de1924350-1300126936
VT 33/43 (76.7%)

March 14, 2011, 09:36:53 pm
Reply #618

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Poland - Finfin Financial Portal
AS15593
dns2.answerable.com dns1.answerable.com
Code: [Select]
http://195.246.200.72/news/?s=67948              md5sum ===> 46e8fec3376302da609fef2b1f49218b
http://jsojonhjvhvtus.com/news/?s=67948          md5sum ===> 46e8fec3376302da609fef2b1f49218b
http://jtievgonpznzpbpp.com/news/?s=67948        md5sum ===> 46e8fec3376302da609fef2b1f49218b
http://195.246.200.72/news/?s=6225               md5sum ===> ef5682d4dff41a2baa059782e3c01268
http://jsojonhjvhvtus.com/news/?s=6225           md5sum ===> ef5682d4dff41a2baa059782e3c01268
http://jtievgonpznzpbpp.com/news/?s=6225         md5sum ===> ef5682d4dff41a2baa059782e3c01268

March 22, 2011, 06:36:45 pm
Reply #619

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Romania - RDSNET RCS & RDS S.A.
AS8708
Name Server: ns1.domainservice.com  ns2.domainservice.com  ns3.domainservice.com   ns4.domainservice.com
Code: [Select]
http://193.16.213.14/news/?s=6225              md5sum ===> 8c8d2aa12f1f6b54a0b8dc0804fdeea6
http://jkqlzsftofoiivx.com/news/?s=6225        md5sum ===> 8c8d2aa12f1f6b54a0b8dc0804fdeea6
http://ounvdlgyvrsksnkl.com/news/?s=6225       md5sum ===> 8c8d2aa12f1f6b54a0b8dc0804fdeea6
http://193.16.213.14/news/?s=194832                        md5sum ===> 66f6e7ae8027c924c91645fcc944a870
http://jkqlzsftofoiivx.com/news/?s=194832                  md5sum ===> 66f6e7ae8027c924c91645fcc944a870
http://ounvdlgyvrsksnkl.com/news/?s=194832                 md5sum ===> 66f6e7ae8027c924c91645fcc944a870

IP Location:  Poland - UPC Broadban
IP 89.72.20.71
[89-72-20-71.dynamic.chello.pl]
AS6830
Name Server: ns1.creaps.net  ns2.creaps.net
Registrant/Email Registrant: Ciarra Mitchell/admin@creaps.net
Code: [Select]
http://creaps.net/204403ed269d3fc61efdabffcb54e271               md5sum ===> e6a3966013fd0214c24402c7065e886e
http://creaps.net/3fc6169dcbff7efdabd2103e54e2.php

IP Location:  Germany - ASGHOSTNET +-+ | GHOSTnet AS
IP 94.249.139.6
[box9.host1free.com]
AS12586
Name Server: ns1.host1free.com  ns2.host1free.com   
Code: [Select]
http://pizdec.sx33.net/UPCHK2.bin               md5sum ===> 526f1564ce359ca500c09fb825b88940
http://pizdec.sx33.net/cat2.exe                 md5sum ===> d522f8d53fbc99e31591118769b5cc9e
http://sukiblyadi.name:8888/update.php
http://www.virustotal.com/file-scan/report.html?id=1a9654c43d9dcac0efa819bf9d2210dd802439769d13f367ccce7865d2d3e7b0-1300816978
VT 21/43 (48.8%)

IP Location:  Russian Federation - WEBALTA-AS OAO Webalta
IP 92.241.168.14
[2x4u159.2x4.ru]
AS41947
Name Server: ns1.freshcomp.ir  ns2.freshcomp.ir
Registrant/Email Registrant: Amir Ahmadi/jamcnutt111@hotmail.com   
Code: [Select]
http://freshcomp.ir/set/config.bin               md5sum ===> a2cc80189c3ce83ca41bf4f6efd27fea
http://freshcomp.ir/set/gate.php

IP Location:  Romania - Enter-Net-Team-AS
IP 94.63.243.21
AS38913
Name Server: ns1.voiceiancef.com  ns2.voiceiancef.com
Registrant/Email Registrant: Vladimir Dudnik/heave@ca4.ru   
Code: [Select]
http://voiceiancef.com/auu/auv.mu               md5sum ===> 5f845857560252ac8bc8f332c8f66db7

March 24, 2011, 01:02:16 pm
Reply #620

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Russian Federation - HAKVA LLC 2H Akva Group
IP 91.213.29.70
AS51786
Name Server: ns3.cnmsn.com  ns4.cnmsn.com
Registrant/Email Registrant: Whois Privacy Protection Service/gycjyyqtgz@whoisservices.cn   
Code: [Select]
http://changemoneyhyper.net:81/main/up/syst.bin               md5sum ===> 67050963de6b557ea8360791dbf5e5d5
http://changemoneyhyper.net:81/main/css.php

IP Location:  Poland - IP-EXCHANGE IP
IP 62.146.68.203
[0004.srv.az.pl]
AS15598
Name Server: ns10.az.pl  ns11.az.pl
Registrant/Email Registrant: Contato Administrativo - UOL/l-registrobr-uol@corp.uol.com.br                       
Code: [Select]
http://sowr.eu/grafika/zbiorka1012/cache.dat                    md5sum ===> 1321451f0fcae5abbc0410c20bfca445http://www.virustotal.com/file-scan/report.html?id=a6cb1d5fae1ba5ad06152df0bcc8f5220eaa91571556fd1f210af1c0026d1d20-1300971071
VT 28/41 (68.3%)
related (already listed):
Code: [Select]
http://croall-bryson.co.uk/scripts/cache.zip
IP Location:  Malaysia - GIGABIT-MY THEGIGABIT.com
IP 223.25.242.170
AS55720
Name Server: ns1.balabasglobalhelper.net  ns2.balabasglobalhelper.net
Registrant/Email Registrant: Kimberly Hollingsworth/jhn.vns92@gmail.com                         
Code: [Select]
http://balabasglobalhelper.net/confetka.bin                 md5sum ===> 10412ad35408aa647ce25482afbdc099
http://balabasglobalhelper.net/agreement.exe                md5sum ===> 9fdf7bfcf9223cfac7e9be5a88ff62b4
http://balabasglobalhelper.net/gate.php
http://www.virustotal.com/file-scan/report.html?id=52e8c2b6ca7aa5504c7ab52237b3c2ff6903054245ce6fff02c84947e196739c-1300970961
VT 32/41 (78.0%)

IP Location:  United States - Yahoo-RE1 Yahoo RE1 datacenter
IP 216.39.62.189
[p4p1.geo.re4.yahoo.com]
AS14779
Name Server: yns1.yahoo.com  yns2.yahoo.com
Registrant/Email Registrant: Lotfi Kaabi/kairouany@yahoo.com                         
Code: [Select]
http://pax08.com/galleries/images/sd.bin                 md5sum ===> 41b3d25e49a27c86630f64450e46e874
http://195.182.57.149:8081/stat/gset.php

March 24, 2011, 03:58:40 pm
Reply #621

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Romania - NextGen Communications SRL
IP 94.52.153.22
[94-52-153-22.next-gen.ro]
AS35002
Name Server: ns1.sorry.kz  ns2.sorry.kz
Registrant/Email Registrant: Vartanyan Nikolai Vasilevich/nikolai.vartanyan@mail.ru                         
Code: [Select]
http://sorry.kz/stats/adobe.xml                 md5sum ===> 52ea7fcf03be9a5b80f3c4fb5e09582a
http://sorry.kz/stats/adobe.exe                 md5sum ===> 9abe2243e3b6290a0f85c962fc0371c1
http://sorry.kz/stats/gate.php
http://www.virustotal.com/file-scan/report.html?id=45d3033bd3a9f57b9d174bfa93b47ef917ca37e2bff8a1131f196fae4200d308-1300981668
VT 0/41 (0.0%)

March 26, 2011, 01:02:33 pm
Reply #622

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Colombia - ERT - Cali Empresa De Recursos Tecnologicos S.a E.s.p
IP 190.97.204.66
[190-97-204-66.ert.com.co]
AS27845
IP Location:  United States - ISOMEDIA-1 Isomedia Inc.
IP 207.115.69.153
[mobile.universalmac.com]
AS18530
Name Server: ns1.bugi-stone.com  ns1.gurusuloads.com
Registrant/Email Registrant: Roman E Potemkin/glove@ppmail.ru                         
Code: [Select]
http://casualhopperois.com/czl/zlo.cl                 md5sum ===> cbd222a6b652632be3b7b1c2910fa8f1
http://adventurewaspos.com/zlc/fdfre.php

IP Location:  United States - IINET-2044 Infinity Internet, Inc
IP 66.11.236.28
[66-11-236-28.managemyvps.com]
AS2044
Name Server: NS1.DOMAIN.COM  NS2.DOMAIN.COM  NS3.DOMAIN.COM
Registrant/Email Registrant: COMMONFILER.NET/krwnMo@PRIVACYPOST.COM                         
Code: [Select]
http://commonfiler.net/pic/lolo.bin                 md5sum ===> 91aa51565d1b51a2811c31c907ead504
IP Location:  Belgium - Level 27 BVBA - FIRSTSERVED-BACKBONE FirstServed N.V. / S.A
IP 193.104.8.33
[ns1.zaboe.be]
AS44806
Name Server: ns1.zaboe.be  ns2.zaboe.be                 
Code: [Select]
http://chaupiques.nl/host.zip                 md5sum ===> d9f69fdd0b6fb52d6545fa09d0f320c5
IP Location:  United States - THEPLANET-AS2
IP 174.122.241.82
[server01.hpserverdns.com]
AS21844
Name Server: ns1.hpserverdns.com  ns2.hpserverdns.com
Registrant/Email Registrant: DIANA KAROL PUICON FIESTAS/distorzzion@gmail.com                 
Code: [Select]
http://www.distorzzion.com/img.gif?                    md5sum ===> 978dc3f0c6db5aa2d4ad24e02008989ahttp://www.virustotal.com/file-scan/report.html?id=9f3500f35ef41e052c29d3665086952e0fc5c7efc0daa64f8c5271a9e353b6d7-1301140858
VT 5/43 (11.6%)

IP Location:  United States - NextGen Communications SRL
IP 67.222.57.92
[57-92.hostmonster.com]
AS11798
Name Server: NS1.HOSTMONSTER.COM  NS2.HOSTMONSTER.COM
Registrant/Email Registrant: Hostmonster Inc/support@hostmonster.com                         
Code: [Select]
http://ufo1.com/q4.drv                 md5sum ===> a2b3940d6a1acf85f5f585b7f75edc82
IP Location:  Italy - ARUBA-ASN
IP 62.149.128.163
[mxd2.aruba.it]
AS31034
Name Server: dns.technorail.com  dns2.technorail.com
Registrant: Fabio Picciau                         
Code: [Select]
http://www.advsales.it/q4.drv                 md5sum ===> c17cc4f4c92a1e2a213bafb4973b3885
IP Location:  Romania - Cobalt It S.r.l
IP 94.63.144.67
AS48020
Name Server: ns1.freemoonz.com  ns2.freemoonz.com
Registrant/Email Registrant: Daniel Fozard/fasyvufinedo@yahoo.com                         
Code: [Select]
http://freemoonz.com/bghtr22/dmt001.bin                 md5sum ===> 4bffc348f06ffec187db98fa9ccf588b
IP Location:  Lithuania - SPLIUS-AS SPLIUS, UAB
IP 77.79.4.179
[hst-4-179.duomenucentras.lt]
AS25406
Name Server: ns1.nameself.com  ns2.nameself.com
Registrant/Email Registrant: Rosario Delucci/info@cesanatuna-plastics.com                         
Code: [Select]
http://articproholdings.com/config.bin                 md5sum ===> 3bd796e98124b3e470d637a511fe2079
http://articproholdings.com/gate.php

IP Location:  Ukraine - INCA-AS
[pid7777.ru]
AS29182                   
Code: [Select]
http://188.120.226.127/kr/src.php                 md5sum ===> daff6240e14e3686ddceec4fabadefaf
IP Location:  Ukraine - INCA-AS
IP 193.105.121.36
AS16109
Name Server: free01.editdns.net  free02.editdns.net
Registrant/Email Registrant: Tomas Lokinston/info@9vana9799ddf9ner.com                         
Code: [Select]
http://9vana9799ddf9ner.com/d98gr/nri6ss.bin                 md5sum ===> d85d175b6708db9bcc38d27807f9afca
http://9vana9799ddf9ner.com/d98gr/Nero.php

IP Location:  Romania - Buzau Sc Global Online Data Srl
IP 94.63.243.14
AS49469
Name Server: ns1.tinybuilderopl.com  ns2.tinybuilderopl.com
Registrant/Email Registrant: Igor Darenko/relax@cheapbox.ru                         
Code: [Select]
http://tinybuilderopl.com/ger/ber.ln                 md5sum ===> db1a8d8d5687932577a073f522c99cf4
http://tinybuilderopl.com/ger/dea.exe                    md5sum ===> 336057de978d6a0b2ff14e73a5a13240
http://www.virustotal.com/file-scan/report.html?id=fd8272000ed58069b831a867ffbf261a83b2904172c72a3819fb670163036118-1301143571
VT 15/42 (35.7%)

March 28, 2011, 08:53:34 pm
Reply #623

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Romania - RDSNET RCS & RDS S.A
AS8708
dns2.answerable.com dns1.answerable.com
Code: [Select]
http://193.16.213.138/news/?s=78738  md5sum ===> 56c8ffa086bc34206c0803cc7a777289
http://mrmqyhhjmvlwwi.info/news/?s=78738  md5sum ===> 56c8ffa086bc34206c0803cc7a777289
http://owyygyjxuqmmrny.com/news/?s=78738  md5sum ===> 56c8ffa086bc34206c0803cc7a777289
http://193.16.213.138/news/?s=6225  md5sum ===> e12f07a2ee9782b9486b9c6f09dce574
http://mrmqyhhjmvlwwi.info/news/?s=6225  md5sum ===> e12f07a2ee9782b9486b9c6f09dce574
http://owyygyjxuqmmrny.com/news/?s=6225  md5sum ===> e12f07a2ee9782b9486b9c6f09dce574

IP Location: Romania - RDSNET RCS & RDS S.A
AS8708
Code: [Select]
http://193.16.213.72/news/?s=167318  md5sum ===> 015717870721d1405286e5d910e9c30e
http://qkimsnplkomdvmrn.com/news/?s=167318  md5sum ===> 015717870721d1405286e5d910e9c30e
http://ifczlmkjocnrkrvx.org/news/?s=167318  md5sum ===> 015717870721d1405286e5d910e9c30e
http://193.16.213.72/news/?s=6225  md5sum ===> ef5682d4dff41a2baa059782e3c01268
http://qkimsnplkomdvmrn.com/news/?s=6225  md5sum ===> ef5682d4dff41a2baa059782e3c01268
http://ifczlmkjocnrkrvx.org/news/?s=6225  md5sum ===> ef5682d4dff41a2baa059782e3c01268

IP Location:  China - CHINA-TELECOM
IP 122.224.4.110
AS4134                     
Code: [Select]
http://hatememan.com:81/xcfg.cfg                 md5sum ===> 7b37fe4770db938fe2e6b98c1b2f023f
http://hatememan.com:81/redir1.php                    md5sum ===> 336057de978d6a0b2ff14e73a5a13240

IP Location:  Romania - Nova Telecom Grup SRL
IP 86.55.140.208
AS49469
Name Server: NS29.WORLDNIC.COM  NS30.WORLDNIC.COM
Registrant/Email Registrant: Sidi, Bok/worldchenell@ymail.com                         
Code: [Select]
http://etraveldesigners.net/favicon.ico                 md5sum ===> e318b3981f048a3b26fc08a6916b4f54
http://etraveldesigners.net/setupupd.exe                    md5sum ===> 39a7aa846b96b6e33ae53bc096b6e4e8
http://etraveldesigners.net/vb9.php
http://www.virustotal.com/file-scan/report.html?id=16a29d47b0c66f42278c141b9547b0761d85e91f30f7e54ff775b46756cd52c1-1301344623
VT 6/43 (14.0%)

March 30, 2011, 07:00:32 pm
Reply #624

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Azerbaijan - ADaNet-AS 
IP 109.127.8.242
[host-242-8-127-109.azdata.net]
AS15621
Name Server: ns7.01isp.com  ns8.01isp.com
Registrant/Email Registrant: Innovace/admin@testingforinnovation2221999.com.tw                         
Code: [Select]
http://testingforinnovation2221999.com.tw/2x/b2/cfg_tes2.bin                 md5sum ===> 4cbefc64bc12520704047a475292db86
http://testingforinnovation2221999.com.tw/2x/e.php

IP Location:  United States - SINGLEHOP , Inc
IP 69.175.120.122
[starka.x10hosting.com]
AS15621
Name Server: ns1.x10hosting.com  ns2.x10hosting.com
Code: [Select]
http://dfgdhdhgfhdfh.x10.mx/config.bin                 md5sum ===> 8c63e775309e8db0baf9286d033e7460
http://dfgdhdhgfhdfh.x10.mx/bot.exe                    md5sum ===> bcc022b08c8bb01e608caadeaff34da5
http://dfgdhdhgfhdfh.x10.mx/gate.php
http://www.virustotal.com/file-scan/report.html?id=7d4f59466b67450d6189d97f20612285d5a38e6064a2012a8789da3a82d60e19-1301506705
VT 30/41 (73.2%)

March 31, 2011, 08:18:23 am
Reply #625

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Latvia -APOLLO-AS LATTELEKOM-APOLLO
IP 193.105.240.26
AS12578
Name Server: ns2.data-centr.lv  ns1.data-centr.lv
Registrant/Email Registrant: bestvideoworld/contact@myprivateregistration.com                         
Code: [Select]
http://bestvideoworld.com/fara/config.bin                 md5sum ===> cfba0c8576eabccc2f95cc050622db9d
http://bestvideoworld.com/fara/bot.exe                    md5sum ===> b3ca346c49e159ab7fa55c6f5cbc20e8
http://bestvideoworld.com/fara/download.php
http://www.virustotal.com/file-scan/report.html?id=494f26eec3605ce82c481d8409b594196f2f5db9e04299cf438d7b6ced9f448f-1301559012
VT 5/43 (11.6%)

IP Location:  New Zealand -PACNET (proxy-registered route object) - ISERVE-NZ-AS-AP
IP 202.191.34.83
[dns1.primer.net.nz]
AS18352
Name Server: dns1.primer.net.nz  dns2.primer.net.nz
Code: [Select]
http://kiwiwebhost.primer.net.nz/~dylanw/zchina/cfg.bin                 md5sum ===> 3d6c0238b3d191c9cf552ed6a8a530cd
http://kiwiwebhost.primer.net.nz/~dylanw/zchina/bt.exe                  md5sum ===> e882ef137c9c929b34411532caad804b
http://kiwiwebhost.primer.net.nz/~dylanw/zchina/gate.php
http://www.virustotal.com/file-scan/report.html?id=1d4e66dd782ef2dd00377384dee55ac614e4153acf9aa3ca381289b4dd0f1057-1301558705
VT 32/41 (78.0%)

March 31, 2011, 11:41:12 am
Reply #626

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Romania - RDSNET RCS & RDS S.A
AS8708
Code: [Select]
http://193.16.213.73/news/?s=120164        md5sum ===> a72436add2286aa3798a7436dc67c530
http://knpkoxoyttgnupv.net/news/?s=120164  md5sum ===> a72436add2286aa3798a7436dc67c530
http://nqpwnxhrstkhqhvt.biz/news/?s=120164  md5sum ===> a72436add2286aa3798a7436dc67c530
http://pfzlzkmukrsdql.info/news/?s=120164  md5sum ===> a72436add2286aa3798a7436dc67c530
http://sbxtviirgfgokss.info/news/?s=120164  md5sum ===> a72436add2286aa3798a7436dc67c530
http://193.16.213.73/news/?s=6225  md5sum ===> 8998230de4da263fdec7d5c942b9034d
http://knpkoxoyttgnupv.net/news/?s=6225  md5sum ===> 8998230de4da263fdec7d5c942b9034d
http://nqpwnxhrstkhqhvt.biz/news/?s=6225  md5sum ===> 8998230de4da263fdec7d5c942b9034d
http://pfzlzkmukrsdql.info/news/?s=6225  md5sum ===> 8998230de4da263fdec7d5c942b9034d
http://pfzlzkmukrsdql.info/news/?s=6225  md5sum ===> 8998230de4da263fdec7d5c942b9034d

April 01, 2011, 08:35:55 am
Reply #627

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  United States - PAH-INC Go Daddy Software, Inc.
IP 97.74.144.192
[p3nlh182.shr.prod.phx3.secureserver.net]
AS26496
Name Server: NS55.DOMAINCONTROL.COM  NS56.DOMAINCONTROL.COM
Registrant/Email Registrant: IP Masik/info@hobbystar.biz
Code: [Select]
http://hobbystar.biz/cache/invoice1.exe                    md5sum ===> d1e7f1bfd7bddcbbd657b0129fd01a21http://www.virustotal.com/file-scan/report.html?id=1a1883ad5ac161878d62d6e998dd512980f35654a738fa16e98d6c7e47e1c693-1301645742
VT 29/41 (70.7%)

IP Location:  Ukraine - net-0x2a-as Private Entrepreneur Zharkov Mukola Mukolayovuch Datacentre "0x2a"
IP 91.211.117.38
AS48587
Name Server: NS1.AFRAID.ORG  NS2.AFRAID.ORG  NS3.AFRAID.ORG  NS4.AFRAID.ORG
Registrant/Email Registrant: Buldur florin/pacofuente@live.com                         
Code: [Select]
http://mobsters.in/disk/config.bin                 md5sum ===> f38c0bc658701760588443f6f4acc530
http://mobsters.in/disk/g.php

IP Location:  Russian Federation - WEBALTA-AS OAO Webalta
IP 92.241.168.14
[2x4u159.2x4.ru]
AS41947
Name Server: dns1.insane.ir  dns2.insane.ir
Registrant/Email Registrant: Amir Ahmadi/jamcnutt111@hotmail.com                         
Code: [Select]
http://insane.ir/sin/config.bin                 md5sum ===> 3456363ddc56fde2eefa22144d609835
http://insane.ir/sin/gate.php

April 03, 2011, 10:20:58 am
Reply #628

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Russian Federation - WEBALTA-AS OAO Webalta
IP 92.241.164.196
[vps2206_debian.2x4.ru]
AS41947
Name Server: ns3.gossimer.com  ns4.gossimer.com  ns1.gossimer.com   ns2.gossimer.com              
Code: [Select]
http://img505.imgeshacks.in/images/config.bin               md5sum ===> a355444004cd240c315fbe62252fa6b0
http://img505.imgeshacks.in/images/1.exe                    md5sum ===> b6101d959bb51fa641d040030e4a9252
http://img505.imgeshacks.in/images/g.php
http://www.virustotal.com/file-scan/report.html?id=e0755b446878b1d22cf65c3999be5e6266502573158a21a87b11a301891d6ce4-1301825619
VT 19/40 (47.5%)

IP Location:  United States - NJIIX-1 NJIIX.net
IP 66.23.236.160
A19318
Name Server: DNS1.NAME-SERVICES.COM  DNS2.NAME-SERVICES.COM  DNS2.NAME-SERVICES.COM  DNS4.NAME-SERVICES.COM  DNS5.NAME-SERVICES.COM
Registrant/Email Registrant: Ron  Sznol/accounts@hostingsource.com                          
Code: [Select]
http://grossvoipinc.org/~google/config.bin                 md5sum ===> 1db4b73cd12351213c9b154eda877087
http://grossvoipinc.org/~google/gate.php

IP Location:  Germany - LAMBDANET-AS
IP 83.133.126.92
[s.adiba.ru]
AS13237
Name Server: ns1.adiba.ru  ns2.adiba.ru                          
Code: [Select]
http://aderas.ce.ms/vert/config.bin                 md5sum ===> b7670ffe2a9d2320998bf2a5e7edba30
http://aderas.ce.ms/vert/gate.php

IP Location:  Lithuania - SPLIUS-AS SPLIUS, UAB
IP 77.79.4.159
[hst-4-159.duomenucentras.lt]
AS25406
Name Server: ns12.zoneedit.com  ns16.zoneedit.com  ns4.zoneedit.com  ns5.zoneedit.com
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org                          
Code: [Select]
http://businessfirstcanamericana.com/config.bin                 md5sum ===> 5f84f4c554865aab823a51ff64a6c84a
http://businessfirstcanamericana.com/gate.php


IP Location:  Germany - ARTFILES-AS
IP 212.48.127.201
AS8893
Name Server: nf1.no-ip.com  nf2.no-ip.com   nf3.no-ip.com                  
Code: [Select]
http://virus666.no-ip.biz/config.bin                 md5sum ===> 93a482cbaa2ce82578d3a9370594b842
http://virus666.no-ip.biz/gate.php

April 24, 2011, 06:53:36 pm
Reply #629

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Romania - ALEXANDRU-NET-TM-AS
IP 94.63.149.56
AS42741
Name Server: ns1.ns-services.net  ns2.ns-services.net  ns3.ns-services.net  ns4.ns-services.net   
Code: [Select]
http://thescarts.name/triod/imagets.jeg           md5sum ===> f854431b2ab86fa0efa7221744b8c421             
http://foresttest218999fhjslk.com.tw/2x/e.php

IP Location:  Malaysia - PIRADIUS-AS
IP 124.217.254.25
AS45839
Name Server: websystems.earth.orderbox-dns.com  websystems.mars.orderbox-dns.com  websystems.mercury.orderbox-dns.com  websystems.venus.orderbox-dns.com
Registrant/Email Registrant: Jack Russell/chemberline@gmail.com     
Code: [Select]
http://bbccgroup.com/zs/config.bin           md5sum ===> 100b27fc178bf98b696941b286c17bc0             
http://bbccgroup.com/zs/bot.exe                   md5sum ===> 0ffdc55a02f54f9f91748a78661cee95
http://bbccgroup.com/zs/gate.php
http://www.virustotal.com/file-scan/report.html?id=e0755b446878b1d22cf65c3999be5e6266502573158a21a87b11a301891d6ce4-1301825619
VT 19/40 (47.5%)

IP Location:  Germany - Surfplanet GmbH PA-Block - SURFPLANET-AS
IP 81.20.129.46
AS33984
Name Server: ns.inwx.de  ns2.inwx.de  ns3.inwx.de
Registrant/Email Registrant: Hostmaster Of The Day/hostmaster@inwx.de         
Code: [Select]
http://schneider-daaden.de/picture/config.bin           md5sum ===> eb56267bbe8228bc8fa0d64ef100e08d             
http://schneider-daaden.de/picture/gate.php

IP Location:  Ukraine - net-0x2a-as Private Entrepreneur Zharkov Mukola Mukolayovuch Datacentre "0x2a"
IP 91.211.117.40
AS48587
Name Server: 1st.registerdomain.name  2st.registerdomain.name  3st.registerdomain.name  4st.registerdomain.name
Registrant/Email Registrant: Abdul/g4hosting@safe-mail.net     
Code: [Select]
http://pachost.net.in/images/config.bin           md5sum ===> 1e3f82f7d159231b9aa0334e70d787bd             
http://pachost.net.in/images/gate.php

IP Location:  Germany - HETZNER-AS
[static.85-10-198-124.clients.your-server.de]
AS24940
Name Server: ns.co.cc  ns4.co.cc  ns1.co.cc ns2.co.cc  ns5.co.cc  ns6.co.cc       
Code: [Select]
http://85.10.198.124/tmp/config.bin           md5sum ===> b51ec6c830f38e04f492061766a72d0c             
http://85.10.198.124/gate.php

IP Location:  Russian Federation - WEBALTA-AS
IP 92.241.168.57
[2x4host6-18.2x4.ru]
AS41947
Name Server: ns1.faint.ir  ns.faint.ir
Registrant/Email Registrant: Amir Ahmadi/jamcnutt111@hotmail.com     
Code: [Select]
http://faint.ir/not/brabus.bin           md5sum ===> 0ba8f7ecc3194757eeb11ba2792b73ae             
http://faint.ir/not/glue.php

IP Location:  Netherlands - LeaseWeb AS
IP 85.17.92.129
AS16265
Name Server: ns.co.cc  ns4.co.cc  ns1.co.cc ns2.co.cc  ns5.co.cc  ns6.co.cc       
Code: [Select]
http://supaworker.co.cc/ext/profi.bin           md5sum ===> 558f96642500497114614e9905724e52             
http://supaworker.co.cc/ext/red.php

IP Location:  Romania - Enter-Net-Team-AS
IP 86.55.96.151
[96.151.phpproxy.ro]
AS38913
Name Server: ns1.advertholding.com  ns2.advertholding.com
Registrant/Email Registrant: Lina Koshkina/slot@bz3.ru     
Code: [Select]
http://advertholding.com/ndsklds3/32qw/cgwe3.bin           md5sum ===> d8337ab6468344436eb6e5a9a909eaf1

IP Location:  Azerbaijan - ADANET-AS Azerbaijan Data Network
IP 109.127.8.242
[host-242-8-127-109.azdata.net]
AS15621
Name Server: ns1.dns-diy.net  ns2.dns-diy.net
Registrant/Email Registrant: Zizu Lilu/admin@foresttest218999fhjslk.com.tw         
Code: [Select]
http://foresttest218999fhjslk.com.tw/2x/b2/cfg_tes2.bin           md5sum ===> 5b2840f6807e1ff979cdad168302698d             
http://foresttest218999fhjslk.com.tw/2x/e.php

related zeusbotnet malware:
IP Location:  Ukraine - NETSAT Rudenko privately owned enterpirse Shostka
IP 193.228.148.34
AS43445
Name Server: ns1.reg.ru  ns2.reg.ru
Registrant/Email Registrant: Aleksandr B Hvalovskii/hvalovsky@yandex.ru     
Code: [Select]
http://mslivemicro.ru/flash/update/index.php