Author Topic: New Zeus server  (Read 379854 times)

0 Members and 1 Guest are viewing this topic.

February 11, 2011, 01:26:25 pm
Reply #585

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP  Location: Bosnia and Herzegovina - BA-GLOBALNET-AS
IP  77.77.193.21
AS42560
ns.xinnet.cn
ns.xinnetdns.com
Registrant/Email Registrant: zhang hai/gfhfghfg@126.com
Code: [Select]
hxxp://officeupdates0.com/_upd/updzcmd5sum ===> fd13735e8c627fdbe91b84cbc6958533
Code: [Select]
hxxp://officeupdates0.com/_upd/updzc.exemd5sum ===> f0d40ba4fe0a42f3b87e4352ed47fdf2
http://www.virustotal.com/file-scan/report.html?id=8f40f04ddb4c5e54b64b6f862bcf2b5d0511d1fbe1e28537b9f4629dc8e6afdb-1297430059
VT 26/43 (60.5%)

IP  Location: Ukraine - AGGREGATE BLOCK FOR UKRTELECOM DATA CENTER - UKRTELNET JSC UKRTELECOM
IP  195.64.185.123
[vps-618.ukraine.com.ua]
AS6849
ns3.co.cc
ns.co.cc
Code: [Select]
hxxp://entandy.co.cc/yappaskdkasd.binmd5sum ===> 3f0e81f8e5030673e5228681ca80ac9e
Code: [Select]
hxxp://entandy.co.cc/trA212alalalsjqIiqjaks.php
IP  Location: Germany - netdirect Frankfurt, DE - NETDIRECT AS
IP  89.149.223.250
[89-149-223-250.local]
AS28753
ns1.googletrackgeo.com
ns2.googletrackgeo.com
Registrant/Email Registrant: Linda Sanlin/lindasanlin@hotmailbox.com
Code: [Select]
hxxp://googletrackgeo.com/src/img1/stats.binmd5sum ===> a049b2f7321340a98b7c65e10d377298
Code: [Select]
hxxp://googletrackgeo.com/src/img1/legom.php

February 11, 2011, 08:04:54 pm
Reply #586

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP  Location: Russian Federation - Wahome - WEBALTA-AS
IP  77.91.227.245
AS41947
auth02.ns.uu.net
a.nic.ir
Registrant/Email Registrant: Amir Ahmadi/jamcnutt111@hotmail.com
Code: [Select]
hxxp://e-exchanger.ir/nem/de.binmd5sum ===> 9061da1b5dda89a54afd72e4752b0095
Code: [Select]
hxxp://e-exchanger.ir/nem/game.php
IP  Location: Taiwan -Taiwan Fixed Network - TFN-NET
IP  60.199.114.85
AS9924
ns1.dns-diy.net
ns2.dns-diy.net
Registrant/Email Registrant: Vlad Kissmet/admin@seololo.com
Code: [Select]
hxxp://vizanie3d.com/c.binmd5sum ===> 33eb6af93abcba8dc4abcb94371577d5
Code: [Select]
hxxp://seololo.com/alt/frami.php
IP  Location: United States - THEPLANET-AS2
IP  174.120.104.251
[fb.68.78ae.static.theplanet.com]
AS21844
NS1940.HOSTGATOR.COM
NS1939.HOSTGATOR.COM
Registrant/Email Registrant: Rick Black Photography/rick@rickblackphoto.com
Code: [Select]
hxxp://rickblackphoto.com/images/bg1.jpgmd5sum ===> 3f13221ef9cfcdf8332ee315258d1300

February 12, 2011, 09:22:11 am
Reply #587

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP  Location: Panama - COLUMBUS NETWORKS TRANSIT CUSTOMERS - NEWWORLDNETWORK
IP  190.123.46.149
AS23520
NAME1.ICIQ.BIZ
NAME2.ICIQ.BIZ
Registrant/Email Registrant: nilesh kalathia/nilesh@ersafunds.com
Code: [Select]
hxxp://oiewjpos.com/dnasssd.binmd5sum ===> 4eba80646814c12ca418d3f7f924037c
Code: [Select]
hxxp://oiewjpos.com/intravaca.php
IP  Location: Russian Federation - Info-Media route - COMCORNET-AS
AS51247
Code: [Select]
hxxp://91.213.29.42/~samui/jhgth/fgdsfdty/hhaas/gadea.somd5sum ===> c789ab1d1d3e4a56a70272e50c80d4d9

February 13, 2011, 07:42:48 pm
Reply #588

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP  Location: Ukraine - FIN-ACTIVE-NET route - FINACTIVE-AS
IP  193.186.9.76
AS44209
ns1.dns-diy.net
ns2.dns-diy.net
Registrant/Email Registrant: Inos Vitos/admin@grb1501.com
Code: [Select]
hxxp://grb1501.com/grb.swfmd5sum ===> e2adec1f5c39f6c8a06953aa1649553d

IP  Location: Russian Federation - Wahome IP's - WEBALTA-AS
IP  92.241.162.220
AS41947
ns1.3hosting4u.ir
ns4.3hosting4u.ir
Registrant/Email Registrant: Amir Ahmadi/jamcnutt111@hotmail.com
Code: [Select]
hxxp://www.3hosting4u.ir/kont/call.binmd5sum ===> bb713abe97b0d8134a21ad6f97eb2a52

February 14, 2011, 06:54:38 pm
Reply #589

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP  Location: Romania - GLOBAL-ONLINE-DATA
IP  94.63.243.15
AS49469
ns1.adventureiz.com
ns2.adventureiz.com
Registrant/Email Registrant: Vitalij Filipov/og@ppmail.ru
Code: [Select]
hxxp://adventureiz.com/auk/sid.nemd5sum ===> 46b1d981a4f3678d5ca2f662ef1cf7e6
Code: [Select]
hxxp://adventureiz.com/auk/aug.exemd5sum ===> 92ab0a095f74051ca17e649c60afb296
http://www.virustotal.com/file-scan/report.html?id=e4e81fbdca5955a4ff849a2afb63606543fcc1b7bc05beeac05cd05ae28a85ba-1297708937
VT 25/42 (59.5%)

IP  Location: Panama - COLUMBUS NETWORKS TRANSIT CUSTOMERS - Private Layer Inc
IP  190.211.252.135
AS52288
ns3.cnmsn.com
ns4.cnmsn.com
Registrant/Email Registrant: Whois Privacy Protection Service/fnzjiwjkgm@whoisservices.cn
Code: [Select]
hxxp://freephoenixbirdspace.com/vip/vip.binmd5sum ===> 87aa32dfd2c8a5a751482b2bb858ef2b
Code: [Select]
hxxp://freephoenixbirdspace.com/vip/vip.exemd5sum ===> cca73cd60c27fe5684895b629b0d66a3
https://www.virustotal.com/file-scan/report.html?id=824b5fcc7a9fa25353d90d8d9c3ef316c36b60fabe45a59470c3935e73d0071f-1297709021
VT 2/43 (4.7%)
Code: [Select]
hxxp://freephoenixbirdspace.com/vip/vip.php

February 15, 2011, 11:47:43 am
Reply #590

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP  Location: United States - RoadRunner RR-RC-Wholesale Internet
IP  208.89.210.118
AS32097
ns1.carterhammer.net
ns2.carterhammer.net
Registrant/Email Registrant: Roman Blats/waved@ca4.ru
Code: [Select]
hxxp://schastlivieiveselierebyta0003.com/xed/config.binmd5sum ===> be93300e2ff1d891f79e94d76f96482b
Code: [Select]
hxxp://schastlivieiveselierebyta0003.com/xed/yourbot.exemd5sum ===> 89f60c3956c75223a55f3630356f73b7
http://www.virustotal.com/file-scan/report.html?id=e4e81fbdca5955a4ff849a2afb63606543fcc1b7bc05beeac05cd05ae28a85ba-1297708937
VT 1/43 (2.3%)
Code: [Select]
hxxp://schastlivieiveselierebyta0003.com/xed/gate.php

February 16, 2011, 09:44:36 am
Reply #591

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP  Location: China - CHINATELECOM-HLJ-AS-AP
IP  219.147.255.39
AS17897
ns1.jobrecruitingstrategy.com
ns2.jobrecruitingstrategy.com
Registrant/Email Registrant: Waneta Herman/stemcell@email.com
Code: [Select]
hxxp://baciq.net/biggone.binmd5sum ===> 697435a6e8f1428f21b5ed3d2d52eeb9

IP  Location: Brazil - Brasil Telecom Network
IP  189.75.118.154
[189-75-118-154.bsace1010.ipd.brasiltelecom.net.br]
AS8167
ns1.linmaxs.com  207.126.167.57
ns1.amassari.net 207.126.167.57
Registrant/Email Registrant: Andrei Vozhlak/info@gname.net
Code: [Select]
hxxp://vdir.kz/zlu/kow.grmd5sum ===> 99511c06bc418abd89d5af14517eb98a
IP  Location: Korea - CNU-AS-KR
IP  168.131.30.97
AS10197
ns1.linmaxs.com  207.126.167.57
ns1.amassari.net 207.126.167.57
Registrant/Email Registrant: Vladislav Grenich/info@gname.net
Code: [Select]
hxxp://dsrv.kz/zsu/dehid.php

February 16, 2011, 01:46:08 pm
Reply #592

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine  - S.Point - SPOINT-AS
IP  91.204.48.120
[24965]
NS3.GKG.NET
NS4.GKG.NET
Registrant/Email Registrant: Louise Braff/vycepetamyxeve@yahoo.com
Code: [Select]
hxxp://tbkyorrxohtqqc.com/news/?s=169150md5sum ===> 3bc702d98119de136cb4c0795f42b45f
Code: [Select]
hxxp://tbkyorrxohtqqc.com/news/?s=6225md5sum ===> a5a1b674f65d566e332b6378cd26b438

February 17, 2011, 11:45:09 am
Reply #593

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP  Hong Kong - REACH Network Border AS
IP  202.40.142.93
[unknown.net.reach.com]
AS4637
NS1.JOBRECRUITINGSTRATEGY.COM 184.154.140.36 NS2.JOBRECRUITINGSTRATEGY.COM  92.84.23.131
Registrant/Email Registrant: flores, fausto/condorbirt@aol.com
Code: [Select]
http://www.hiringdivisionjob.com/froster4321.phprelated (already uploaded):
Code: [Select]
http://baciq.net/biggone.bin

February 18, 2011, 06:05:20 am
Reply #594

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine  - S.Point - SPOINT-AS
IP  91.204.48.134
AS24965
dns1.registrar-servers.com dns2.registrar-servers.com dns3.registrar-servers.com dns4.registrar-servers.com dns5.registrar-servers.com
Code: [Select]
http://tzknqnskplusgkv.info/news/?s=57206           Registrant/Email Registrant: WhoisGuard  Protected/3cd554c6cff84c1ea986029c2b257273.protect@whoisguard.com
http://zptwqlwiwfrliomw.org/news/?s=57206                 Registrant/Email Registrant: Stephanie  Byers/posyjizavogalori@yahoo.com
http://vonotphkopnkkp.info/news/?s=57206                Registrant/Email Registrant: Robert  Burns/avuxahegefyxaruj@yahoo.com
http://ttpfsomintklncl.com/news/?s=57206                 Registrant/Email Registrant: Robert Scribner/iducaxuxysyva@yahoo.com
http://rrqqrvtgcemfpo.com/news/?s=57206               Registrant/Email Registrant: David Weller/imemomaqexur@yahoo.com
http://pgkxokzipelhx.biz/news/?s=57206                   Registrant/Email Registrant: tim  moon/moduxovuwexiju@yahoo.com
http://duqwcgkylsuetuev.com/news/?s=57206         Registrant/Email Registrant: Cameron Bruce/kuzegucojokepop@yahoo.com
md5sum ===> ee754bb75903dc0bb78d7a76ecaf7d23
Code: [Select]
http://tzknqnskplusgkv.info/news/?s=6225
http://zptwqlwiwfrliomw.org/news/?s=6225
http://vonotphkopnkkp.info/news/?s=6225
http://ttpfsomintklncl.com/news/?s=6225
http://rrqqrvtgcemfpo.com/news/?s=6225
http://pgkxokzipelhx.biz/news/?s=6225
http://duqwcgkylsuetuev.com/news/?s=6225
md5sum ===> 46e8fec3376302da609fef2b1f49218b

February 18, 2011, 01:44:28 pm
Reply #595

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
trojan Carberp:
IP  Location: Ukraine - net-0x2a-as Private Entrepreneur Zharkov Mukola Mukolayovuch
IP  91.211.117.38
AS48587
1ST.REGISTERDOMAIN.NAME 2ND.REGISTERDOMAIN.NAME 3RD.REGISTERDOMAIN.NAME 4TH.REGISTERDOMAIN.NAME
Registrant/Email Registrant: Tikitaka/shakeyourstickie@88-56.com
Code: [Select]
http://kaisserz-awe.net.in/l/ldr-godlike.exemd5sum ===> 6e1fcfd0235386cb0c5e1a54fb68228a
http://www.virustotal.com/file-scan/report.html?id=333433430bd4ebefb390ead2cc7f0f1bf8adb255eeefa6590f1d11e82ed4fc1f-1298036070
VT 5/42 (11.9%)
related:
IP  Location: Lithuania - SPLIUS-AS
IP  77.79.11.117
[hst-11-117.duomenucentras.lt]
AS25406
ns2.dns.com.cn ns1.dns.com.cn
Registrant/Email Registrant: chang chen/ftgy23fge@126.com
Code: [Select]
http://onlybusinessdomainee.com/sector/config.binmd5sum ===> a16213049a619ad968876257d8a577f7
Code: [Select]
http://onlybusinessdomainee.com/sector/gate.php

February 19, 2011, 08:24:25 pm
Reply #596

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP  France - OVH ISP - OVH Paris
IP  91.121.154.162
[ks358914.kimsufi.com]
AS16276
ns2.everydns.net ns1.everydns.net ns4.everydns.net ns3.everydns.net
Code: [Select]
hxxp://bbcreation.pl/~biuroart/images/img/config.binmd5sum ===> 0caebd0b570026e6fae07ca52c32be66

IP  France - IKOULA Net SAS
IP  213.246.38.30
[game30.ikoula.com]
AS21409
ns1.cz.cc ns2.cz.cc
Code: [Select]
http://gmotors.cz.cc/asd/icon.tifmd5sum ===> 2da39727829255ed2a0358b2eec89324
Code: [Select]
http://gmotors.cz.cc/gfyHGuytguyg546545445/aion.exemd5sum ===> 274d95cec04dd16acf871ae89be945ed
http://www.virustotal.com/file-scan/report.html?id=75bb11a92aa96157591b74d4c733a49d588c37fc95a97acfc57e987f03bd3e14-1298067437
VT 27/42 (64.3%)
Code: [Select]
http://gmotors.cz.cc/asf/staticd.php
IP  France - IKOULA Net SAS
IP  213.246.42.243
AS21409
Code: [Select]
http://ik42243.ikexpress.com/komand/erergerg/has/graa.somd5sum ===> 87c9f1f3b9c780dea9b2bcb6a9cbb596

IP  Czech Republic - HAKVA-AS
IP  95.64.13.12
AS51786
Name Servers: ns1.tor4ok.com ns2.tor4ok.com
Registrant/Email Registrant: Oksana Boiko/vault@bz3.ru
Code: [Select]
http://tor4ok.com/heltorr/cfgw.binmd5sum ===> b43fede98539caba35c21b3307475fda

IP  Romania - Sa Nova Telecom Grup SRL
IP  94.63.243.14
AS49469
Name Servers: ns1.coralmothodosa.com ns2.coralmothodosa.com
Registrant/Email Registrant: Andrej Chalkov/rick@ppmail.ru
Code: [Select]
http://coralmothodosa.com/itt/rom.enmd5sum ===> 91e44dae19ac6339bc57b21a30df2e61

IP  Croatia - LURA-AS
IP  193.22.81.103
AS28920
Name Servers: free01.editdns.net free02.editdns.net
Registrant/Email Registrant: Georgij Kiosov/oi@ppmail.ru
Code: [Select]
http://90fd78b9078bd0g.com/79fd9/80gf9nn.binmd5sum ===> ff815b4ababe6fd589fe8f27acea5e27

February 20, 2011, 11:53:55 am
Reply #597

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  China - CHINATELECOM-HA-AS-AP
IP 222.88.205.209
[209.205.88.222.broad.jz.ha.dynamic.163data.com.cn]
AS17785
Name Server: ns3.cnmsn.com ns4.cnmsn.com
Registrant/Email Registrant: Hilary Kneber/hilarykneber@yahoo.com
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Created: 2010-12-14
Expires: 2011-12-14
Code: [Select]
http://security-force.net/asd/cgi.binmd5sum ===> edf599bb17f1169c56d18d5d5d81b26a
Code: [Select]
http://security-group.cc/samples/mp3/bethoven/single/2000/01/gate9854.php

February 20, 2011, 07:30:29 pm
Reply #598

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Ukraine - FIN-ACTIVE-NET route - FINACTIVE-AS
IP 193.186.9.164
AS44209
Name Server: ns1.nameself.com ns2.nameself.com
Registrant/Email Registrant: Private Person/admin@nvffr.ru                             
Code: [Select]
http://uuquhc.ru/g.binmd5sum ===> c522626fd005f7ddde51cbe22e3971da

IP Location:  Ukraine - Fortune Science and Production Company - FORTUNE-AS
IP 195.242.161.39
AS47434
Name Server: ns1.karma2you.net ns2.karma2you.net
Registrant/Email Registrant: Evgeniy Simonov/simonich@inbox.ru                             
Code: [Select]
http://karma2you.net/kar/dsa.jpgmd5sum ===> 1885d067d5541cebe3f8ec94926b399e
Code: [Select]
http://karma2you.net/kar/s14.php

February 21, 2011, 09:39:41 am
Reply #599

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Italy - ARUBA-ASN
IP 62.149.128.166
[mxd3.aruba.it]
AS31034
Name Server: dns.technorail.com  dns2.technorail.com
Registrant: ERALDO MORETTO                           
Code: [Select]
http://www.lacesira.it/bannerbottom.gif           md5sum ===> 8e0c45d8c3df1b08b4b54d124e54cc22
IP Location:  Ukraine - FINACTIVE-AS
IP 193.186.9.94
AS44209
Name Server: yns1.yahoo.com  yns2.yahoo.com
Registrant/Email Registrant: Shaoming Zhou/zhoushaoming@yahoo.com                         
Code: [Select]
http://anysnare.us/z2/config.bin                 md5sum ===> 72e4dfe689d0bc6d63bb3a5c888e1c84
Code: [Select]
http://anysnare.us/z2/bot.exe                    md5sum ===> 607ab19d66a472e160e7f344a27846behttp://www.virustotal.com/file-scan/report.html?id=698758f8928f1bbaaf06c6dd148fb6c9af9b58043ca32a998f2cbb2eeaadfac6-1298280148
VT 6/42 (14.3%)
Code: [Select]
http://anysnare.us/z2/gate.php
IP Location:  China - CHINATELECOM-HLJ-AS-AP
IP 219.147.255.39
AS17897
Name Server: ns1.jobrecruitingstrategy.com   184.154.140.36/ns2.jobrecruitingstrategy.com   92.84.23.131
Registrant/Email Registrant: T Frisbee, William/corvusion@yahoo.com                             
Code: [Select]
http://zemondocooler.com/kutimabiz.bin
http://bebookfunk.com/kutimabiz.bin
md5sum ===> e8500fda6c180df46b26b305055b2a1a
Code: [Select]
http://bebookfunk.com/dutarobilok.php