Author Topic: New Zeus server  (Read 371387 times)

0 Members and 1 Guest are viewing this topic.

February 22, 2011, 12:15:12 pm
Reply #600

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  France - France Telecom - Orange IP Backbone for Enterprise and french consumers
IP 92.131.44.226
[ALille-156-1-117-226.w92-131.abo.wanadoo.fr]
AS3215
Name Server: nf1.no-ip.com  nf2.no-ip.com                       
Code: [Select]
http://beautybiz.no-ip.org/config.bin                 md5sum ===> 72e4dfe689d0bc6d63bb3a5c888e1c84
Code: [Select]
http://beautybiz.no-ip.org/gate.php
IP Location:  United Kingdom - INSTANTEXCHANGER-AS
IP 195.80.151.195
AS50877
Name Server: ns1.ihc.ru  ns2.ihc.ru
Registrant/Email Registrant: Vitalij Tiaskevic/stormpayclicker@gmail.com                       
Code: [Select]
http://radiosci.info/1/bin/config.bin                 md5sum ===> 3d0c3e792c7b1772f6d6407c746aff9d
Code: [Select]
http://radiosci.info/1/bin/upload/113.exe             md5sum ===> c36d3e682b6cd921900207a72a8eae64http://www.virustotal.com/file-scan/report.html?id=36ab8d1806e987e2612b6625c85ac602332402972e57ea6faf55788884b024aa-1298369046
VT 31/43 (72.1%)
Code: [Select]
http://radiosci.info/1/gate.php

February 22, 2011, 08:48:34 pm
Reply #601

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
IP Location:  United Kingdom - INSTANTEXCHANGER-AS
IP 195.80.151.195
AS50877
Name Server: ns1.ihc.ru  ns2.ihc.ru
Registrant/Email Registrant: Vitalij Tiaskevic/stormpayclicker@gmail.com                       
Code: [Select]
http://140.116.60.29/images/ufo/.thumbs/flashtest.gif                 md5sum ===> cac042a68c7d34e4c55d42b1dbc87cbb
Code: [Select]
http://www.lrtaxfin.co.za/test.php
Code: [Select]
http://uuquhc.ru/g.bin                 md5sum ===> 50778c80829fb99d087432c2a20461c9
http://uuquhc.ru/4.php

February 25, 2011, 06:26:15 am
Reply #602

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  United States - SERVERCENTRAL
IP 75.102.22.9
[unknown.hostforweb.net]
AS23352
Name Server: ns1.scenovia.com.au  ns2.scenovia.com.au
Registrant/Email Registrant: Garry Henshall/info@scenovia.com                       
Code: [Select]
http://parks-leisure.com.au/HEC/index.pdf                 md5sum ===> 6c06dc710cf800832927864ce2c30ae7
Code: [Select]
http://parks-leisure.com.au/HEC/i.1.exe                   md5sum ===> 76eea5afc4e85cf3f341f75677d1246fhttp://www.virustotal.com/file-scan/report.html?id=e791752b01d1e9ba29698179b0fe791c30ec92a9d3bd3f94f2b28edd14ec9ba1-1298568240
VT 25/43 (58.1%)
Code: [Select]
http://parks-leisure.com.au/HEC/index.jpg
IP Location:  Ukraine - ANSUA-AS PE Sergey Demin
IP 91.206.201.100
AS47781
Name Server: ns1.inf0z.com.ua  91.206.200.75 ns2.inf0z.com.ua 91.206.201.70
Email Registrant: pi222-uanic@priv.uanic.ua                       
Code: [Select]
http://inf0z.com.ua/forum/fig.bin                 md5sum ===> 8b329d7ba20645b4dab830268a70cbaf
Code: [Select]
http://inf0z.com.ua/forum/load.exe                   md5sum ===> f1d9d8bd77962f321524bcf2cafc34a3http://www.virustotal.com/file-scan/report.html?id=72bab23bd5be2b050519765420b1c069a64f12fff558f40d3d1d22fab8c0d9c2-1298611213
VT 16/43 (37.2%)
Code: [Select]
http://inf0z.com.ua/forum/login.php
IP Location:  China - Proxy-registered route object - CHINA-TELECOM
IP 122.224.6.36
AS4134
Name Server: ns3.cnmsn.com  ns4.cnmsn.com
Registrant/Email Registrant: Vyacheslav Vozovikov/admin@famontare80.net                       
Code: [Select]
http://famontare3.net:81/s2/cfgmix.bin                 md5sum ===> 7220c6ef8f72dd20d8df5482ea11e78a
Code: [Select]
http://famontare80.net:81/s/statistics.php
IP Location: Russian Federation -TPIC-AS
IP 194.60.205.202
AS49017
Code: [Select]
hxxp://194.60.205.202/news/?s=9400                 md5sum ===> 75c170baffd28087c1ced7f92aaa9a60
[code]hxxp://194.60.205.202/news/?s=6225                 md5sum ===> dd77b3893116325519262ed2a0ec5dfd

IP Location:  United States - THEPLANET-AS2
IP 174.120.204.178
[b2.cc.78ae.static.theplanet.com]
AS21844
Name Server: ns1.digibizsites.com  ns2.digibizsites.com
Registrant/Email Registrant: Tom Gruich/tgruich@twmi.rr.com                       
Code: [Select]
http://tipsmakingmoneyonline.com/q4.drv                 md5sum ===> 8474011629899f2b345d0da11b11a19c
IP Location:  Russian Federation - Wahome IP's - WEBALTA-AS
IP 92.241.162.214
AS41947
Name Server: ns1.pochemuchka.ir  ns2.pochemuchka.ir
Registrant/Email Registrant: Amir Ahmadi/jamcnutt111@hotmail.com                       
Code: [Select]
http://pochemuchka.ir/obl/call.bin                 md5sum ===> 9828c60d0ff2c33893fb959f5faa713d[/code]

February 25, 2011, 05:25:00 pm
Reply #603

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine  - FINACTIVE-AS
IP 193.186.9.96
AS44209
Name Server: ns1.reg.ru  ns2.reg.ru
Registrant/Email Registrant: Aleksandr B Hvalovskii/hvalovsky@yandex.ru   
Code: [Select]
http://cnnus.ru/auc/n.exe      zeus trojan v2.1             md5sum ===> ae3ad3abc8dbabcc579283b73bf8f926http://www.virustotal.com/file-scan/report.html?id=06d5daae7db754367bac9434c454c5596ecd600b98f9cfe3c49916f845d7c4d9-1298654343
VT [color=red14/[/color]43 (32.6%)
Code: [Select]
http://cnewsus.ru/naol/news/index.php

February 27, 2011, 10:05:17 am
Reply #604

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Hong Kong - SUNNYVISION-AS-AP
IP 117.18.64.132
[117-18-64-132.sunnyvisiondatacenter.com]
AS38478
Name Server: ns.xinnet.cn  ns.xinnetdns.com
Registrant/Email Registrant: chang chen/ftgy23fge@126.com 
Code: [Select]
http://onlinesspacesz.com/vip/online                               md5sum ===> 8db74b8be34e497ae46491b0898efae8
Code: [Select]
http://onlinesspacesz.com/vip/onlinesrv.exe                        md5sum ===> 11eaf781d42fec99d2402107600eefa2http://www.virustotal.com/file-scan/report.html?id=318edf6657cff9a70fd7a46bf9de3dbd170af79cd8968a9c32649aa29b6c6ba7-1298664407
VT 3/43 (7.0%)

IP Location: Croatia  - LURA-AS
IP 193.22.81.103
AS28920
Name Server: free01.editdns.net  free02.editdns.net
Registrant/Email Registrant: Tomas Lokinston/admin@jghrt9frgtr9.com
Code: [Select]
http://jghrt9frgtr9.com/9dg9j/khjf7.bin                               md5sum ===> ac1308d8a8af7bf94036adea59dab865
IP Location:  United States -PAH-INC Go Daddy Software
IP 97.74.215.158
[[p3nw8sh134.shr.prod.phx3.secureserver.net]]
AS26496
Name Server: NS17.DOMAINCONTROL.COM  NS18.DOMAINCONTROL.COM
Registrant/Email Registrant: Walza Starr/wstarr1@kc.rr.com                       
Code: [Select]
http://faithcitychristiancenter.org/IMAGES/barrett_08.jpg                 md5sum ===> cac042a68c7d34e4c55d42b1dbc87cbb
IP Location: Azerbaijan - ADaNet-AS Azerbaijan Data Network Autonomous System
IP 109.127.8.242
[host-242-8-127-109.azdata.net]
AS15621
Name Server: ns7.01isp.com  ns8.01isp.net
Registrant/Email Registrant: Resano Jasa/admin@testonlyforfhj3355591.com.tw 
Code: [Select]
http://testonlyforfhj3355591.com.tw/2x/b2/cfg_tes2.bin             md5sum ===> ec221241aabd28d7832d29df48706579

February 27, 2011, 07:08:29 pm
Reply #605

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine  - FINACTIVE-AS
AS44209
Name Server: ns.xinnet.cn  ns.xinnetdns.com
Code: [Select]
http://193.186.9.76/q4.drv                               md5sum ===> f5faef7e06d421062a9af12e22bc883e

IP Location: Israel  - NV-ASN
IP 212.150.164.76
[164.76.loads.co.il]
AS1680
Name Server: DNS1.NAME-SERVICES.COM  DNS2.NAME-SERVICES.COM  DNS3.NAME-SERVICES.COM  DNS4.NAME-SERVICES.COM  DNS5.NAME-SERVICES.COM
Registrant/Email Registrant: Greg  Mitchell/Tendervisits@yahoo.com  
Code: [Select]
http://stounkram653.in/rang/dast.bin                               md5sum ===> 4b513412ca9ead8b47719dac37413e7c
Code: [Select]
http://stounkram653.in/forum/support.php
IP Location: China  - CHINATELECOM-HLJ-AS-AP
IP 219.147.255.39
AS17897
Name Server: ns1.worldfamoucomposer.net 173.231.26.102  ns1.ginndom.net 173.231.26.102
Registrant/Email Registrant: Joseph G. Wargo/solarstorm@dr.com  
Code: [Select]
http://ebebguere.com/quatoorezo.bin                               md5sum ===> 48922f062ea1ae55e42a08f13cb9e2bc
Code: [Select]
http://ebebguere.com/finkazibuk.exe                               md5sum ===> cb55b8ae105a5b166fdc4343d091c58ehttp://www.virustotal.com/file-scan/report.html?id=d07e954d177ef5da7e7922263bb056ed31c14ef86503e8958219cad2ce7c81d3-1298832783
VT 26/43 (61.9%)
Code: [Select]
http://dubanubicom.com/windows7xp.php

March 01, 2011, 08:53:54 am
Reply #606

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: France  - IKOULA Net SAS
IP 213.246.38.36
AS21409
Code: [Select]
http://interraoo.cz.cc/saimwebs/seFgg66/canon.tif                               md5sum ===> cf975e21e3486ca52b0d8a14fbfc7e57                           
http://interraoo.cz.cc/saimwebs/hhhasann/gaoowebs.php
http://interraoo.cz.cc/saimwebs/GHjhuguygftuftf656546554654445/aion.exe

IP Location: Germany  - ASGHOSTNET
IP 94.249.139.4
[box7.host1free.com]
AS12586
Name Server: ns1.host1free.com  ns2.host1free.com
Code: [Select]
http://token.128pro.net/UPCHK.bin                               md5sum ===> cd800d2933ee3e03bfaf9e77c615f428                           
http://oskoloblyadntia.ru/update.php

IP Location:  United States - NETRIPLEX01 NETRIPLEX LLC
IP 46.29.252.2
[box-2e1dfc2.brtarget.net]
AS36167
Name Server: ns20.netriplex.com  ns21.netriplex.com
Registrant/Email Registrant: Lom Lom/lom01@live.com                       
Code: [Select]
http://halifexonline.com/coolirc/hola/config.bin                 md5sum ===> 367ba5fdefc64ab32038d754ee9b9dbf
http://halifexonline.com/coolirc/hola/gate.php

March 01, 2011, 03:51:17 pm
Reply #607

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Canada - SOFTCOMCA
IP 168.144.38.41
[vps-1030962-2238.manage.myhosting.com]
AS14166
Name Server: ns1.casino-game-report.com  ns1.firespiner.com
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org                       
Code: [Select]
http://nastorone.com/xed/config.bin                       md5sum ===> eb788b302d831b40e960bf1eb5496428
http://nastorone.com/xed/yourbot.exe                      md5sum ===> d6a41a7ea79cc146f0f6be99e755c81a
http://nastorone.com/xed/gate.php
http://www.virustotal.com/file-scan/report.html?id=ebeb69b9fb89aaa5ec3adcdd66eeba19fd2a2419d741208808c71b3768a16dd8-1298994257
VT 39/43 (90.7%)

IP Location:  Romania - iTelecom Pixel View SRL
IP 95.64.9.58
[customer-58.wehostshits.com]
AS50244
Name Server: ns1.yrganosserx122108.net  ns2.yrganosserx122108.net
Registrant/Email Registrant: Bingven Way/bingven2000@yahoo.com                       
Code: [Select]
http://yrganosserx122108.net/vbsa/cc2.bin                 md5sum ===> 7f250a52fef9ad072a1940720385f3c3

March 02, 2011, 07:22:48 pm
Reply #608

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Korea - KT-NET KORnet Powered BY Korea Telecom
IP 119.195.196.168
AS4766
Name Server: ns1.ramfors.net  ns2.ramfors.net
Registrant/Email Registrant: Cicelia J Patterson/admin@ramfors.net                       
Code: [Select]
http://ramfors.net/new3/gif.png                 md5sum ===> 51e6f96b27b24f5b41986a215e1c2e0a
IP Location:  China - CHINATELECOM-HLJ-AS-AP
IP 219.147.255.39
AS17897
Name Server: ns1.ginndom.net  ns1.worldfamoucomposer.net
Registrant/Email Registrant: Gano, Leatrice/soldwia@usa.com
Registrant/Email Registrant: Private Person/zc@bz3.ru                 
Code: [Select]
http://strategiesrecruiting.com/qundarilez.bin                  md5sum ===> cffcdd0c7d44f8a3f67f1ac5d0f6aad9
http://solidbin.ru/qundarilez.bin                               md5sum ===> 72b82eda05caa6d3d5de482262664251
http://oneant.ru/stopelko.exe                                   md5sum ===> ff07394036050ce7b1a987dc5e77c570
http://www.virustotal.com/file-scan/report.html?id=a61ed539115fa63f8fe4ccb7aea68d06d4d4bbd32cb30d778acdca0dfda0ecd1-1299092837
VT 19/43 (44.2%)
Code: [Select]
http://strategiesrecruiting.com/stopelko.exe                    md5sum ===> 91aa0f07c6d96fca088c57305e993caehttp://www.virustotal.com/file-scan/report.html?id=ebeb69b9fb89aaa5ec3adcdd66eeba19fd2a2419d741208808c71b3768a16dd8-1298994257
VT 22/43 (51.2%)
Code: [Select]
http://strategiesrecruiting.com/founderzilla.php
http://oneant.ru/founderzilla.php

IP Location:  Ukraine - FINACTIVE-AS
IP 193.186.9.102
AS44209
Name Server: ns1.dns-diy.net  ns2.dns-diy.net
Registrant/Email Registrant: Binnie Fullz/admin@furerr.com                       
Code: [Select]
http://gistapo.net/favicon.ico                 md5sum ===> 9e3d5dc71f8474037e7e0f389b75b9b6
http://gistapo.net/vb9.php

March 05, 2011, 09:41:01 pm
Reply #609

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Russian Federation - HOSTING-COMPANY-AS
IP 79.174.78.244
AS47385
Name Server: ns1.hc.ru  ns2.hc.ru
Registrant/Email Registrant: R01 Personal Data Operator protected/fashion-report.ru@r01-service.ru                       
Code: [Select]
http://fashion-report.ru/afisha/etc/etc/cfg.bin                 md5sum ===> b0288a0b1ebb60f8c53911948bdf0437
http://fashion-report.ru/afisha/etc/etc/gate.php

IP Location:  Ukraine - FINACTIVE-AS
IP 193.186.9.165
AS44209
Name Server: ns1.nameself.com  ns2.nameself.com
Registrant/Email Registrant: Private Person/admin@nvffr.ru                 
Code: [Select]
http://kudwda.ru/h.bin                 md5sum ===> 5efb1ca08dc4d4450a6908f9cc746361
http://kudwda.ru//5.php

IP Location:  Ukraine - ANSUA-AS PE Sergey Demin
IP 91.206.201.236
AS47781
Name Server: ns1.ecommersik.com  ns2.ecommersik.com               
Code: [Select]
http://highcliks.co.cc/wll/cnf/nes.dll                 md5sum ===> 1add2d7582fdc8ba2511eff9aefd8947
IP Location:  Russian Federation - YABA-AS
AS50877                 
Code: [Select]
http://91.206.200.132/3/config.bin                 md5sum ===> 99c7c163d487704e59c88de164576dde
http://91.206.200.132/3/bot.exe                      md5sum ===> 34005608d496de3566e97a8beaf48dda
http://xenicalquestions.com/ld.exe                      md5sum ===> 11fd7f65f091d7d2c1d624295477dcaa
http://91.206.200.132/3/gate.php
http://www.virustotal.com/file-scan/report.html?id=0e671d8ad2599571fe646c7232973128df4688621e1c152c195946168a2cc690-1299359585
VT 29/43 (67.4%)
http://www.virustotal.com/file-scan/report.html?id=1af9d3ed3b714f17154f2195284cc41e82690388cfd8b1a4aa70951ee79e089d-1299359585
VT 33/42 (78.6%)

IP Location:  Malaysia - GIGABIT-MY
IP 223.25.242.107
AS55720
Name Server: ns3.mynshosting.net  ns4.mynshosting.net
Registrant/Email Registrant: John Evans/jhnvns92@gmail.com                 
Code: [Select]
http://adcust.com/kofff111/config.bin               md5sum ===> de0432f88d176804ee29b71451142e3b
related zeusbotnet malware:
IP Location:  Panama - COLUMBUS NETWORKS TRANSIT CUSTOMERS - NEWWORLDNETWORK
IP 190.123.46.146
AS23520
Name Server: ns1.reg.ru  ns2.reg.ru
Registrant/Email Registrant: Aleksandr B Hvalovskii/hvalovsky@yandex.ru                 
Code: [Select]
http://hotcnn.ru/point/forum/index.php
IP Location:  United Kingdom - Instantexchanger Ltd
AS50877       
Code: [Select]
http://195.80.151.194/jjnb.exe                      md5sum ===> d659cadd857d3c8d3e2e82baf50c7ea4http://www.virustotal.com/file-scan/report.html?id=732e594af3b491edadaa5e16693cc1b2488a16f764bc8373b2f8539f6dd9b964-1299360615
VT 34/42 (79.1%)

March 07, 2011, 09:02:58 am
Reply #610

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Romania - SA-NOVA-TELECOM-GRUP-SRL
IP 94.63.243.21
AS49469
Name Server: ns1.blackmemoso.com 94.63.243.21  ns2.blackmemoso.com 94.63.243.21
Registrant/Email Registrant: Evgenia Kostikova/grasp@yourisp.ru               
Code: [Select]
http://blackmemoso.com/ger/ber.ln                 md5sum ===> 3e6f57846bcaec167398323f3944eeab
http://blackmemoso.com/ger/dea.exe                      md5sum ===> d606f2403a51d19248b72b6cf052ae47
http://www.virustotal.com/file-scan/report.html?id=a89d7c607f28077b951fdf622537cc04e0920fb6131fd0a816901d32bdce0416-1299487591
VT 22/43 (51.2%)

IP Location:  Denmark - ONECOM A/S
IP 193.202.110.127
[srv127.one.com]
AS51468
Name Server: ns01.one.com  ns02.one.com
Registrant/Email Registrant: One.com Hostmaster/one@andypoulton.com               
Code: [Select]
http://159.be/images/twiter.jpg                 md5sum ===> 929f838fa4e559519d8e896d645beb4c
http://needmoneytohelp.com/images/list.php

IP Location:  Romania - HAKVA LLC 2H
IP 95.64.13.12
AS51786
Name Server: ns1.tor4ok.com  ns2.tor4ok.com
Registrant/Email Registrant: Oksana Boiko/vault@bz3.ru               
Code: [Select]
http://tor4ok.com/heltorr/cfgw.bin                 md5sum ===> b43fede98539caba35c21b3307475fda
IP Location:  China - GIGABIT-MY
IP 223.25.242.107
AS55720
Name Server: ns3.mynshosting.net  ns4.mynshosting.net         
Code: [Select]
http://linksofhouse.co.cc/wass.bin                 md5sum ===> e35c95cfd1cabb407051f3340f58eb2a
IP Location:  Croatia - LURA-AS
IP 193.22.81.72
AS28920
Name Server: NS1.NAME.COM  NS2.NAME.COM  NS3.NAME.COM  NS4.NAME.COM
Registrant/Email Registrant: Brian Gamble/gamble.brian@yahoo.com               
Code: [Select]
http://furzest.info/usa.bin                 md5sum ===> ef46856bd377664a97b00fd6a0edda3c
http://furzest.info/redir.php

IP Location:  China - CHINATELECOM-HLJ-AS-AP
IP 219.147.255.39
[srv127.one.com]
AS51468
Name Server: ns1.ginndom.net  ns1.worldfamoucomposer.net
Registrant/Email Registrant: Private Person/zc@bz3.ru               
Code: [Select]
http://ironsum.ru/dongiklim.bin                       md5sum ===> 457061cb39dbc85055c7ebf5214fda7e
http://mildtune.ru/blazers66.exe                      md5sum ===> e5cfae9bdec97fecf1bc527a18098f17
http://mildtune.ru/viewforum3.php
http://www.virustotal.com/file-scan/report.html?id=1128102503794fa0255ed2031636a2e2f977e37ec4f5ca21c6b071b6cf759d95-1299487587
VT 30/43 (69.8%)

related zeusbotnet malware:
Code: [Select]
hxxp://195.80.151.194/jjnb2.exe                           md5sum ===> 4b0b6bd747c9b1faf360a8030e7db711http://www.virustotal.com/file-scan/report.html?id=5ba023508c47986ec27edb241b12b5fb528761b202800b3e7c77e4519c9a27c9-1299488017
VT 24/43 (55.8%)

March 07, 2011, 08:25:38 pm
Reply #611

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  United Kingdom - OH Telecom - OPENHOSTING M247 Ltd
IP 89.238.131.66
[november.ourwindowsnetwork.com]
AS33970
Name Server: ns2.keynect.co.uk  ns3.keynect.co.uk  ns1.keynect.co.uk
Registrant/Email Registrant: Vanishing Point/admin@keynect.co.uk       
Code: [Select]
http://vanishingpoint-art.com/securimage/audio/gbold.exe                      md5sum ===> 368f05d4f2ae5d6c934e80ca90a10e29http://www.virustotal.com/file-scan/report.html?id=27362bcbe507dcd175cc23ca5c6abd5bc4a21fc41e8403135fe89e99a8180cde-1299529202
VT 24/42 (57.1%)
related:
Code: [Select]
http://paperrain.net/vvx2222x/klmn001.fg
http://paperrain.net/vvx2222x/xxzz2.jpg

March 07, 2011, 10:31:30 pm
Reply #612

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Romania - ESENTIAL - SA-NOVA-TELECOM-GRUP-SRL
IP 94.63.244.32
AS49469
Name Server: ns1.nameself.com  ns2.nameself.com
Registrant/Email Registrant: Private Person/admin@istuplenie.ru             
Code: [Select]
http://bigupdate.ru/STo84RIUqiArouklU9/jO05HlAhI3KL.bin                       md5sum ===> 4296cd29e0723646c6c610ac93f6d661
http://bigupdater.ru/STo84RIUqiArouklU9/jO05HlAhI3KL.bin                      md5sum ===> 4296cd29e0723646c6c610ac93f6d661
http://bigupdating.ru/STo84RIUqiArouklU9/jO05HlAhI3KL.bin                     md5sum ===> ff4a09da3ca3506dc16b356ff175c236
http://bigupdaters.ru/STo84RIUqiArouklU9/14iAcR.exe                           md5sum ===> 07f55c942166458832fcbd0d37e21599
http://bigupdate.ru/STo84RIUqiArouklU9/14iAcR.exe                             md5sum ===> 07f55c942166458832fcbd0d37e21599
http://bigupdater.ru/STo84RIUqiArouklU9/14iAcR.exe                            md5sum ===> 07f55c942166458832fcbd0d37e21599
http://bigupdating.ru/STo84RIUqiArouklU9/14iAcR.exe                           md5sum ===> 07f55c942166458832fcbd0d37e21599
http://bigupdaters.ru/STo84RIUqiArouklU9/mLacrouyo4s8lan.php
http://bigupdate.ru/STo84RIUqiArouklU9/mLacrouyo4s8lan.php
http://bigupdater.ru/STo84RIUqiArouklU9/mLacrouyo4s8lan.php
http://bigupdating.ru/STo84RIUqiArouklU9/mLacrouyo4s8lan.php
http://www.virustotal.com/file-scan/report.html?id=647571c40d97bee55fd0d20b2d5b619476814d15b5690ddf6cbadfd5c9fd0c5e-1299535787
VT 1/43 (2.3%)

March 08, 2011, 10:05:02 am
Reply #613

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Russian Federation - BEST-HOSTER Group Co. Ltd
IP 91.215.170.1
[piter1.dns-rus.net]
AS49693
Name Server: ns121.dns-rus.net  ns122.dns-rus.net
Registrant/Email Registrant: Private Person/chinesestar@mail.ru/getmeout@bk.ru           
Code: [Select]
http://maxho.ru/god/config.bin                     md5sum ===> d06a98013afa72025fb47451858a8566
http://maxho.ru/god/god.exe                        md5sum ===> 8944bc22235936b73bdf874bfa4d1a64
http://maxho.ru/god/zg.php
http://www.virustotal.com/file-scan/report.html?id=d1bf7ec60bcb74dd395f92a1ddb5a2a66e9913514e0f7428681e9a8d7fe25b1e-1299577773
VT 33/43 (76.7%)

IP Location:  United States - INTERNIC InterNIC Registration Services
IP 206.188.192.152
[vux.netsolhost.com]
AS6245
Name Server: ns55.worldnic.com  ns56.worldnic.com           
Code: [Select]
http://sms.champagnesunday.com/update.bin                         md5sum ===> f92b468e705f73ef82ee19286762fb6d
http://sms.champagnesunday.com/update.exe                         md5sum ===> 042271fc19604f5d861196b75c4e5b40
http://www.virustotal.com/file-scan/report.html?id=c3e86389f23be0d8646a0f5beb509669e9f17cde0b6e2a4e4dd8d84ee621262b-1299578085
VT 4/43 (9.3%)

IP Location:  United States - LiquidWeb Liquid Web Inc.
IP 50.28.70.238
AS32244
Name Server: nf1.no-ip.com  nf2.no-ip.com   nf33.no-ip.com    nf4.no-ip.com   
Code: [Select]
http://sms.noip.me/~zeus/config.bin                     md5sum ===> 96a05d2efd63a1c95d321779a4969571
http://sms.noip.me/~zeus/bt.exe                         md5sum ===> 9378ea9cea93940a25caade2db3f28c5
http://sms.noip.me/~zeus/gate.php
http://www.virustotal.com/file-scan/report.html?id=4b123990b9f391843c8df1df16878200183805af3bd6b4ffb5a25eb293a9d804-1299578198
VT 32/43 (74.4%)

March 08, 2011, 03:19:09 pm
Reply #614

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  United Kingdom - UK2NET-AS UK-2
AS13213           
Code: [Select]
http://46.166.128.28/images/web/config.bin                     md5sum ===> 85876c90588f3a479cd33886fa41774e
http://46.166.128.28/images/web/bot.exe                        md5sum ===> 81c4385eb959b53da84e3740c4095048
http://46.166.128.28/images/facebook.exe                       md5sum ===> abe80ebb0ae505c258ab53855417278a
http://46.166.128.28/images/web/gate.php
http://www.virustotal.com/file-scan/report.html?id=0e0a6d27fbe14ccd69e2c41a3c2dd9c312181fd7d7aca2117c9ce462e69390ac-1299596456
VT 34/43 (79.1%)
http://www.virustotal.com/file-scan/report.html?id=a0246a5bfa30ceb36fd7e345391bb67f82af3809df407ebd96d2bfc1f4ab1e96-1299596671
VT 34/42 (81.0%)
Code: [Select]
http://46.166.128.28/images/Flash_player.exe                   md5sum ===> 6275027541ddba077f2e6ab443e943a1http://www.virustotal.com/file-scan/report.html?id=215721dc63e88e623cf925847cba469e4f686f6c754ce68eb50f5924ffc7f143-1299597054
VT 27/43 (62.8%)