Author Topic: New files for Zeus servers  (Read 195361 times)

0 Members and 1 Guest are viewing this topic.

April 16, 2010, 09:45:58 pm
Reply #75

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
nudlkasnuls.com/ksa/fu.exemd5sum ===> 06a80e786bad1f29383be30052f3b30b
SHA256  ===> fbe04d1c460149aba2f862c263538ce514a1d0df0a40be2282e7c15a71c0cc69
http://www.virustotal.com/es/analisis/fbe04d1c460149aba2f862c263538ce514a1d0df0a40be2282e7c15a71c0cc69-1271453539
VT 18/39 (45%)

April 18, 2010, 03:38:17 pm
Reply #76

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://solaruploader.com/asd23434ff.exemd5sum ===> 74d53dce86d091f0aa8a656cc6882bd1
SHA256  ===> cc8c62ad4b0f61f6ead3fdfb6feb8f3982cc0eb09eab70abeda8abfa67dbbe57
http://www.virustotal.com/analisis/cc8c62ad4b0f61f6ead3fdfb6feb8f3982cc0eb09eab70abeda8abfa67dbbe57-1271453009
VT 13/40 (32.50%)

related (already listed):
Code: [Select]
bestviewbar.com/ipcheker/stat1.php

April 19, 2010, 12:35:58 pm
Reply #77

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://first-shockabsorbers.com/load/checkupdate.txt

April 22, 2010, 08:30:36 pm
Reply #78

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Singapore Singapore Newmedia Express Pte Ltd Singapore Web Hosting Provider     
IP 203.174.83.98
[203-174-83-98.rev.ne.com.sg]
AS38001
Code: [Select]
hxxp://llllllllllllllllll.net/l/l.setmd5sum ===> 44711787085e1c367bfe8ae4d0f066cc
SHA256 ===> ca288a246eee5c4e56fbb8d9c023069b29c37686a3efa04b46d161cbde997e84
Code: [Select]
hxxp://llllllllllllllllll.net/l/l.php

April 24, 2010, 09:32:43 am
Reply #79

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://www.classic-technology.co.uk/pang/mygo/ljbKLw/assave/troshl/Newor.php?captcha===>12721011604bd2b928874bb.cfg
md5sum ===> 18bc44355d7a83cf2992278968c90c04
SHA256 ===> a453ced024073033608a3f71939b3af5290cb9d22eb9d562e309085dbf62c0ac

April 27, 2010, 08:35:53 am
Reply #80

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
www.ronny.serrazul.net/www/wiza/Scrarcgtgb/Ressami.php?captcha===> 12723566684bd69f3c9e018.cfg
md5sum ===> 55a84b0c505441249298a8a3ee303008
SHA256 ===> cc468e802d7bebfe833b2092941f837c4d41ea36e18af96c17532804979c2cae

Code: [Select]
www.ijiexiu.com/crestateUse/aects/ewUser/monnelf/lormPlanale.php?captcha  ===> 12723569974bd6a08533c86.cfg
md5sum ===> 025b69bb9e50ff3fb1eb50379ccab0fb
SHA256 ===> c60015a7fd8e4bf7b16409e99b947ed98bc69d3834220b908f814d43e2d61b99

April 27, 2010, 05:41:20 pm
Reply #81

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://oldbarrel.biz/TeckOffice/moogonsacte/fortg/sumb.php?captcha===> 12723887394bd71c83ef68d.cfg
md5sum ===> af6aae8078e22939badfdef979e9a4e5
SHA256 ===> 4c8c49b7f2420fab312688bfecfe232325059f13c6b1ec4baa02a4f565480b73

Code: [Select]
hxxp://wl9www756.webland.ch/Logoging/oficonts/deent/cousest/edite/lnlivies.php?captcha===> 12723892784bd71e9e1e9da.cfg
md5sum ===> e519cf83a878355d66d18c2dd83c551f
SHA256 ===> 37c14ececd9bb2adadb1f559150465bff4191cf441f7f305447aad896167d608

Code: [Select]
hxxp://www.florescolibries.com.mx/actiondes/homets/fracyblickey.php?captcha===> 12723896094bd71fe953d29.cfg
md5sum ===> 3c594fef48fcf8a2639f6e449c118edc
SHA256 ===> 5a95813e6c69fdd45208f41d4fdc084fd2af6baf16c636c8af78c74a21c78391

Code: [Select]
hxxp://www.geoworksrl.it/site/postorker/CMSAppics/ssavent/semoductills.php?captcha===> 12723897844bd720985e3da.cfg
md5sum ===> 0349f05dacef138ea92190dd0c4326bc
SHA256 ===> 19431f2b77f7cc6a863888de8992213fa16f152bf676278f9c3e2761748cfa8e

May 02, 2010, 12:36:38 pm
Reply #82

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://raskeni.ru/ggg3.php
Code: [Select]
hxxp://mathematics2u.co.cc/life/ldr.exemd5sum ===> 093287b328d91c02baceec513e524e71
SHA256 ===> a0983621052330e702c0fcf2e379cb89c5f6d6d7df55f41815bc0bad80c239c5
Code: [Select]
hxxp://mathematics2u.co.cc/life/updme.binmd5sum ===> f672e1c0d499031c51ee068e508be020
SHA256 ===> 573f19e237a44304118fe070b7766d35dd4d5f8409559bd9c18b6e7aea28982d

May 04, 2010, 06:21:04 pm
Reply #83

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://leeitpobbod.ru/images/konf.binmd5sum ===> a2a8c064b27db24e6c3c437532f51f64
SHA256 ===> 8cf4e53df4a53afd18346e73419c3d335b672d94bfb15975755e1a5690c094cf
Code: [Select]
hxxp://www.oomseekerss.ru/images/gate.php

May 05, 2010, 08:09:58 am
Reply #84

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://darellfood.info/flashimg/pic077.gifmd5sum ===> 6a788ef7b167a471be87865057ae84e4
SHA256 ===> 787f3f72565680053798e6279560aed93c777c9b4be1ad357f84f2e5c6f601e2

Code: [Select]
hxxp://mazdabiz.info/flash/img01.binmd5sum ===> fac97271924af79ebdcdbf8dc1031a0d
SHA256 ===> e3d169b562c19acb23791d1ce0530910b9ff1907fc0036db45ecfba95a8ca81a

May 05, 2010, 06:01:01 pm
Reply #85

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://kabinaoff.info/flashimg/pic04.gifmd5sum ===> 8d35cac431584143cfac9e4706b2aca5
SHA256 ===> bb7a86cfea10111ceffbcaadfa8fe6eee8f7833c9f71f10e881e811bdd3efb7d
http://www.virustotal.com/es/analisis/bb7a86cfea10111ceffbcaadfa8fe6eee8f7833c9f71f10e881e811bdd3efb7d-1273081529
VT 20/41 (48.79%)

Trojan downl. for:
Code: [Select]
kabinaoff.info
mytestjob.info

IP Location: Spain - Arsys.es 
IP 217.76.130.126
[llgb092.servidoresdns.net]
AS20718
Code: [Select]
hxxp://mateomunoz.es/consumibles_r2_c5.gifmd5sum ===> 1e7a32df063acfb38ac1fea7209ae2c7
SHA256 ===> d135e93474a5cf89cc773297c42ad9998e0c15c5f5bdbb72e206cbad63230a80
http://www.virustotal.com/es/analisis/d135e93474a5cf89cc773297c42ad9998e0c15c5f5bdbb72e206cbad63230a80-1273081065
VT 18/41 (43.91%)

May 06, 2010, 09:35:00 am
Reply #86

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Trojan downl. for:
Code: [Select]
kabinaoff.info
mytestjob.info

IP Location: Spain - REDCORUNA S.L.U
IP 92.43.17.2
[hosting01.redcoruna.org]
AS44497
Registrant/Email Registrant: Inmaculada Ponce Gonzalez/magenta79@gmail.com
Code: [Select]
hxxp://www.miraquemono.com/blog/wordpress/wp-content/themes/connections-reloaded/img/logo.jpgmd5sum ===> f06b4cc2dbe48fb4f378ff3456baa152
SHA256 ===> 4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803
http://www.virustotal.com/es/analisis/4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803-1273136908
VT 21/41 (51.22%)

Trojan downl. for:
Code: [Select]
kabinaoff.info
mytestjob.info

IP Location: Spain San Sebastian IBERCOM WORLD WIDE WEB IBERCOM
IP 213.195.72.102
[static.102.72.195.213.ibercom.com]
AS15915
Registrant/Email Registrant: Urtxintxa Eskola/atzio@urtxintxa.org
Code: [Select]
hxxp://aisia.net/images/galeria/gobela3handi.jpgmd5sum ===> f06b4cc2dbe48fb4f378ff3456baa152
SHA256 ===> 4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803
http://www.virustotal.com/es/analisis/4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803-1273137725
VT 21/41 (51.22%)

May 06, 2010, 12:50:29 pm
Reply #87

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Trojans downl. for, or zeus v3 trojans?
http://camas.comodo.com/cgi-bin/submit?file=980e7b182333243bbe140723241f07ef211980af4fc10d8cb4fcaae7dd16cde9
Code: [Select]
kabinaoff.info
mytestjob.info

IP Location: Spain - Arsys.es
IP 217.76.130.253
[llgb434.servidoresdns.net]
AS20718
Registrant/Email Registrant: Ana M. Fernandez Aguado/experts@fotodos.com
Code: [Select]
hxxp://eimatge.com/41.jpgmd5sum ===> fc7c86ecbdb4ca1d73fcc33fad965048
SHA256 ===> 34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b
http://www.virustotal.com/es/analisis/34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b-1273148005
VT 25/41 (60.98%)

IP Location: France Amen France Network 
IP 62.193.204.77
[vds-796511.amen-pro.com]
AS28677
Registrant/Email Registrant: Angel Miguel Fernandez Ferron/angel@factorydea.com
Code: [Select]
hxxp://serraniasuroeste.org/uploadedcvimg/1320906784foto002.jpgmd5sum ===> f06b4cc2dbe48fb4f378ff3456baa152
SHA256 ===> 4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803
http://www.virustotal.com/es/analisis/4aefc3c35b1be14c09cb9deda8ac88e1ec8e2ca0d111b21829a5189a40bee803-1273148827
VT 22/41 (53.66%)

IP Location: Germany - STRATO AG 
IP 81.169.145.73
[w09.rzone.de]
AS6724
Registrant/Email Registrant: Antonio Barriocanal Pia/hostmaster@cronon-isp.net
Code: [Select]
hxxp://acacabe.com/image/bg_010.gifmd5sum ===> 78dd8a87c2aaaefbcc49973d13c602a2
SHA256 ===> 980e7b182333243bbe140723241f07ef211980af4fc10d8cb4fcaae7dd16cde9
http://www.virustotal.com/es/analisis/980e7b182333243bbe140723241f07ef211980af4fc10d8cb4fcaae7dd16cde9-1273149077
VT 23/41 (56.1%)

May 06, 2010, 03:15:38 pm
Reply #88

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Trojan downl. for:
Code: [Select]
kabinaoff.info
mytestjob.info
IP Location: Spain Logrono AS_ARSYS-EURO   
IP 217.76.150.30
[slge442.piensasolutions.com]
AS20718
Registrant/Email Registrant: xavier sanchez presas (SROW-1263796)/rima-bus@hotmail.com
Code: [Select]
hxxp://barcelonacitytransfers.com/images/css_f1.pngmd5sum ===> 1e7a32df063acfb38ac1fea7209ae2c7
SHA256 ===> d135e93474a5cf89cc773297c42ad9998e0c15c5f5bdbb72e206cbad63230a80
http://www.virustotal.com/es/analisis/d135e93474a5cf89cc773297c42ad9998e0c15c5f5bdbb72e206cbad63230a80-1273157887
VT 25/41 (60.98%)

Trojan downl. for:
Code: [Select]
kabinaoff.info
mytestjob.info

IP Location: Italy Florence Register.it S.p.a 
IP 81.88.61.98
[host-81-88-61-98.dedicatedservers.it]
AS39729
Registrant/Email Registrant: CATMUR 1998, S.L./dominis@tepsis.com
Code: [Select]
hxxp://catmur.com/images/3f2.jpgmd5sum ===> fc7c86ecbdb4ca1d73fcc33fad965048
SHA256 ===> 34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b
http://www.virustotal.com/es/analisis/34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b-1273148005
VT 25/41 (60.98%)

May 07, 2010, 10:07:03 am
Reply #89

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://foinkto015.net/inc/d.exemd5sum ===> b42e9e61bb0a6d5cbcc94f46aa082728
SHA256 ===> 33c199e654438b3645a95b12162903e6c9a08599d0aa847aec5048c73b550079
http://www.virustotal.com/es/analisis/33c199e654438b3645a95b12162903e6c9a08599d0aa847aec5048c73b550079-1273226373
VT 23/41 (56.1%)