Author Topic: New Zeus server (Read 395753 times)

jackberri · October 17, 2011, 05:32:08 pm

IP Location: Germany - HETZNER-AS
IP 78.47.5.204
[static.204.5.47.78.clients.your-server.de]
AS24940
Name Server: NS1.GOOGLEANALUTICS.IN | NS2.GOOGLEANALUTICS.IN
Registrant/Email Registrant: Guan Nortamo/guartamonortamo@yandex.com

Code: [Select]

hxxp://googleanalutics.in/config.bin  md5sum ===> bac53ed14b0a9f4f7af68c098fc8e9e5
hxxp://googleanalutics.in/index.exe   md5sum ===> c566ad0d58c2b8eccd4f5cac0109d0f1
hxxp://googleanalutics.in/favicons.jpg

http://www.virustotal.com/file-scan/report.html?id=e548908f0b1f5394743bd38389e1f380f5268b08284075fd4da22532ce4f4bbd-1318840173
VT 17/43 (39.5%)

IP Location: Russian Federation - ALTURA-AS
IP 95.141.193.54
AS44158
Name Server: NS1.CHANGEIP.ORG | NS3.CHANGEIP.ORG | NS2.CHANGEIP.ORG
Registrant/Email Registrant: ChangeIP.com/NSI@ChangeIP.com

Code: [Select]

hxxp://gosendd.h1x.com/authorization.php
hxxp://gosendd.h1x.com/secure/secur.php

IP Location: Russian Federation - ALTURA-AS
IP 95.141.193.54
AS44158

Code: [Select]

hxxp://ftvs.epac.to/authorization.php
hxxp://ftvs.epac.to/secure/secur.php

IP Location: Vietnam - VNPT-AS
IP 113.161.87.176
[static.vdc.vn]
AS45899
Name Server: ns1.acorngroupinc.com | ns2.acorngroupinc.com
Registrant/Email Registrant: Private Person/built@ppmail.ru

Code: [Select]

hxxp://gorycup.ru/search/newfile11.bin md5sum ===> 74c80fbb2d8b14e5972e191905a70f09

jackberri · October 19, 2011, 11:14:25 am

IP Location: United Kingdom - ASVAROVAEV FOP Varovaev Leonid Gennadevich
IP 91.229.90.3
AS6753
Name Server: dns01.gpn.register.com | dns02.gpn.register.com | dns03.gpn.register.com | dns04.gpn.register.com | dns05.gpn.register.com
Registrant/Email Registrant: Ariel Herco/arielherco@yahoo.com

Code: [Select]

hxxp://junesommerlivev.com/defforty1config/settings.bin                   md5sum ===> 5dacfd91de4b65b0c044e160b58a282a
hxxp://junesommerlivev.com/defforty1config/bot.exe                        md5sum ===> ed34b46a4524c7d05e45200eaf09f765
hxxp://junesommerlivev.com/defforty1config/flashplayer.exe                md5sum ===> 5388fb41691c609d5d6ba2f688961ae2
hxxp://junesommerlivev.com/defforty1config/redir.php
hxxp://junesommerlivev.com/defforty1config/config.php

http://www.virustotal.com/file-scan/report.html?id=fdfc8bc93fc3156bfa81e33fc97d88b48ef774fa3ec5315e83e70a780f6ed194-1318912541
VT 35/43 (81.4%)
http://www.virustotal.com/file-scan/report.html?id=f3ec9d490521e2785327a05dea56b37cad1e1b2340c37499246eda722a8319d2-1318954231
VT 16/43 (37.2%)

jackberri · October 20, 2011, 06:35:18 pm

IP Location: Russian Federation - ISPSYSTEM-AS
[zolotov110.fvds.ru]
AS29182

Code: [Select]

hxxp://82.146.60.237/116/config.zip  md5sum ===> e1da55db0d957826b560ecba60da7ba5
hxxp://82.146.60.237/116/photo.php
hxxp://82.146.60.237/116/video.php

IP Location: Slovenia - DOMENCA-ASN
IP 212.44.109.181
[zumimi.com]
AS43128
Name Server: ns1.afraid.org | ns2.afraid.org | ns3.afraid.org | ns4.afraid.org
Registrant/Email Registrant: Silva Hayk/admin@tampusa.com

Code: [Select]

hxxp://tampusa.com/mb/l/ist.dat md5sum ===> 11dbd5c7f2d826b374feeb3a34b29f26

jackberri · October 22, 2011, 07:36:04 pm

IP Location: United Kingdom - RACKSPACE UK
IP 89.234.8.225
[www.server2.traffic-ms.com]
AS15395
Name Server: ns1.mydomain.com | ns2.mydomain.com | ns3.mydomain.com | ns4.mydomain.com
Registrant/Email Registrant: Prima Hotels Ltd/

Code: [Select]

hxxp://primahotels.co.uk/my.bin md5sum ===> 74c80fbb2d8b14e5972e191905a70f09

jackberri · October 24, 2011, 10:04:01 am

IP: 60.19.30.135 - 67.40.211.116 - 82.210.157.9 - 218.24.113.3 - 113.161.87.176

Name Server: ns1.footwalmoth.ru | ns1.heilingalatrole.com
Registrant/Email Registrant: Private Person/dartzofmybpull@ppmail.ru

Code: [Select]

hxxp://dartzofmybpull.ru/pof/deq.nk               md5sum ===> 80a70d42fbccdfd3ceeeadb1cb5fe023
hxxp://dartzofmybpull.ru/pof/pol.exe              md5sum ===> 2640155bd985f748b92410fa2f3150d6
hxxp://popspostenkple.ru/kls/gtrsk.php

http://www.virustotal.com/file-scan/report.html?id=dc130628bca4d7ade000fb077585992bc6138b55417cff5066300f019342fded-1319449609
VT 26/41 (63.4%)

jackberri · October 24, 2011, 07:03:15 pm

IP Location: United States - HOSTWAY Corporation
IP 64.26.63.28
[lsh215.chi.us.siteprotect.com]
AS20401
Name Server: a.dns.hostway.net | b.dns.hostway.net
Registrant/Email Registrant: GORAYEB SEMINARS,INC./america@gorayebseminars.com

Code: [Select]

hxxp://wholenutrients.org/all.bin md5sum ===> 67d31bf94e4068df1075759f7dd3a14bRelated md5Sum c60a3292ac0701e066c1c0f414eb0770

jackberri · October 25, 2011, 10:17:40 am

IP Location: Italy - ARUBA-ASN
IP 62.149.128.160
[mxd1.aruba.it]
AS31034
Name Server: DNS2.TECHNORAIL.COM | DNS.TECHNORAIL.COM
Registrant/Email Registrant: RS-Link srl Societa/Ditta/salvatore.partenzi@gmail.com

Code: [Select]

hxxp://shopitzone.com/shop.bin md5sum ===> 6b3c3da5a2c0a1a1c25a2155cae3fa9crelated md5sum 78c4d5699b85ea40eceb7d058842786a

IP Location: United States - GODADDY
IP 208.109.181.224
[p3slh142.shr.phx3.secureserver.net]
AS26496
Name Server: ns35.domaincontrol.com | ns36.domaincontrol.com
Registrant/Email Registrant: Minnesota Corrugated Box/nihanke@mcbox.com

Code: [Select]

hxxp://performanceal.com/images/Pics/mamb.php
IP Location: United Kingdom - Webfusion Internet Solutions
IP 109.104.74.81
[server5070.dedicated.webfusion.co.uk]
AS20738
Name Server: ns1.pukkayurts.com | ns2.pukkayurts.com
Registrant/Email Registrant: Robert Matthews/rob@drtwiggy.com

Code: [Select]

hxxp://aroundtheyurt.com/images/config.php

jackberri · October 25, 2011, 07:19:41 pm

IP Location: Romania - PADICOM SOLUTIONS SRL
IP 89.46.251.181
[89-46-251-181.unassigned.class-it.ro]
AS34201
Name Server: ns1.hive777.com | ns2.hive777.com
Registrant/Email Registrant: Lis Villalpando/zulu@mailti.com

Code: [Select]

hxxp://hive777.com/config.bin               md5sum ===> 0a5758d7a5d690e52ef7b0c7830759ff
hxxp://hive777.com/bot.exe                  md5sum ===> 059363368862c90f86bb7bb18bbe6d2d

http://www.virustotal.com/file-scan/report.html?id=05b18dc071b5a42411e46e28f9404d557c3312a9d09f36e86c70e4ad391921f9-1319569327
VT 22/36 (61.1%)

jackberri · October 27, 2011, 10:07:42 am

IP Location: Lithuania - DC-AS UAB Duomenu Centras
IP 77.79.9.143
[hst-9-143.duomenucentras.lt]
AS16125
Name Server: ns1.dns-diy.net | ns2.dns-diy.net
Registrant/Email Registrant: Deamon Night/admin@waercomendsrar.com

Code: [Select]

hxxp://waercomendsrar.com/webinto/gassonsa.php
hxxp://waercomendsrar.com/conta/configaz.php

IP Location: Sweden - GleSYS-AS
IP 109.74.6.15
[109-74-6-15-static.serverhotell.net]
AS43948
Name Server: NS09.DOMAINCONTROL.COM | NS10.DOMAINCONTROL.COM
Registrant/Email Registrant: Godaddy Software/domains4sale@godaddy.com

Code: [Select]

hxxp://artechellirat.com/config.php

jackberri · October 28, 2011, 04:15:05 pm

IP Location: United States - Clarks Summit Volumedrive
AS46664

Code: [Select]

hxxp://199.115.229.188/files/godlike.exe                md5sum ===> 1b4220719bdd32f19da5c054a9dcc1c6
hxxp://199.115.229.188/files/king.exe                   md5sum ===> 703619abb919034557c68813c8c8fe00
hxxp://93.183.203.28/config/photo.php
hxxp://93.183.203.28/config/video.php

http://www.virustotal.com/file-scan/report.html?id=33416b36d256a515f6ceeb2bd05ff07c2ed78265a2e59f18c9680b936a8f64e6-1319816553
VT 13/37 (35.1%)
https://www.virustotal.com/file-scan/report.html?id=6150c343b4b83c7b1123c9a49e73bdf91845572fa6fcfc73791c71bb088a56aa-1319816899
VT 1/41 (2.4%)

IP Location: Austria - UPC Broadband
IP 91.118.96.154
[154-96-118-91.static.edis.at]
AS6830
Name Server: dns01.gpn.register.com | dns02.gpn.register.com | dns03.gpn.register.com | dns04.gpn.register.com | dns05.gpn.register.com
Registrant/Email Registrant: gianbattista festa/rschuette@steppingoutinc.com

Code: [Select]

hxxp://bodiespooll.com/starlight1/redir.php
hxxp://bodiespooll.com/starlight1/config.php

jackberri · October 28, 2011, 07:01:35 pm

IP Location: Kazakhstan - KAZTELECOM-AS JSC Kazakhtelecom
IP 92.46.52.69
[92.46.52.69.static.telecom.kz]
AS9198
Name Server: ns1.cp.idhost.kz | ns2.cp.idhost.kz
Registrant/Email Registrant: Dmitriy Svetlichnyy/anti.killer@mail.ru

Code: [Select]

hxxp://duowork.kz/w/config.bin                  md5sum ===> 5fd00ce672809bff96fddfa2216a02ed
hxxp://duowork.kz/w/ipconfig.exe                md5sum ===> 4ebcfeaf7846a7b4b9de0e5ed6ccd372
hxxp://duowork.kz/w/gate.php

http://www.virustotal.com/file-scan/report.html?id=2fe59cec35e4b5a55392d2a3d89feb00574b9fa3620d7c76222e0d3eac2a8dea-1319825669
VT 34/43 (79.1%)

jackberri · November 01, 2011, 10:33:00 am

IP Location: Russian Federation - NCONNECT-AS
[er7-749.e6l.su]
AS49335

Code: [Select]

hxxp://141.105.66.240/frmkl/frmkl.bin                     md5sum ===> 5db171157d1b8174231fd10ca0135e1e
hxxp://141.105.66.240/frmkl/frmkl.exe                     md5sum ===> e10defe4bf6d411b69ed941b0b506a32
hxxp://141.105.66.240/frmkl/gate.php

http://www.virustotal.com/file-scan/report.html?id=fed7e2e3c8a393b459b66e31e91f6dac8951fca91399428a390f9eb172cf4ee2-1320142913
VT 12/43 (27.9%)

jackberri · November 02, 2011, 08:14:47 am

IP Location: Germany - LEASEWEB-DE
IP 89.149.226.195
AS28753
Name Server: ns.co.cc | ns1.co.cc | ns2.co.cc | ns5.co.cc
Registrant/Email Registrant: JONG SUNG, KIM/katoffel@nate.com

Code: [Select]

hxxp://7e43b4729d.co.cc/cache/srv/cf           md5sum ===> fb797af0d5bfa3c7a3d2c9184c2383d4
hxxp://7e43b4729d.co.cc/cache/srv/join.php

jackberri · November 02, 2011, 12:54:38 pm

IP Location: Ukraine - SLCC State Land Cadastral Center at the State Agency of Land Resources of Ukraine
IP 91.194.214.76
AS43331
Name Server: ns1.dns-diy.net | ns2.dns-diy.net
Registrant/Email Registrant: Sasha Matveeva /admin@shanmana.net

Code: [Select]

hxxp://shikalmuna.com/mz/l/ist.dat           md5sum ===> 299fe149fb949b7822298ecab23ba94a
hxxp://shikalmuna.com/mz/p.php
hxxp://shikalmuna.com/mz/

jackberri · November 03, 2011, 06:51:20 pm

IP Location: Djibouti - ADJIB-AS DJIBOUTI TELECOM
IP 41.189.229.65
AS30990
Name Server: ns1.jadposten.com | ns1.linskidesign.net.
Registrant/Email Registrant: Private Person/java@free-id.ru

Code: [Select]

hxxp://bentdate.ru/sims.exe                md5sum ===> 94b0b6af08f32e2ce06b1d937e2852d8
hxxp://bentdate.ru/reciverdata.php

http://www.virustotal.com/file-scan/report.html?id=70e53cc8c2b69ec67474c549457dc15255e65117adb474662c4611bcc7b06915-1320345164
VT 22/42 (52.4%)

IP Location: Russian Federation - ELTEL-AS
IP 81.222.215.236
[mailgermes.beget.ru]
AS20597
Name Server: ns1.beget.ru | ns2.beget.ru
Registrant/Email Registrant: Private Person/support@beget.ru

Code: [Select]

hxxp://poletas5.bget.ru/lol/pok.bin           md5sum ===> a3af24032b198ca8f623c8284d631106
hxxp://poletas5.bget.ru/lol/sso.php

IP Location: Ukraine - UKRTELNET JSC UKRTELECOM
IP 93.190.43.161
[93-190-43-161.ukrdomen.com]
AS6849
Name Server: ns1.dns-diy.net | ns2.dns-diy.net

Code: [Select]

hxxp://billingcenter.co.cc/config/auth.php
http://billingcenter.co.cc/config/mail.php

Author Topic: New Zeus server (Read 395753 times)

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server