Author Topic: New Zeus server  (Read 371109 times)

0 Members and 2 Guests are viewing this topic.

May 11, 2010, 03:15:16 pm
Reply #270

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States Scranton Network Operations Center Inc
IP 66.197.236.149   
[hostecs.net]
AS21788
Email Registrant: 74hucn@163.com
Code: [Select]
hxxp://163580.cn/fine/config.binmd5sum ===> d6b3a9bc99b5088223059f2778443a6b
SHA256 ===> f3409eefb12aadef7af6cb8ed941286f2ec3a460253f0bc12f818e550c25d8b3
Code: [Select]
hxxp://163580.cn/fine/gate.php
Email Registrant: wsndpy@gmail.com
Code: [Select]
hxxp://ouiu.cn/fine/config.binmd5sum ===> d6b3a9bc99b5088223059f2778443a6b
SHA256 ===> f3409eefb12aadef7af6cb8ed941286f2ec3a460253f0bc12f818e550c25d8b3
Code: [Select]
hxxp://ouiu.cn/fine/gate.php
Registrant/Email Registrant: Roosveer, Marc/dns@armyrats.com
Code: [Select]
hxxp://armyrats.com/fine/config.binmd5sum ===> d6b3a9bc99b5088223059f2778443a6b
SHA256 ===> f3409eefb12aadef7af6cb8ed941286f2ec3a460253f0bc12f818e550c25d8b3
Code: [Select]
hxxp://armyrats.com/fine/gate.php
Registrant/Email Registrant: WhoisGuard Protected ()/(4ec1d3c371124f439aef7f4798c3b253.protect@whoisguard.com)
Code: [Select]
hxxp://jswiseco.com/fine/config.binmd5sum ===> d6b3a9bc99b5088223059f2778443a6b
SHA256 ===> f3409eefb12aadef7af6cb8ed941286f2ec3a460253f0bc12f818e550c25d8b3
Code: [Select]
hxxp://jswiseco.com/fine/gate.php
IP Location: Germany Hetzner Online Ag
[free.gigespace.net]
AS24940
Registrant/Email Registrant: Igor Potapov/abuse@gigespace.com
Code: [Select]
hxxp://178.63.221.91/config.binmd5sum ===> bcc47a83502f61c146c92d7aaa27510a
SHA256 ===> 982f4742b65f077331f49c5e5cbeb75998b2f5bbf4d980a81ce628d56961e454
Code: [Select]
hxxp://178.63.221.91/gate.php

May 12, 2010, 09:58:28 am
Reply #271

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine - VLAF-AS Vlaf Processing Ltd
IP 195.88.144.62  
AS48984
Registrant/Email Registrant: Evgeny Korentzov/admin@farsearch.tw
Code: [Select]
hxxp://farsearch.tw/zs/cofag56.binmd5sum ===> b5762fd7dbf70a3fd54482dbf357b33d
SHA256 ===> 8b6a97ebb17faca05ba16a3bbc084b2d81ec0536120fcd24262099b5458a1f05
Code: [Select]
hxxp://farsearch.tw/zs/botetz.exemd5sum ===> d17815b31e88723e2651462f286823b2
SHA256 ===> 8ea3b7aa9acb00053fc1940c87fdc4fd9e327bdfb6674423f5492acb539ccbde
https://www.virustotal.com/es/analisis/8ea3b7aa9acb00053fc1940c87fdc4fd9e327bdfb6674423f5492acb539ccbde-1273653222
VT 10/41 (24.4%)
Code: [Select]
hxxp://farsearch.tw/zs/gates5.php

May 13, 2010, 06:55:55 pm
Reply #272

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States Dallas Theplanet.com Internet Services Inc
IP 70.87.126.194
[gator65.hostgator.com]   
AS21844
Registrant/Email Registrant: Christopher Davis/email@stopher.org
Code: [Select]
hxxp://lindsaydavis.com/lx/cfg.binmd5sum ===> b08a219f3e237a6bb083c47d43850729
SHA256 ===> 6ce9f4b1186581582af1517b1298779f118910c454da6ba446b8630c1ddcbcef
Code: [Select]
hxxp://lindsaydavis.com/lx/ldr.exemd5sum ===> 0a1ead02394006cb77835523e291caa1
SHA256 ===> f145deea33d4610ec3f1bd1ab82c3e811153fcf69e88ed787b7f9f8f6a8f5c6a
https://www.virustotal.com/es/analisis/f145deea33d4610ec3f1bd1ab82c3e811153fcf69e88ed787b7f9f8f6a8f5c6a-1273775965
VT 37/41 (90.24%)
Code: [Select]
hxxp://lindsaydavis.com/lx/index.php
Code: [Select]
hxxp://lindsaydavis.com/lx/s.php

May 14, 2010, 09:46:48 am
Reply #273

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Canada IWEB-AS iWeb Technologies Inc
IP 67.205.74.14
AS32613
Registrant/Email Registrant: WhoisGuard Protected/08dbd7be4be64c1ca86a2f62d8dd6dfd.protect@whoisguard.com
Code: [Select]
hxxp://serviceexe.com/config.binmd5sum ===> 82c10b861d678058c747267ebde07967
SHA256 ===> 5b7d445238b55db1a7cbc484dcf914b2e32c2bfdd25b81b9e7a0d72edc324ba9
Code: [Select]
hxxp://serviceexe.com/bot.exemd5sum ===> e400573df78d3d82523edfa8559dc320
SHA256 ===> a24414651883b57f6ef08da4f54f56ad4acec6570212393f63151720f543386c
https://www.virustotal.com/es/analisis/a24414651883b57f6ef08da4f54f56ad4acec6570212393f63151720f543386c-1273829472
VT 33/41 (80.49%)
Code: [Select]
hxxp://serviceexe.com/gate.php

May 15, 2010, 03:07:12 pm
Reply #274

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine - VLAF-AS Vlaf Processing Ltd
IP 195.88.144.92   
AS48984
Email Registrant: 94ab291ccbfd96b35c155386eec1ce2a@domain-private.com
Code: [Select]
sollutsn.biz/newstart/botopriem.php

May 18, 2010, 12:57:22 pm
Reply #275

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Lithuania - Elneta-AS Internet Service Provider ELNETA UAB Autonomous System Lithuania, Vilnius
IP 193.219.5.201
AS21031
Registrant/Email Registrant: Abdul/g4hosting@safe-mail.net
Code: [Select]
hxxp://gameover.net.in/bot123/config.binmd5sum ===> 2e712284995e0d293888387bef36a669
SHA256 ===> bd4b16054ed61f60ebb6453033c84aa7d7de977b97669c1d06e75b534a058d1a


related rootkit Rustock
IP Location: United States -PNAP-MIA -SOFTLAYER Technologies Inc.   
IP 208.43.19.64
[208.43.19.64-static.reverse.softlayer.com]
AS36351
Registrant/Email Registrant: Zebra Media/zebramediallc@gmail.com
Code: [Select]
hxxp://liveinfopro.com/dl/inst1018wse.exemd5sum ===> 30fbdbb98a5a886fef895ae2445ec98b
SHA256 ===> da6a09b0013efe8894ea30fe6b331b0e9381512711ec14d86f457713938b016c
https://www.virustotal.com/es/analisis/da6a09b0013efe8894ea30fe6b331b0e9381512711ec14d86f457713938b016c-1274164725
VT 0/41 (0%)

May 19, 2010, 07:07:58 am
Reply #276

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - AUT-NUM- American Internet, In 
IP 204.10.137.152
[www6.cpanel8.amhosting.com]   
AS33093
Registrant/Email Registrant: Elaine E Cordiello/billing@amhosting.com
Code: [Select]
hxxp://rdello.com/cfg2.binmd5sum ===> f48f1af605c1fc6a11c5a0008d635003
SHA256 ===> 3a4b4e24d2684461a2229fa514c1a17f4f117b683ea9a76d49ccb41865a41492
Code: [Select]
hxxp://rdello.com/gate.php
IP Location: China - CHINANET-BJ-METRO Beijing Telecom 
IP 121.101.216.205
AS4847
Registrant/Email Registrant:  PP-SP-001/contact@privacyprotect.org
Code: [Select]
hxxp://ddkom.biz/eu/index.phprelated:
Code: [Select]
www.newsdownloads.cn
www.coolparts31.tw
www.sinergy-dl.com
www.sokam.info
   

May 19, 2010, 09:41:52 am
Reply #277

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - Hosting Solutions International 
IP 69.64.62.49
[static-ip-69-64-62-49.inaddr.intergenia.de]   
AS30083
Registrant/Email Registrant: Pyotr Smirnov/royalhideaway77@gmail.com
Code: [Select]
hxxp://www.basurm.com/sl/config.binmd5sum ===> a44010a4329613acde310415fa088ed3
SHA256 ===> 802ea6db5c55a8784f972516cdeb9d8322925df1ab4e6d3685a6ca8b4cb229ef
Code: [Select]
hxxp://www.basurm.com/sl/vs.php
IP Location: Korea - Proxy-Registered Route Object by DACOM(AS3786)
IP 125.180.131.26
AS17858
Code: [Select]
hxxp://deewaek4heeh.kz/cp11/zengate.php
other stuff
Code: [Select]
hxxp://cmccmcssvnbuilds.com/zs/_reports/other/--+default+--/

May 19, 2010, 06:00:49 pm
Reply #278

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - THEPLANET-AS2 ThePlanet.com Internet Services, Inc. 
IP  174.121.79.66
[michigan.site5.com]
AS21844
Registrant/Email Registrant: Claudia Mexicano Padilla/ron@rontrs.com
Code: [Select]
hxxp://ellater.com/gate.php
Code: [Select]
hxxp://ellater.com/index.php

May 20, 2010, 10:31:51 am
Reply #279

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  UA - EVAUA-NET  InfoPlus Ltd
IP 91.216.11.92
AS50908
Email Registrant: kazanovshina@yahoo.com
Code: [Select]
hxxp://www.kazanovshina.ru/kuku.php
Code: [Select]
hxxp://kazanovshina.ru/kuku.php
IP Location: Kazakhstan - ALFAHOSTNET Alfa-Host LLP. 
IP 193.105.207.120
AS50793
Registrant/Email Registrant: Alexandr Dmitrikov/2354364575s@gmail.com
Code: [Select]
hxxp://34real.ru/bin.binmd5sum ===> dd7850b9af0f494ed65a98e34f5ba7fa
SHA256 ===> b75b7787536a805761ea0e1ca603cab2071e2f3a9bb6dcaff6705b55ee0b1b76
Code: [Select]
hxxp://34real.ru/http/bin.exemd5sum ===> 66686d067c0a19c3da358b59f5681426
SHA256 ===> 3d522a6ff2705815027cbfa83316e69304b89b066b58391cf7d90883cf715cf9
https://www.virustotal.com/es/analisis/3d522a6ff2705815027cbfa83316e69304b89b066b58391cf7d90883cf715cf9-1274350836
VT 3/41 (7.32%)
Code: [Select]
hxxp://34real.ru/http/rapport.exemd5sum ===> 3cc308ca988a282ee881dde006722cd9
SHA256 ===> 8b880255e2ec4346d574f366961e14ac91acd16989e1b130f76bab32fecc8cbd
https://www.virustotal.com/es/analisis/8b880255e2ec4346d574f366961e14ac91acd16989e1b130f76bab32fecc8cbd-1274350925
VT 5/41 (12.2%)
Code: [Select]
hxxp://34real.ru/http/killaa.exemd5sum ===> 29bceaf44e3f621ecf9420ee88ed2e67
SHA256 ===> 33813ef664075fb429065575b75d751d7f05d455a4f38c78c96366756ef90980
https://www.virustotal.com/es/analisis/33813ef664075fb429065575b75d751d7f05d455a4f38c78c96366756ef90980-1274351152
VT 6/41 (14.64%)
Code: [Select]
hxxp://34real.ru/http/logosex.php

May 21, 2010, 12:36:17 pm
Reply #280

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location:  Germany  - Berlin - 1&1 Internet Ag 
IP 87.106.81.67
[s15331284.onlinehome-server.info]
AS8560
Registrant/Email Registrant: Gravitynet E-Solutions  (SROW-373360)/info@gravitynet.es
Code: [Select]
hxxp://loteriahadamadrina.com/imagenes/logos/logo_generale2.pngmd5sum ===> 8116a1a983278d81294e8e1308c63091
SHA256 ===> 20455ee5aaecc9be979632561f6394b46d36f039c4d658cf7b1322cb523aa931
https://www.virustotal.com/es/analisis/20455ee5aaecc9be979632561f6394b46d36f039c4d658cf7b1322cb523aa931-1274445032
VT 3/41 (7.32%)
related:
IP Location: France - ProXad network / Free SAS 
IP 88.191.12.172
[lola.cathytof.com]
AS12322
Registrant/Email Registrant: Brad Higginbotham/EmersonDuffyZP@gmail.com
Code: [Select]
hxxp://barmatuxa.info/images/smilies/domaindelete.binmd5sum ===> 33ed97929bc7bce41aaf6c5929d10468
SHA256 ===> 54a621a7efffe8efcc88595ab5f2cb4c74ae044b227fe2b20c0383ac2342ef9b

other stuff:
IP Location:  Latvia - LATVENERGO-AS Latvian national Energy company
IP 85.15.231.77
[mail.mm88.lv]
AS29600
Code: [Select]
http://bacalavala.com.es/am/8e383b9b5d61f31de077719e46fa2b0b.php
new file related bestviewbar.com:

Code: [Select]
hxxp://solaruploader.net/asdasd23435667ed.exemd5sum ===> 75ea4c941fd89002c8db690c16ef200a
SHA256 ===> ec36c6c7e4ca2b7f3c42c0d5633e30c21dc64b9ee1c302acd53de0d79094a24b
https://www.virustotal.com/analisis/ec36c6c7e4ca2b7f3c42c0d5633e30c21dc64b9ee1c302acd53de0d79094a24b-1274403104
VT 7/41 (17.07%)


May 21, 2010, 02:32:40 pm
Reply #281

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
related barmatuxa.info/images/smilies/domaindelete.bin
IP Location:   United States  - New York - Buffalo - Matrix Telecommunications 
IP 24.75.44.61
[col10.prvlb.net]
AS3356
Registrant/Email Registrant: Bonnie Ross/bonnie@stuffedchocolate.com
Code: [Select]
hxxp://stuffedchocolate.com/email2.jpgmd5sum ===> d4064ae8325eea56020f8a006b25b33f
SHA256 ===> ce8f9fbb56a0c44bc6f21214ec900cc67d7192cd2710288b01d096cec6a27dd9
https://www.virustotal.com/es/analisis/ce8f9fbb56a0c44bc6f21214ec900cc67d7192cd2710288b01d096cec6a27dd9-1274451707
VT 3/41 (7.32%)

May 23, 2010, 10:25:58 pm
Reply #282

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: China  CHINANET-BJ-METRO BeijingTelecom
IP 121.101.216.196
AS4847
Registrant/Email Registrant: Karen Young/contact@myprivateregistration.com  
Code: [Select]
hxxp://karenearly.com/s/exe.exemd5sum ===> 183d01e1fa314af2206cd2a6e72c413e
SHA256 ===> 92da9864f335587d33bb11253bfeb1e303eaae924690e7ea205a5e871e2aeadf
https://www.virustotal.com/es/analisis/92da9864f335587d33bb11253bfeb1e303eaae924690e7ea205a5e871e2aeadf-1274653312
VT 16/41 (39.03%)
related already listed:
Code: [Select]
hxxp://cribrejist.kz/bin/zoogezow.bin

related barmatuxa.info:
IP Location: Spain  - AS_ARSYS-EURO-1 arsys.es
IP 217.76.130.68
[llgb974.servidoresdns.net]
AS20718
Registrant/Email Registrant: Antonio Sanchez Vazquez/asanchez@centrocep.es  
Code: [Select]
hxxp://centrocep.es/imagenes/bannercepweb12.jpgmd5sum ===> 667d0cbc8adc4b65c5cd157817b60ddf
SHA256 ===> 3d836753aa18696a7a4121ef39491d907a8816ce72a282ac8673c3b9dc9fde13
https://www.virustotal.com/es/analisis/3d836753aa18696a7a4121ef39491d907a8816ce72a282ac8673c3b9dc9fde13-1274653065
VT 11/41 (26.83%)

related barmatuxa.info:
IP Location: Germany  - Strato Rechenzentrum -  STRATO AG
IP 81.169.145.72
[w08.rzone.de]
AS6724
Registrant/Email Registrant: Yolanda Cortizo Escalona/yocores@hotmail.com
Code: [Select]
hxxp://achepizzeria.com/Imagenes/logo12.gifmd5sum ===> 0462b6b5e5a8d718fe10d9cd9329bc0b
SHA256 ===> 79cb72cf9dd5ac49e9cb334cd8a73edf811f90df066b3ed4bbd1ca31a82da6f6
https://www.virustotal.com/es/analisis/79cb72cf9dd5ac49e9cb334cd8a73edf811f90df066b3ed4bbd1ca31a82da6f6-1274652814
VT 7/40 (17.5%)

IP Location: Morocco - IAM-AS Itissalat Al-MAGHRIB MAROC TELECOM
IP 41.140.132.55
AS6713
Code: [Select]
hxxp://2gunz.no-ip.info/bot/cfg.binmd5sum ===> 487ccb56f29f4c5404a4d4e26235205d
SHA256 ===> 0866dfc3b6acdd5645c02de8db58c7dc5ade01d7d4f9929a411b8971d977b8a2
Code: [Select]
hxxp://2gunz.no-ip.info/bot/gate.php

May 24, 2010, 06:53:57 am
Reply #283

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Turkey - Borusan Telekom Ankara - BORUSANTELEKOM-AS Borusan Telekom Autonomus System
IP 212.98.234.210
AS15924
Registrant/Email Registrant: aziz san/azizsan@hotmail.com
Code: [Select]
hxxp://akocakkoyu.com/images/bot.exemd5sum ===> 9579cc953b402bb908f7fe51075c3243
SHA256 ===> 9d06d9bce0f472b66c3bc181ee16cb96e0d9b33db619e01c560a9234a4f971ec
https://www.virustotal.com/es/analisis/9d06d9bce0f472b66c3bc181ee16cb96e0d9b33db619e01c560a9234a4f971ec-1274682826
VT 38/40 (95%)

more:
Code: [Select]
hxxp://akocakkoyu.com/images/loader.exemd5sum ===> 48a793a2180b3841c18db03fd899b476
SHA256 ===> 2b933977576b2369770b130cf3e2d7db8e4767eebcc6a8bf217a931e7cdc9af2
https://www.virustotal.com/analisis/2b933977576b2369770b130cf3e2d7db8e4767eebcc6a8bf217a931e7cdc9af2-1274682028
VT 25/41 (60.98%)

May 24, 2010, 04:08:30 pm
Reply #284

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine - GLOBALROUTING - INTERACTIVE3D-AS
IP 195.78.109.177
AS49544
Registrant/Email Registrant: Ulian Ve/aniwaylin@yahoo.com
Code: [Select]
hxxp://dledns.org/firma/ccnf.binmd5sum ===> cb669a703c6107e6f696c627414b9adb
SHA256 ===> 1ddedcae84c85c20de59d599f23503d716c1703f112100acbe15e5ee70e5c969

other malware (SpyEye):
IP Location: United States - SINGLEHOP, Inc.
IP 69.175.5.60
[web72.justhost.com]
AS32475
Registrant/Email Registrant: Ben Barry/privacy@pipedns.com
Code: [Select]
hxxp://ousdre.com/Formgrab Access Panel/config.php