Author Topic: New Zeus server (Read 396482 times)

jackberri · September 24, 2011, 07:45:20 am

IP Location: Romania - ALEXANDRU-NET-TM-AS
IP 94.63.149.22
AS42741
Name Server: ns1.sfs8968f6h8sf6hs80xx.com | ns2.sfs8968f6h8sf6hs80xx.com
Registrant/Email Registrant: jhnvns.92@googlemail.com

Code: [Select]

http://sfs8968f6h8sf6hs80xx.com/g9d7ghd/nedhu8.bin md5sum ===> b1a8c53e933348cc2af67de1d3e5957c
IP Location: Romania - TIER-Data-Center
IP 141.136.16.112
AS50515
Name Server: ns1.lionsxchangez.com | ns2.lionsxchangez.com
Registrant/Email Registrant: Artemio Monaldo/minty@mail13.com

Code: [Select]

http://lionsxchangez.com/iza/che.la md5sum ===> a7fae97f27ed853ad855e204ffa582a8

jackberri · September 25, 2011, 01:25:05 pm

IP Location: Romania - NETVISION-AS
AS39737

Code: [Select]

https://188.247.230.3/long1/long1.gif   md5sum ===> f249d103980720f2878daf9dcca25808
https://188.247.230.3/long2/long2.gif         md5sum ===> ece3ce3e105f5f6e313045d8231e8e24
https://188.247.230.3/long3/long3.gif         md5sum ===> 759f4a61a9ad8841a35e7cb583872f83
https://188.247.230.3/long4/long4.gif         md5sum ===> c39ff470980b899a390f794b5b8a1014
https://188.247.230.3/long5/long5.gif         md5sum ===> 08b3451e01ddadcbe6bb294f71535c67
https://188.247.230.3/panel1/up.php
https://188.247.230.3/panel2/up.php
https://188.247.230.3/panel3/up.php
https://188.247.230.3/panel4/up.php
https://188.247.230.3/panel5/up.php

IP Location: Russian Federation
IP Location: Germany
IP 81.177.33.58
IP 78.46.42.233
[s8.webhost1.ru]
AS8342
AS24940

Code: [Select]

http://fineg.1gb.ru/config.bin         md5sum ===> fddcbc9fdb6e4c38c5495a66bc3ea69b
http://fineg.s8.webhost1.ru/config.bin       md5sum ===> fddcbc9fdb6e4c38c5495a66bc3ea69b
http://fineg.s8.webhost1.ru/gate.php
http://fineg.1gb.ru/gate.php

IP Location: United States - GODADDY .com, Inc
IP 97.74.202.45
[ip-97-74-202-45.ip.secureserver.net]
AS26496
Name Server: NS1.PHARMASURESTORE.COM | NS2.PHARMASURESTORE.COM
Registrant/Email Registrant: Hong, Lauren/lauren@kareway.com

Code: [Select]

http://pharmasurestore.com/data/designImages/MAIN_DESIGN_1295039729.jpg         md5sum ===> 04f3e13538e8b7b6636867a02a354af1
http://alvolante.eu/list.php

jackberri · September 28, 2011, 05:04:42 pm

IP Location: China - Unicom Liaoning Province Network
IP 60.19.30.131
AS4837
Name Server: ns1.animalsslotole.com | ns1.nyfootrange.com
Registrant/Email Registrant: Audric Grenier/wound@cutemail.org

Code: [Select]

hxxp://chairorbitnzo.com/dez/dez.lo   md5sum ===> 74a06abc88fdbfded8d3385bfd2b9d61
hxxp://chairorbitnzo.com/dez/dez.exe  md5sum ===> 7bc4546fe7fdf19493c267e02ca99c57

http://www.virustotal.com/file-scan/report.html?id=02d5366226ad3e3ffd4ebba68041d3e6974d572cc23b4186ceb0d1112f3af33f-1317226909
VT 20/43 (46.5%)

jackberri · October 01, 2011, 07:48:50 pm

IP Location: Moldova - MOLDTELECOM-AS

Code: [Select]

hxxp://92.114.200.165/timer/config.bin  md5sum ===> fa3a98f0f16e57f42b754a4676b627c4
hxxp://92.114.200.165/gate.php

jackberri · October 02, 2011, 02:03:42 pm

IP Location: Latvia - APOLLO-AS
IP 193.105.240.62
[cseb.com]
AS12578
Name Server: ns1.nameself.com | ns2.nameself.com
Registrant/Email Registrant: Private Person/mail@xq4.ru

Code: [Select]

hxxp://devihost.ru/ikrukok/allbruck/boxforall/kritin.bin  md5sum ===> be40ddd4a6f3ec78d2eeaaa46a8a3026
hxxp://devihost.ru/ikrukok/allbruck/rangeaccsapplycations.php

IP Location: United States - INFB InternetNamesForBusiness
IP 64.29.151.221
[hostedc40.carrierzone.com]
AS30447
Name Server: NS2.APLUS.NET | NS1.APLUS.NET | NS3.APLUS.NET
Registrant/Email Registrant: Adam Tomas/adamtomas851@aol.com

Code: [Select]

hxxp://paycheck-calculator.info/mysrab.cfo  md5sum ===> 2f2b3cd0f69b13181e7ead7563e8d05f
hxxp://paycheck-calculator.info/update.php

jackberri · October 03, 2011, 07:09:26 am

IP Location: United States - ALTUSHOST-NET
IP 31.3.153.148
AS51430
Name Server: ns1.dns-diy.net | ns2.dns-diy.net
Registrant/Email Registrant: Alina Gers/admin@klrtm.com

Code: [Select]

hxxp://klrtm.com/bot/1/settings.bin  md5sum ===> 62cac9e817e222383ad15667892f7c3d
hxxp://klrtm.com/bot/1/bot.exe  md5sum ===> e0dbe80ff2ac2ff41b8a2c50bad09f6a
hxxp://klrtm.com/bot/gate.php

http://www.virustotal.com/file-scan/report.html?id=c6385217146a7e99d3b3ca67647a5b89a4a171d590402023d60fd26c39703f9d-1317625446
VT 21/43 (48.8%)

jackberri · October 05, 2011, 10:33:05 am

IP Location: Ukraine - Infium Ltd. Network
IP 91.218.38.132
[hosted-by.infiumhost.com]
AS197145
Name Server: LOVINGNAME.MERCURY.ORDERBOX-DNS.COM | LOVINGNAME.VENUS.ORDERBOX-DNS.COM | LOVINGNAME.EARTH.ORDERBOX-DNS.COM | LOVINGNAME.MARS.ORDERBOX-DNS.COM
Registrant/Email Registrant: Eric Bohr/lubimushka@yahoo.co.uk

Code: [Select]

hxxp:xpaymentsexpress0.in/images_tmp/image5346.jpg  md5sum ===> f74844e987c9fda9c9524f86e8f1bfb2
hxxp://xpaymentsexpress0.in/images_tmp/g_tw.php

jackberri · October 05, 2011, 06:04:09 pm

IP Location: United Kingdom - SIMPLYTRANSIT
IP 217.112.82.20
[mirage.webhosting.uk.com]
AS29550
Name Server: NS2.123-REG.CO.UK | NS.123-REG.CO.UK
Registrant/Email Registrant: 3D Ink Ltd/lee@3dink.co.uk

Code: [Select]

hxxp://leewhitehead.com/wp-content/themes/wordpress_survive/images/slide2.jpg  md5sum ===> 4aa9d604a06bb3eec00bfac6d9d396bd

jackberri · October 06, 2011, 06:57:18 pm

IP Location: Germany - HOSTEUROPE-AS
IP 46.163.115.204
[lvps46-163-115-204.dedicated.hosteurope.de]
AS20773
Name Server: ns1.hans.hosteurope.de | ns2.hans.hosteurope.de
Registrant/Email Registrant: Timo Breuer/Timo0704@gmx.de

Code: [Select]

hxxp://timobreuer.de/res/timo1980.bin  md5sum ===> c47adba87f437aada1fd9f2d9b84157d
hxxp://timobreuer.de/res/timo.php

IP Location: Thailand - CAT-AP
IP 61.19.247.232
[cat42.thaihostserver.com]
AS9931
Name Server: ns1.thmambo.com | ns2.thmambo.com
Registrant/Email Registrant: sataporn nukong/tun221@gmail.com

Code: [Select]

hxxp://i-lovefurniture.com/adodb/drivers/etc/error.jpeg  md5sum ===> 7ae5727b1cc5192635d666b67bd102ec
hxxp://i-lovefurniture.com/adodb/drivers/etc/nApjYcH8.php

IP Location: France - OVH-1
IP 87.98.187.29
[87-98-187-29.kimsufi.com]
AS16276
Name Server: NS1.FREEDNS.WS | NS2.FREEDNS.WS
Registrant/Email Registrant: Sergey Semenov/exsile777@gmail.com

Code: [Select]

hxxp://googlexstat.in/logs/adv.bin md5sum ===> 2625fa5a1980d542d17b950d7bc3b7b9
IP Location: United States - RoadRunner RR-RC-Enet-Columbus
IP 209.190.24.4
[4.18.be.static.xlhost.com]
AS10297
Name Server: NS1.BYET.ORG | NS2.BYET.ORG
Registrant/Email Registrant: Administrator Administrator/unsecretarygeneral@gmail.com

Code: [Select]

hxxp://tiseyem.webnika.info/profi.bin  md5sum ===> 9253fadc3ac88a790ac3cb1b43c0a791
hxxp://bntz.net/weblogs/stat.php

jackberri · October 07, 2011, 06:12:38 pm

IP Location: United Kingdom - RoadRunner RR-RC-Enet-Columbus
IP 209.190.85.14
[node6.byetcluster.com]
AS10297
Name Server: NS1.BYET.ORG | NS2.BYET.ORG
Registrant/Email Registrant: Administrator Administrator/unsecretarygeneral@gmail.com

Code: [Select]

hxxp://gafilacu.webshost.info/profi.bin md5sum ===> 9253fadc3ac88a790ac3cb1b43c0a791
IP Location: United Kingdom - RoadRunner RR-RC-Enet-Columbus
IP 209.190.85.252
[www.quark.byethost4.com]
AS10297
Name Server: ns1.byet.org | ns2.byet.org
Registrant/Email Registrant: Chris Chadd/rebelcreek@live.com

Code: [Select]

hxxp://zoqovix.torridhosting.com/profi.bin/profi.bin md5sum ===> 9253fadc3ac88a790ac3cb1b43c0a791
IP Location: Spain - Euskatel S.A.
IP 85.84.40.195
[195.85-84-40.dynamic.clientes.euskaltel.es]
AS12338
Name Server: ns1.acorngroupinc.com | ns2.acorngroupinc.com
Registrant/Email Registrant: Private Person/built@ppmail.ru

Code: [Select]

hxxp://fabsnot.ru/search/old02ziu.bin  md5sum ===> 910f15aa718842dadc678dceeb541aee
hxxp://rudeink.ru/search/frings.php
hxxp://rudeink.ru/search/baby2011.php

IP Location: United States - Ecommerce Inc
IP 98.130.177.73
[rev.opentransfer.com.73.177.130.98.in-addr.arpa]
AS32392
Name Server: NS13.IXWEBHOSTING.COM | NS14.IXWEBHOSTING.COM
Registrant/Email Registrant: E Z RED/luketucker@ezred.com

Code: [Select]

hxxp://ezred.com/new2.bin md5sum ===> 8accd1bd050ac84aac24c7a2a8b98670
IP Location: Russian Federation - Agava Ltd
[vm3464.vps.agava.net]
AS24971

Code: [Select]

hxxp://80.78.243.44/settings/rp003.php
hxxp://80.78.243.44/settings/config.php

IP Location: Singapore - SINGNET Singapore Telecommunications
IP 58.185.33.163
AS3758
Name Server: ns1.footwalmoth.ru | ns1.heilingalatrole.com
Registrant/Email Registrant: Egidia Palomo/fq@mail13.com

Code: [Select]

hxxp://flowersinamew.com/pof/deq.nk         md5sum ===> bbc1f163ddabaecef8608f0bcee47945
http://flowersinamew.com/pof/pol.exe         md5sum ===> e2434b930eb9c79358388501b8dd137b

http://www.virustotal.com/file-scan/report.html?id=23920e7595ef71df685321adc78b0e76d7fdfc96dce482f7a263bf7fedf39d74-1318009706
VT 31/43 (72.1%)

jackberri · October 08, 2011, 05:07:43 pm

IP Location: Russian Federation - ISPSYSTEM-AS
IP 62.109.24.212
[tanya2.vrazenkova.fvds.ru]
AS29182
Name Server: ns7.zoneedit.com | ns14.zoneedit.com
Registrant/Email Registrant: Tatyana Vrazhenkova/tanya.vrazenkova@yandex.ru

Code: [Select]

hxxp://kastakasta.info/job2/fig.bin  md5sum ===> 3fb38c5412b948626b593a542c6ebe9c
hxxp://kastakasta.info/job2/shit.exe   md5sum ===> f3997988d9b711c00557dba127d7f791
hxxp://kastakasta.info/job2/server/zsbcs.exe   md5sum ===> 99676e951a6b7aecf04ad667e7e23c06
hxxp://kastakasta.info/job2/exit.php

http://www.virustotal.com/file-scan/report.html?id=3bd4fbe718af91b70feea0f746026e7355fbf8275ce63d3593ad3306a0f987ed-1318092029
VT 17/43 (39.5%)
http://www.virustotal.com/file-scan/report.html?id=f15791248ebc394a979d4d388ebde02573a991cdb1bba320edaa5495053a611a-1318091768
VT 36/43 (83.7%)

jackberri · October 10, 2011, 11:46:57 am

IP Location: United States - FDCSERVERS AS
AS30058

Code: [Select]

hxxp://204.45.79.76/config.bin  md5sum ===> 3387448d1ebf9015a5e5ea755ae30216
hxxp://204.45.79.76/ga.php

jackberri · October 12, 2011, 06:58:12 am

IP Location: United Kingdom - ASVAROVAEV FOP Varovaev Leonid Gennadevich
AS6753

Code: [Select]

hxxp://91.229.90.3/defforty1config/settings.bin  md5sum ===> 5c63318ee07ede606e2641b32eba069e
hxxp://91.229.90.3/defforty1config/bot.exe   md5sum ===> ed34b46a4524c7d05e45200eaf09f765
hxxp://91.229.90.3/defforty1config/flashplayer.exe   md5sum ===> 5388fb41691c609d5d6ba2f688961ae2
hxxp://91.229.90.3/defforty1config/redir.php
hxxp://91.229.90.3/defforty1config/config.php

http://www.virustotal.com/file-scan/report.html?id=fdfc8bc93fc3156bfa81e33fc97d88b48ef774fa3ec5315e83e70a780f6ed194-1318401304
VT 36/43 (83.7%)
http://www.virustotal.com/file-scan/report.html?id=f3ec9d490521e2785327a05dea56b37cad1e1b2340c37499246eda722a8319d2-1318401054
VT 1/41 (2.4%)

IP Location: United States - GODADDY
IP 97.74.144.138
[p3nlh138.shr.prod.phx3.secureserver.net]
AS26496
Name Server: NS35.DOMAINCONTROL.COM | NS36.DOMAINCONTROL.COM
Registrant/Email Registrant: Abdul Ghani AG/abdghanit@gmail.com

Code: [Select]

hxxp://eminence-global.com/welcome.php
hxxp://eminence-global.com/config.php

jackberri · October 14, 2011, 11:25:01 pm

IP Location: United States - Fdcservers.net
IP 66.90.73.50
[www.upersia.com]
AS30058
Name Server: ns7.paynhost.com | ns8.paynhost.com
Registrant/Email Registrant: Martin Dudley/martin.dudley@live.com

Code: [Select]

hxxp://vzrnb4o4.com/weblogo.jpg  md5sum ===> 63b4893d7bd9d7253ba41b1f2b0d976f
hxxp://vzrnb4o4.com/binupd.jpg   md5sum ===> 63b4893d7bd9d7253ba41b1f2b0d976f
hxxp://vzrnb4o4.com/date32.exe   md5sum ===> 2c7aa82041c2cc5df0fea5e9bb4ac618
hxxp://www.perthlocalwebservices.com.au/index2.php

http://www.virustotal.com/file-scan/report.html?id=0cc364f28f03bf8752e13a78a9bf3f0b3e53e700191e375baa41d40f177b8d71-1318633913
VT 23/43 (53.5%)

jackberri · October 16, 2011, 03:43:30 pm

IP Location: Ukraine - MHOST-AS MHOST DATA CENTER
IP 193.169.218.210
[colo-198-210.mhost.kiev.ua]
AS21098
Name Server: ns12.zoneedit.com | ns14.zoneedit.com
Registrant/Email Registrant: Private Person/admin@jad3.ru

Code: [Select]

hxxp://jad3.ru/main.php
hxxp://jad3.ru/logo/config.php

IP Location: United States - DREAMHOST-AS
IP 67.205.0.90
[apache2-argon.bridgetown.dreamhost.com]
AS26347
Name Server: ns1.dreamhost.com | ns2.dreamhost.com | ns3.dreamhost.com
Registrant/Email Registrant: kchohensee.com Private Registrant/kchohensee.com@proxy.dreamhost.com

Code: [Select]

hxxp://kchohensee.com/new/_images/print/images/mamb.php
IP Location: United States - LOGIXCOMM-AS
IP 216.215.112.149
[149.112.215.216.static.logixcom.net]
AS11215
Name Server: NS91.WORLDNIC.COM | NS92.WORLDNIC.COM
Registrant/Email Registrant: Portagas, Inc/ken@portagas.com

Code: [Select]

hxxp://216.215.112.149/ssl/config.bin  md5sum ===> 63551a336b515fccee88695c79e10f65
hxxp://www.portagas.com/ssl/config.bin  md5sum ===> 63551a336b515fccee88695c79e10f65
hxxp://216.215.112.149/ssl/bot.exe  md5sum ===> fb6eeacf29e91016faa1779f5d2b2e3e
hxxp://www.portagas.com/ssl/bot.exe  md5sum ===> fb6eeacf29e91016faa1779f5d2b2e3e
hxxp://http://www.portagas.com/ssl/gate.php
hxxp://http://216.215.112.149/ssl/gate.php

http://www.virustotal.com/file-scan/report.html?id=f8d07c10646414fadba8156015b1be2ab1b6c6d40f783fb7de1c53a69d129a99-1318778753
VT 28/43 (65.1%)

IP Location: Belarus - Mobile Service Ltd
IP 93.125.99.5
[vh36.hoster.by]
AS6697
Name Server: ns1.tutby.com | ns2.tutby.com
Registrant/Email Registrant: Private Person/yakovdima@gmail.com

Code: [Select]

hxxp://www.dgemz.by/plugins/user/tray.php
IP Location: Russian Federation - ALTURA-AS
IP 95.141.193.54
AS44158
Name Server: ns1.changeip.org | ns3.changeip.org | ns2.changeip.org
Registrant/Email Registrant: ChangeIP.com/cctldadmin@networksolutions.com

Code: [Select]

hxxp://gonewb.ddns.ms/authorization.php
hxxp://gonewb.ddns.ms/secure/secur.php

Author Topic: New Zeus server (Read 396482 times)

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server

jackberri

Re: New Zeus server