Author Topic: New Zeus server  (Read 375305 times)

0 Members and 1 Guest are viewing this topic.

January 27, 2010, 11:41:17 pm
Reply #90

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335


dropzone:
hxxp://www.whiskyshopdufftown.co.uk/images/mail/ip.php

Code: [Select]
www.linmaoshuiqing.cn/includes/maduls/gate.php

My apologies
 :-[

No problem. I appreciate all your Zeus url submissions.
Ruining the bad guy's day

January 28, 2010, 02:06:27 pm
Reply #91

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://star2gams.comIP: 91.215.170.36

AS49693

Admin Name: Sharon Umdenstock
Admin Email: umdenstoc@yahoo.com

Tech Name: YahooDomains TechContact
Tech Email: domain.tech@yahoo-inc.com

config url:
Code: [Select]
hxxp://star2gams.com/tr/cnf.bin

January 28, 2010, 02:17:11 pm
Reply #92

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://brothervonmash.comIP: 193.104.94.63

AS50033

Admin Name: Epollinariya
Email: admin@hightramplate.com

config url:
Code: [Select]
hxxp://brothervonmash.com/Reducto465/mtf7ubi8377itr3.bin

January 28, 2010, 07:53:40 pm
Reply #93

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://suez.services.00-com.infoIP: 75.82.179.194

AS20001

Ronald Atkins
Email: ron99houston@msn.com

config url:
Code: [Select]
hxxp://suez.services.00-com.info/phpscript.bin

January 28, 2010, 08:23:45 pm
Reply #94

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
New files for:

Code: [Select]
hxxp://91.201.28.3
config url
Code: [Select]
hxxp://91.201.28.3/ukk2.bin
trojan:
Code: [Select]
hxxp://91.201.28.3/moneyuk3.exe
md5sum 77e351b58a7fee257c77b2fced98e8c6
http://www.virustotal.com/analisis/8e7d8a9acfad067ce6ae0012a8a1391e26dd8f6fd7e752caa8937c8511d46899-1264709531
VT: 12/39 (30.77%)

January 29, 2010, 07:54:44 am
Reply #95

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://fantastictools.com
IP: 66.252.239.35
AS14519

Registrant: Fantastic Tools & Supplies
Administrative Contact: Schlecht, Werner
email: dan@fantastictools.com

trojan:
Code: [Select]
hxxp://fantastictools.com/images/papal.gifmd5sum ===> 6a1caa3989545e003a1c42dfab93776e
http://www.virustotal.com/analisis/9bdf71ff7805c99e1bb9e998e81e219e450cc09ae626819bc2bf580e7ecce972-1264750720
VT 20/39 (51.29%)

January 29, 2010, 09:16:33 am
Reply #96

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://servertransporternews.comIP: 193.105.0.50
AS50390

Registrant ID: VX9UXHD-RU
Registrant Name: Vera V Zaytseva
email: taffy@blogbuddy.ru

congig url:
Code: [Select]
hxxp://servertransporternews.com/penoplast.bin

January 29, 2010, 10:35:15 am
Reply #97

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://biaobrgeroin.cnIP: 195.78.108.150
AS49544

Registrant Name: LiTah
email: tahli@yahoo.com

congig url:
Code: [Select]
hxxp://biaobrgeroin.cn/univito/cnf.bin

January 29, 2010, 07:37:10 pm
Reply #98

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://alteregoxve.net
IP: 91.204.73.5
Reverse: msk1.imhoster.net
AS12695

Creation Date: 27-Jan-2010

Registrant Name: Beklerov Nail Bekmetovich
email: masgaspare@ymail.com


config url:
Code: [Select]
hxxp://alteregoxve.net/vbsa/cc.bin

January 29, 2010, 07:55:01 pm
Reply #99

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://blackngman.com
IP: 115.100.250.108
AS9811

Create: 2010-01-16 02:56:21
Update: 2010-01-21

Registrant Name: Sport Com LTD
email: abuseemaildhcp@gmail.com

config url:
Code: [Select]
hxxp://blackngman.com/gallery/cfg.bin

January 30, 2010, 11:28:28 am
Reply #100

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://91.206.201.14
IP Location: Ukraine Pe Sergey Demin

Sergey Demin
hostmaster@ans.mk.ua

AS47781

config url:

Code: [Select]
hxxp://91.206.201.14/~canada/wes/qasqw.bin
Other sites on this IP:

Code: [Select]
Bizelitt.com (Zeus server)
Bizuklux.cn  (Zeus server)
Morsayniketamere.cn (Zeus server)
Qazxswe.com 
Simplyukjob.net
Strantgre.info 
Yespacknet.org (YES exploit kit)
Iselldumps.com

January 30, 2010, 06:48:16 pm
Reply #101

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://delphin.w2c.ru
IP: 94.75.199.162
AS16265

Registrant Name: Yuri A. Bogdanov
email: root@2x4.ru

config url:
Code: [Select]
hxxp://delphin.w2c.ru/config.bin

January 30, 2010, 08:06:52 pm
Reply #102

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://fastgoogleanalytics.com
IP: 93.190.141.15
Reverse: twilight.void.fi

AS49981

Registrant Name: andre
email: vin.bond@gmail.com

config url:
Code: [Select]
hxxp://fastgoogleanalytics.com/forum/gdvfhsv3.bin

January 30, 2010, 08:27:46 pm
Reply #103

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://193.104.27.110AS12604

Kamushnoy Vladimir
email:  vla.kam@citygameru.cn

config url:
Code: [Select]
hxxp://193.104.27.110/wtf/update.rar
trojan:
Code: [Select]
hxxp://193.104.27.110/wtf/addon.rarmd5sum ===> bb7e88cb39f48388f259eda8ef71097c
http://www.virustotal.com/analisis/7d7d00215063bcada22c0c537b40f130607b235594a92529fd88adac080793a8-1264882811
VT 8/41 (19.52%)

dropzone:
Code: [Select]
hxxp://193.104.27.110/wtf/update.php

January 31, 2010, 02:26:00 pm
Reply #104

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://122.115.63.23IP Location: China Zhengzhou Shenzhen Ostar Telecom Ltd
Reverse: netnic.com.cn

AS9803

Registrant Name:  Jia Xiaojie
email: jxj@netnic.com.cn

config url:
Code: [Select]
hxxp://122.115.63.23/76riuyfir76fk76ri76dfkjyf/fju64i76dj76ei67yutyri76333/zz/zz2/cfg2.binmd5sum ===> 13d26ab9f602185024fdd19831ee45b4
Code: [Select]
hxxp://122.115.63.23/76riuyfir76fk76ri76dfkjyf/jytdrj76ekuytdku76ekudjfg/222/cfg2.binmd5sum ===> 23d208edb85922f70623c01aa2da53d7

trojan:
Code: [Select]
hxxp://122.115.63.23/76riuyfir76fk76ri76dfkjyf/fju64i76dj76ei67yutyri76333/zz/zz2/bot.exemd5sum ===> 4e11c69607b9707ff45f98c874659890
http://www.virustotal.com/analisis/77342f77b83d77453f87509b7d5390050d17dcc39a41a9edcf75cb95a3ca52a7-1264947102
VT 2/41 (4.88%)

dropzone:
Code: [Select]
hxxp://122.115.63.23/76riuyfir76fk76ri76dfkjyf/fju64i76dj76ei67yutyri76333/zz/gate.php