Author Topic: New Zeus server  (Read 367822 times)

0 Members and 1 Guest are viewing this topic.

April 28, 2010, 08:32:59 am
Reply #255

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation NEVAL PE Nevedomskiy Alexey Alexeevich 
IP 91.212.198.228
AS24589
Code: [Select]
hxxp://gardenhousee.com/showtop/config.binmd5sum ===> d41d8cd98f00b204e9800998ecf8427e
SHA256 ===> e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Code: [Select]
hxxp://gardenhousee.com/showtop/imdex1.php
IP Location: Netherlands GRAFIX-IS GrafiX Internet B.V 
IP 194.110.67.125
AS16131
Code: [Select]
hxxp://kiktodns.com/redir.php

April 30, 2010, 07:03:36 am
Reply #256

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United Kingdom Block For Pi Assignments   
IP 193.105.207.98
AS50793
Code: [Select]
hxxp://recover8888.com/zk/cofag56.binmd5sum ===> 89fd2736508a5bee4a2c7ae9d9086469
SHA256 ===> 544559a0a36e4a578ed18c799eacfa9c13d1b4ef28f4c6542209280070a1753a
Code: [Select]
hxxp://recover8888.com/zk/botetz.exemd5sum ===> d2acb86a4e2e8137bc40885582f42132
SHA256 ===> f4efd9db902a9b7409b19684c7e1caf0b8ca62757b5d485e1f9aec9dc2792b97
http://www.virustotal.com/es/analisis/f4efd9db902a9b7409b19684c7e1caf0b8ca62757b5d485e1f9aec9dc2792b97-1272610575
VT 4/41 (9.76%)
Code: [Select]
hxxp://recover8888.com/zk/gates5.php

April 30, 2010, 12:26:56 pm
Reply #257

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States Dallas Softlayer Technologies Inc   
IP 74.86.133.34
[sigma.hytekhosting.com]
AS36351
Code: [Select]
hxxp://shelobs.com/img/affair5.gifmd5sum ===> f66d9d044c95f38de0a56b4294937958
SHA256 ===> ad8785d69eb67b518218aeaff9be5fdbaa7ecd88a6bcda41fde9479e532bd8bd
Code: [Select]
hxxp://shelobs.com/img/affair6.gifmd5sum ===> ae82052de985339186c81fb40a4015ac
SHA256 ===> 0e654a6511a1f0fb6333a3b35c8a9c9be69d34fc03d3868fb58f61f3960457cd

May 01, 2010, 10:23:30 am
Reply #258

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Germany Gunzenhausen Fastvps Ltd   
IP 188.40.159.20
[static.20.159.40.188.clients.your-server.de]
AS24940

Code: [Select]
hxxp://defibrilator-life.co.cc/life/updme.binmd5sum ===> f672e1c0d499031c51ee068e508be020
SHA256 ===> 573f19e237a44304118fe070b7766d35dd4d5f8409559bd9c18b6e7aea28982d
Code: [Select]
hxxp://defibrilator-life.co.cc/life/ldr.exemd5sum ===> 093287b328d91c02baceec513e524e71
SHA256 ===> a0983621052330e702c0fcf2e379cb89c5f6d6d7df55f41815bc0bad80c239c5
http://virusscan.jotti.org/en-gb/scanresult/a74388d164d03645e4d9b7f404e1da64d4eca28d
Result 5/18 (27.77%)
Code: [Select]
hxxp://defibrilator-life.co.cc/death/gate.php
Code: [Select]
hxxp://worldsstatistics.co.cc/stat/update.binmd5sum ===> f672e1c0d499031c51ee068e508be020
SHA256 ===> 573f19e237a44304118fe070b7766d35dd4d5f8409559bd9c18b6e7aea28982d
Code: [Select]
hxxp://worldsstatistics.co.cc/life/updme.binmd5sum ===> f672e1c0d499031c51ee068e508be020
SHA256 ===> 573f19e237a44304118fe070b7766d35dd4d5f8409559bd9c18b6e7aea28982d
Code: [Select]
hxxp://worldsstatistics.co.cc/stat/ldr.exemd5sum ===> 093287b328d91c02baceec513e524e71
SHA256 ===> a0983621052330e702c0fcf2e379cb89c5f6d6d7df55f41815bc0bad80c239c5
Code: [Select]
hxxp://worldsstatistics.co.cc/de44th/gate.phpother domains:
Code: [Select]
war-cs.ru

May 04, 2010, 05:47:40 pm
Reply #259

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Taiwan  ERX-TANET-ASN1
IP 140.130.220.8
[student.cmsh.cyc.edu.tw]
AS1659
Code: [Select]
hxxp://student.cmsh.cyc.edu.tw/~streetdance/logo.jpgmd5sum ===> ae1a0c8df37e7cf5eccfa55b48799ce2
SHA256 ===> 1946cc280edc312fa7ff1892bb5b0e0d316fa054b9118e3da08767ba8bd4e07b
http://www.virustotal.com/es/analisis/1946cc280edc312fa7ff1892bb5b0e0d316fa054b9118e3da08767ba8bd4e07b-1272993267
VT 12/41 (29.27%)

IP Location: France- Paris- Dedibox Sas 
IP 88.191.17.26
[sd-2179.dedibox.fr]
AS12322
Registrant/Email Registrant: Whois Manager/v466u7kv8xc@whoisproof.com
Code: [Select]
hxxp://mazdabiz.info/flashimg/pic077.gifmd5sum ===> 6a788ef7b167a471be87865057ae84e4
SHA256 ===> 787f3f72565680053798e6279560aed93c777c9b4be1ad357f84f2e5c6f601e2
http://www.virustotal.com/es/analisis/787f3f72565680053798e6279560aed93c777c9b4be1ad357f84f2e5c6f601e2-1272994055
VT 12/41 (29.27%)

IP Location: France- Paris- Dedibox Sas 
IP 88.191.17.26
[sd-2179.dedibox.fr]
AS12322
Registrant/Email Registrant: Darrell Duckery/vynyofyb6297@gmail.com
Code: [Select]
hxxp://darellfood.info/flash/img01.binmd5sum ===> fac97271924af79ebdcdbf8dc1031a0d
SHA256 ===> e3d169b562c19acb23791d1ce0530910b9ff1907fc0036db45ecfba95a8ca81a

May 05, 2010, 08:11:36 am
Reply #260

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: France- Paris- Dedibox Sas 
IP 88.191.17.26
[sd-2179.dedibox.fr]
AS12322
Registrant/Email Registrant: Nancy Griffith/dagmjpew656@gmail.com
Code: [Select]
hxxp://mytestjob.info/flash/img01.binmd5sum ===> fac97271924af79ebdcdbf8dc1031a0d
SHA256 ===> e3d169b562c19acb23791d1ce0530910b9ff1907fc0036db45ecfba95a8ca81a
Code: [Select]
hxxp://mytestjob.info/flashimg/pic077.gifmd5sum ===> 6a788ef7b167a471be87865057ae84e4
SHA256 ===> 787f3f72565680053798e6279560aed93c777c9b4be1ad357f84f2e5c6f601e2
http://www.virustotal.com/es/analisis/787f3f72565680053798e6279560aed93c777c9b4be1ad357f84f2e5c6f601e2-1273046517
VT 19/41 (46.35%)

May 05, 2010, 08:53:00 am
Reply #261

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: France- Paris- Dedibox Sas 
IP 88.191.17.26
[sd-2179.dedibox.fr]
AS12322
Registrant/Email Registrant: Sheldon Paul/curtismelendezrx@gmail.com
Code: [Select]
hxxp://kabinaoff.info/flashu/img01.binmd5sum ===> 16d25ccb351a70f02651b9d2918cfdd4
SHA256 ===> e3d169b562c19acb23791d1ce0530910b9ff1907fc0036db45ecfba95a8ca81a
Code: [Select]
hxxp://kabinaoff.info/flashimg/pic077.gifmd5sum ===> 6a788ef7b167a471be87865057ae84e4
SHA256 ===> 787f3f72565680053798e6279560aed93c777c9b4be1ad357f84f2e5c6f601e2
http://www.virustotal.com/es/analisis/787f3f72565680053798e6279560aed93c777c9b4be1ad357f84f2e5c6f601e2-1273046517
VT 19/41 (46.35%)

May 05, 2010, 10:51:38 pm
Reply #262

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Spain - Tusprofesionales
IP 86.109.162.6
[a0001.abansys.com]
AS196713
Registrant/Email Registrant: Autos Rebmar Andalucia, S.L.L./consultavehiculos@autosrebmar.com
Code: [Select]
hxxp://autosrebmar.com/images/imagen2.gifmd5sum ===> f47370175914d5ac7a7bca22ec8296fc
SHA256 ===> 5e4e9ba47c59e410a1a5af38d65d53abab94085d96d9612299c6ffabe77a671d
http://www.virustotal.com/es/analisis/5e4e9ba47c59e410a1a5af38d65d53abab94085d96d9612299c6ffabe77a671d-1273098534
VT 24/41 (58.54%)
Code: [Select]
hxxp://autosrebmar.com/images/asterisk.gifmd5sum ===> b9908af44d8989c467d9170c10a9ec25
SHA256 ===> 59ea5a47ba427b8fa3eba1055b70e5303325b637ccb9ddcf2f52192ed16827a6
http://www.virustotal.com/es/analisis/59ea5a47ba427b8fa3eba1055b70e5303325b637ccb9ddcf2f52192ed16827a6-1273098632
VT 17/41 (41.47%)
related (already listed):
Code: [Select]
hxxp://www.stvparkcomputer.info/edu/trash3.bin

Trojan downl. for:
Code: [Select]
kabinaoff.info
mytestjob.info
Code: [Select]
hxxp://autosrebmar.com/images/alquiler/merclasc07.jpgmd5sum ===> fc7c86ecbdb4ca1d73fcc33fad965048
SHA256 ===> 34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b
http://www.virustotal.com/es/analisis/34b1ecc30244cdef63f21dd684e183fbd1e190a9a8b31ddf0643545b29219e9b-1273097173
VT 24/41 (58.54%)





May 07, 2010, 09:45:57 am
Reply #263

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States Seattle Spry Hosting   
IP 209.59.222.191
[searchadvertsol.net]
AS29873
Registrant/Email Registrant: Whois Privacy Protection Service/yyvptbgd@whoisprivacyprotect.com
Code: [Select]
hxxp://searchadvertsol.net/stop.binmd5sum ===> abb63a3c236446ebfa28b440ee4bdbf7
SHA256 ===> 35d7f1a9fb2ea665a154572de639066f8bf348a92ec9ffac1791d22040a6b5d9
Code: [Select]
hxxp://searchadvertsol.net/board/gate.php
only dropzone:

IP Location:  PROXIEZ-AS PE Nikolaev Alexey Valerievich
AS50896
Registrant/Email Registrant: Nikolaev Alexey/admin@proxiz.ru
Code: [Select]
hxxp://91.216.3.27/smile/gate.php

May 07, 2010, 05:08:34 pm
Reply #264

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Serbia Isp Teamnet  
IP 89.216.66.213
AS31042
Registrant/Email Registrant: Vladimir V Silianov/frogs@bigmailbox.ru
Code: [Select]
hxxp://dolsgunss.com/archivo100r4/update.exe?P1_Prod_Version=ShockwaveFlashmd5sum ===> 547b32d660d2e0cd330155262d5dec42
SHA256 ===> fecda0b99e1891de38e2d726fe505689b691cd6fe39f11fb598a9204020cff06
http://www.virustotal.com/analisis/fecda0b99e1891de38e2d726fe505689b691cd6fe39f11fb598a9204020cff06-1273251315
VT 33/41 (80.49%)

related zeus botnet malware
Code: [Select]
saiwoofeutie.comIP Location: China Telecom JiangXi province  
IP 59.53.91.192
AS4134
Registrant/Email Registrant: Alexander Kupalo/shine@freenetbox.ru
Code: [Select]
hxxp://bugafadsaj.com/svchost.exemd5sum ===> 7f0c7e8b165a80d5e0960ef47b329305
SHA256 ===> ae014f0acfa453f2840e934106c995e1bcd2d75c0af8ca024b0d741c7581d2c4
http://www.virustotal.com/es/analisis/ae014f0acfa453f2840e934106c995e1bcd2d75c0af8ca024b0d741c7581d2c4-1273244988
VT 1/41 (2.44%)

May 08, 2010, 07:25:48 am
Reply #265

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Taiwan KGTNET-TW KG   
IP 61.61.20.133
AS9918
Registrant/Email Registrant: Hilary Kneber/hilarykneber@yahoo.com
Code: [Select]
hxxp://easytest4us.com.tw/tbn2566/confag56.binmd5sum ===> cb26fc55a993b1374024fba7747fea76
SHA256 ===> dc69f7a8d1ad764743c2a434f02bdbede2a68bdf91286e1722126ff5083227f1

May 08, 2010, 10:41:51 am
Reply #266

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation Pe Bondarenko Dmitriy Vladimirovich
AS29106
Registrant/Email Registrant: Bondarenko Dmitriy/bondarenkoip1@gmail.com
Code: [Select]
hxxp://91.213.174.115/~nvds/usatoday/obama.docmd5sum ===> 4c759b98364d098afcfdbab57ddf302d
SHA256 ===> 2799df3352ee626fdb3c4d998e4a10b67f3cb37cd9798051ad97f182182ca5e1
Code: [Select]
hxxp://91.213.174.115/~nvds/usatoday/wdh.exemd5sum ===> 717ba55b844495e54c82cd48b0fc5d33
SHA256 ===> d659bf6196cb729135644b9a3ae0ef9677700a6c447b7c67e46a06d3f461305b
http://www.virustotal.com/es/analisis/d659bf6196cb729135644b9a3ae0ef9677700a6c447b7c67e46a06d3f461305b-1273313974
VT 7/41 (17.08%)

dropzone (already listed)
IP Location: Malaysia Piradius Net 
AS45839
Registrant/Email Registrant: PIRADIUS NET Administrator/abuse@piradius.net
Code: [Select]
hxxp://124.217.230.39/~ddusa/rytnkenhc7tIm.php

May 08, 2010, 04:14:17 pm
Reply #267

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Probably, dropzone

IP Location: Panama ASEVELOZ Eveloz   
IP 200.63.44.225
[cp5.panamaserver.com]
AS27716
Registrant/Email Registrant: DNS MANAGER/on3785408120001@absolutee.com
Code: [Select]
hxxp://onlineprofitsinnercircle.com/botpanel/rofl.php

May 09, 2010, 04:21:51 pm
Reply #268

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United Kingdom Block For Pi Assignments   
IP 194.8.250.49
AS43134
Registrant/Email Registrant: DI_10020144 Steven Smith/steven.smith.ny@gmail.com
Code: [Select]
hxxp://newagehosting.us/1273318197.exemd5sum ===> 8ac18eb219ca9a97fa71bd246e18c753
SHA256 ===> 6f0020c178ca7aace6ea30b4657b3e9476d57cd9204857bf1bdadb69cb927175
https://www.virustotal.com/es/analisis/6f0020c178ca7aace6ea30b4657b3e9476d57cd9204857bf1bdadb69cb927175-1273420353
VT 14/41 (34.15%)

IP Location: United Kingdom Block For Pi Assignments   
IP 194.8.250.49
AS43134
Registrant/Email Registrant: Andrei A Filipenko/andyfly2009@yandex.ru
Code: [Select]
hxxp://yourgoogleanalytics.com/statscounter/74/counter83751139026.php

May 10, 2010, 04:03:52 pm
Reply #269

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United Kingdom Block For Pi Assignments   
IP 194.8.250.49
AS43134
Registrant/Email Registrant: DI_10020144 Steven Smith/steven.smith.ny@gmail.com
Code: [Select]
hxxp://newagehosting.us/1273318197.exemd5sum ===> 8ac18eb219ca9a97fa71bd246e18c753
SHA256 ===> 6f0020c178ca7aace6ea30b4657b3e9476d57cd9204857bf1bdadb69cb927175
https://www.virustotal.com/es/analisis/6f0020c178ca7aace6ea30b4657b3e9476d57cd9204857bf1bdadb69cb927175-1273420353
VT 14/41 (34.15%)

Code: [Select]
hxxp://newagehosting.us/1273400562.exemd5sum ===> 11614825286cc93111b553dab817ad77
SHA256 ===> cfb40507d1c45acc248dc7472e5c6f5978899e637448317948666858653bf2ed
https://www.virustotal.com/es/analisis/cfb40507d1c45acc248dc7472e5c6f5978899e637448317948666858653bf2ed-1273506693
VT 13/41 (34.15%)
related:
Code: [Select]
www.bestgoogleanalytics.com
www.statxx.co.in