Author Topic: New Zeus server  (Read 375024 times)

0 Members and 1 Guest are viewing this topic.

December 23, 2010, 04:02:48 pm
Reply #540

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: China - CHINANET GuangDong - CHINA-TELECOM
IP  113.105.152.19
AS4134
ns7.cnmsn.net
ns8.cnmsn.net
Registrant/Email Registrant: zonghui he/hzhwsk@126.com
Code: [Select]
hxxp://aiyanxinxi.com:443/img/logo.jpgmd5sum ===> 17ac6654ee96a5241fc8a7f83a82b505
Code: [Select]
hxxp://aiyanxinxi.com:443/rssfeed/index.asp
IP Location: Russian Federation - Route for Yuzhno-Sakhalinsk Internet Exchange -ASN-YS-IX Yuzhno-Sakhalinsk
IP  194.88.11.53
AS31506
ns1.dreamhost.com
ns2.dreamhost.com
ns3.dreamhost.com
Domain ID:D35813527-LRMS
Registrant/Email Registrant: watchense.info Private Registrant/watchense.info@proxy.dreamhost.com
Code: [Select]
hxxp://watchense.info/usa.binmd5sum ===> f8186fd5a3a2a63f6f355b642905a78e
Code: [Select]
hxxp://watchense.info/redir.php

December 29, 2010, 08:21:05 pm
Reply #541

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine - Pe Bondarenko Dmitriy Vladimirovich
IP  91.213.174.43
AS29106
ns2.reg.ru
ns1.reg.ru
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org
Code: [Select]
hxxp://erj439ujje.com/005.somd5sum ===> 74336aa5f9cc53eb32d8cbb0db5ec722
Code: [Select]
hxxp://erj439ujje.com/i.php
IP Location: Romania - SA-NOVA-TELECOM-GRUP-SRL
IP  188.229.90.138
AS49469
ns3.cnmsn.com
ns4.cnmsn.com
Registrant/Email Registrant: Whois Privacy Protection Service/rnyfxwgrjk@whoisservices.cn
Code: [Select]
hxxp://securedalertcheck.com/trash/oldinfo/deleted/stdata.binmd5sum ===> 218be4f34792e8e0a07785f8f0e4081b
Code: [Select]
hxxp://securedalertcheck.com/service/repair/backup/setup/login.php
IP Location: Ukraine - it-outsource-as LLC
IP  91.207.182.50
AS48280
NS01.DOMAINCONTROL.COM
NS02.DOMAINCONTROL.COM
Registrant ID: CR70183061
Registrant/Email Registrant: Julie Hennessey/juliehennessey81@yahoo.com
Code: [Select]
hxxp://sparkgirls.biz/z2/config.binmd5sum ===> 66342adb1a865bb1476e7e15e8d481b1
Code: [Select]
hxxp://sparkgirls.biz/z2/bot.exemd5sum ===> 94a9a1bb68411343205b0862d9f89193
http://www.virustotal.com/file-scan/report.html?id=c10c8eff899f7a6e98fcf3b47cbbbf27a5b75d4a4f933b3b0afa0d93ff93f7f0-1290448225
VT 20/43 (46.5%)
Code: [Select]
hxxp://sparkgirls.biz/z2/gate.php
IP Location: Russian Federation - VLTELECOM-AS
IP  109.196.130.58
AS39150
ns1.niceday242steal.net 109.196.130.58
ns2.niceday242steal.net 109.196.130.58
Registrant ID: SXCKEOV-RU
Registrant/Email Registrant: Victor I Brikatnin/mire@maillife.ru
Code: [Select]
hxxp://niceday242steal.net/nnesx/cf2.binmd5sum ===> 156a55d94f6203d971357f79100fe74a

IP Location: China - CRNET_BJ_IDC-CNNIC-AP
IP  222.35.139.225
AS24138
ns1.r3registry.com
ns2.r3registry.com
Registrant ID: DI_13517667
Registrant/Email Registrant: Yosha Harimo/info@yahooanalytics.in
Code: [Select]
hxxp://dvadoma.in/traher/tashmik.binmd5sum ===> 21705df723735b4f2807de6c86ce4dc7
Code: [Select]
hxxp://odindoma.in/yptas/francherinki.php

December 31, 2010, 12:53:04 pm
Reply #542

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - VLTELECOM-AS VLineTelecom LLC
IP  109.196.142.35
AS39150
ns2.kamantistol.com
ns1.kamantistol.com
Registrant/Email Registrant: Nataliya Kondrateva/usage@cheapbox.ru
Code: [Select]
hxxp://kamantistol.com/ger/ber.lnmd5sum ===> 1689e22241f6e2ed0b1baf5c8a91632e

IP Location: Russian Federation - VLTELECOM-AS VLineTelecom LLC
IP  109.196.142.37
AS39150
ns1.sharedfvm.com
ns2.sharedfvm.com
Registrant/Email Registrant: Sean T Ryan/sryan@infin8web.com
Code: [Select]
hxxp://firefoxantiscam.com/grep/pluginsmd5sum ===> c1d2f9c74819ace766b0eee3b9b27868

December 31, 2010, 05:57:07 pm
Reply #543

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Malaysia - Gigabit Hosting - GIGABIT-MY
IP  223.25.242.107
AS55720
NS3.MYNSHOSTING.NET
NS4.MYNSHOSTING.NET
Registrant ID:orghm90527321035
Code: [Select]
hxxp://systemtime.org//kn11ff/config.binmd5sum ===> 55d73dae78d52531b4530e8786b52620

IP Location: Malaysia - Gigabit Hosting - GIGABIT-MY
IP  223.25.242.107
AS55720
NS1.FREEDNS.WS
NS2.FREEDNS.WS
Registrant ID: DI_12886840
Registrant/Email Registrant: Kramor Savva/dreamergus@yahoo.com
Code: [Select]
hxxp://abba31.biz/fifa/load/source.binmd5sum ===> 90ffe810320796f42dc6ffaa57f7240e
Code: [Select]
hxxp://abba31.biz/fifa/gate.php
IP Location: Ukraine
AS196957
Code: [Select]
hxxp://193.107.172.11/abr.v.algZ/config.binmd5sum ===> e1fa2d896d4c5126570c158f39fd8587
Code: [Select]
hxxp://193.107.172.11/abr.v.algZ/vorota.php

January 03, 2011, 08:36:23 pm
Reply #544

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - PROMIRANET
IP  194.63.144.80
AS31478
ns1.nameself.com.
ns2.nameself.com.
Registrant/Email Registrant: Private Person/admin@nvffr.ru
Code: [Select]
hxxp://yyyaanve.ru/b.binmd5sum ===> b46a195e393dc2962a4f2c8dbffac6aa

IP Location: Russian Federation - LYAHOV-AS Lyahovich Maksim
IP  91.217.249.168
AS51554
ns1.letuchiyman.ru
ns2.letuchiyman.ru
Registrant/Email Registrant: Private Person/dns@letuchiyman.ru
Code: [Select]
hxxp://uskamalchik.ru/trust/trust.docmd5sum ===> 6adb2d643d3879e394921a9effe2e818

IP Location:  Ukraine - Igor Vladimirovich Kanaev
IP  195.226.220.55
AS51354
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Tom Anron/anrontom@aol.com
Code: [Select]
hxxp://5d3jwnf43f.com/l3.7zmd5sum ===> cf02863219cf3cf7aa9e9fa65f64ee5f
Code: [Select]
hxxp://5d3jwnf43f.com/index.php

January 04, 2011, 10:06:54 am
Reply #545

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Fast Flux Botnet
Registrant/Email Registrant: Private Person/eta@yourisp.ru
Code: [Select]
hxxp://extratopupgrade.ru/config.i0md5sum ===> 418826358fec49ca477e96751df4bf6c

January 06, 2011, 07:37:09 pm
Reply #546

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation  - PROMIRANET-MNT
IP  194.63.144.98
AS31478
ns3.cnmsn.com
ns4.cnmsn.com
Registrant/Email Registrant: Hilary Kneber/hilarykneber@yahoo.com
Code: [Select]
hxxp://ergvb433s.com/asdewq/biiin/uj.binmd5sum ===> 73ea9aa3534fcd3cbbe51880788f7099
Code: [Select]
hxxp://ergvb433s.com/asdewq/gatte.php

January 10, 2011, 07:22:31 am
Reply #547

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Lithuania  - SPLIUS-AS
IP  77.79.13.241
[hst-13-241.duomenucentras.lt]
AS25406
Registrant/Email Registrant: chang chen/ftgy23fge@126.com
Code: [Select]
hxxp://forum.worldwideplasticsforum.com/forum/logo.jpgmd5sum ===> 40e4d3e912337900fa5b747ce1337d5a
Code: [Select]
hxxp://forum.worldwideplasticsforum.com/forum/index.php
IP Location: Russian Federation -PMN-AS PROMIRANET multihomed network
IP  194.63.144.146
AS31478
ns3.gkg.net
ns4.gkg.net
Registrant/Email Registrant: todd brandau/asybubiqutofo@yahoo.com
Code: [Select]
hxxp://194.63.144.146/news/?s=187430
hxxp://cpviyhcsmrnitoei.com/news/?s=187430
hxxp://bxvtlnbwsqloppl.org/news/?s=187430
md5sum ===> 962e3914786313cc2497827d9b975e5a
Code: [Select]
hxxp://194.63.144.146/news/?s=128647
hxxp://cpviyhcsmrnitoei.com/news/?s=128647
hxxp://bxvtlnbwsqloppl.org/news/?s=128647
md5sum ===> 5eee837cbc27c1c1e98c39df2dd6d7a3
Code: [Select]
hxxp://194.63.144.146/news/?s=6225
hxxp://cpviyhcsmrnitoei.com/news/?s=6225
hxxp://bxvtlnbwsqloppl.org/news/?s=6225
md5sum ===> 0d9f8434b14445b2b1a2e0cc402aeaff
http://www.virustotal.com/file-scan/report.html?id=7a009c4d277a653796747a9d4b2358eff9f6e5ce33248fe90d9a9893ad0cd9ef-1294643045
VT 24/41 (58.5%)

January 10, 2011, 08:43:24 pm
Reply #548

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - PMN-AS PROMIRANET multihomed network
IP  194.63.144.56
AS31478
ns3.cnmsn.net
ns4.cnmsn.net
Registrant/Email Registrant: Hilary Kneber/hilarykneber@yahoo.com
Code: [Select]
hxxp://stayfreeatall.com/TrustedWithSign/ownresponse.datmd5sum ===> 0a6536120042f53e74df7f8229df92a2

January 11, 2011, 09:13:28 am
Reply #549

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - PMN-AS PROMIRANET multihomed network
IP  194.63.144.44
AS31478
Code: [Select]
hxxp://boing747100jet.name/fg74jutr7g4fg5/ghr7je8gk4gjrtg.tmpmd5sum ===> 0e9462a66cee30a660b8f7eb7761536a

IP Location: Russian Federation - L-NET Route Object - LYAHOV-AS Lyahovich Maksim
IP 91.217.249.140
AS51554
ns26.dnsever.com
ns39.dnsever.com
ns51.dnsever.com
ns231.dnsever.com
ns259.dnsever.com
Registrant/Email Registrant: Ahmed Shamirov/ytraeior@mail.com
Code: [Select]
hxxp://sioalio.com/kindoro/corofak.jpgmd5sum ===> 492fa1b82eff736e90142ac541459508
Code: [Select]
hxxp://sioalio.com/kindoro/DGhskll83.php

January 13, 2011, 06:46:02 pm
Reply #550

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Ukraine - Llc Promiranetru
IP  91.200.188.99
AS44016
ns3.cnmsn.com
ns4.cnmsn.com
Registrant/Email Registrant: Hilary Kneber/hilarykneber@yahoo.com
Code: [Select]
hxxp://automauto.com/thfhc/biiin/uj.binmd5sum ===> bc81e983a8efe919bb94e05fb8b18b51

IP Location: Ukraine - Llc Promiranetru
IP 91.200.188.191
AS44016
ns3.cnmsn.com
ns4.cnmsn.com
Registrant/Email Registrant: Security Inc. John Kolomon/admin@thisisgoodcorp.com
Code: [Select]
hxxp://blogspotstone.com/montblanc.binmd5sum ===> 5a5d8b074145d6956e89baede79b61ad

IP Location: United States - BurstNET Technologies
IP 66.197.250.198
[trailblazer.stressfreetechnologies.com]
AS21788
ns2.000webhost.com
ns1.000webhost.com
Code: [Select]
hxxp://ifr001.comli.com/logo.gifmd5sum ===> edb28b7ec8998ea603b4a04777086d0f

January 14, 2011, 01:05:49 pm
Reply #551

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - RoadRunner RR-RC-Wholesale Internet, Inc.-KansasCity
IP  173.208.154.30
AS32097
free01.editdns.net
free02.editdns.net
Registrant/Email Registrant: Hilary Kneber/ hilarykneber@yahoo.com
Code: [Select]
hxxp://mb53juu347d.com/durnr/hee3.binmd5sum ===> 184fee09134d3c6b3c76bf6a656858e5
Code: [Select]
hxxp://mb53juu347d.com/durnr/ghzf6.binmd5sum ===> d5c14b953e9c78142382f7f834fc147e
Code: [Select]
hxxp://mb53juu347d.com/vuhb/obdrs.binmd5sum ===> 2e2dc89538e8c96dfe442cd5f01bb7e6
Code: [Select]
hxxp://mb53juu347d.com/vuhb/ubzu6.binmd5sum ===> 6f76975bf227b98aa1a385d6697e4387
Code: [Select]
hxxp://b5k34o3i.info/su/wm.exemd5sum ===> 3ce6a383621cdfa9622da79dbe7d90ce
http://www.virustotal.com/file-scan/report.html?id=bde9eca3c225fe16eca29330819ef84d446c6e0ddd5930aae01244632e15c788-1295009998
VT 15/43 (34.9%)
Code: [Select]
hxxp://mb53juu347d.com/durnr/mkw.php
hxxp://mb53juu347d.com/durnr/m4sd.php
hxxp://mb53juu347d.com/vuhb/hhe.php
hxxp://mb53juu347d.com/vuhb/mad.php

January 17, 2011, 10:52:08 am
Reply #552

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Romania - SA-NOVA-TELECOM-GRUP-SRL
IP 188.229.90.158
AS49469
ns5.cnmsn.net
ns6.cnmsn.net
Registrant/Email Registrant: wang cheng/giuitryuvg@hotmail.com
Code: [Select]
hxxp://microsupdates.com/_crfz/cr2zpmd5sum ===> b6487f908cb9d3bc9accbf21acc0d32c

IP Location: Ukraine - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.221
AS29106
ns3.01isp.com
ns4.01isp.net
Registrant/Email Registrant: Luis R. Percy/luisrpercy@gmail.com
Code: [Select]
hxxp://specialfospmdate.net/list.php

January 17, 2011, 11:43:25 am
Reply #553

CkreM

  • Special Access
  • Hero Member

  • Offline
  • *

  • 567
New Zeus version 2.0.8.9

Code: [Select]
http://oboabo.info/cache/exe.exe
http://oboabo.info/cache/live.bin
http://oboabo.info/xoiwuqpasd.php
Mal-Aware

January 17, 2011, 02:15:19 pm
Reply #554

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Romania - SA-NOVA-TELECOM-GRUP-SRL
IP 188.229.90.144
AS49469
ns3.cnmsn.com
ns4.cnmsn.com
Registrant/Email Registrant: Whois Privacy Protection Service/nlttgqxehl@whoisservices.cn
Code: [Select]
hxxp://elliota.com/sas/server[php]/cfg2.binmd5sum ===> 0d51a25fdcd945789b8766fa22a86293
Code: [Select]
hxxp://elliota.com/sas/crdqargrxn8.exemd5sum ===> cdf660d9a8c99cca312bbd0fb95383a8
http://www.virustotal.com/file-scan/report.html?id=b5415f73852c1b0b3839afd4c1cfaea9110a5de965ab1294eba661a69e1993e6-1295273425
VT 5/42 (11.9%)
Code: [Select]
hxxp://elliota.com/sas/server[php]/22gate22me.php