« previous next »
Pages: 1 ... 14 15 [16] 17 18 ... 48   Go Down

Author Topic: New Zeus server  (Read 396464 times)

0 Members and 1 Guest are viewing this topic.

March 27, 2010, 11:08:12 am
Reply #225

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location:  Italy - Toscana - Florence - Register.it S.p.a
IP 81.88.61.98
[host-81-88-61-98.dedicatedservers.it]
AS39729
Code: [Select]
hxxp://catmur.com/img/icons/tabs/footer.jpgmd5sum ===> fcd798a3e903ebb8677872067d5278e0
SHA256   ===> 7ca95e27f60afaf641642a50f4b21da08210bb35b1be17a3bb8856c18e9e2499
http://www.virustotal.com/analisis/7ca95e27f60afaf641642a50f4b21da08210bb35b1be17a3bb8856c18e9e2499-1269686032
VT 19/42 (45.24%)
related:
Code: [Select]
www.stvparkcomputer.info
www.jokersimson.net
IP Location: Russian Federation -Moscow - Tetracom Cjsc
IP 193.148.47.4
AS34840

Code: [Select]
hxxp://hellokittyn.tw/grabber.exemd5sum ===> 5cefc4e17bf9d457803e07c33afca89f
SHA256   ===> 2e1e67efb33e7f66cdab9f0d7ebbc062bf6e516c0e1c760a5376fe13edd20df1
http://www.virustotal.com/analisis/2e1e67efb33e7f66cdab9f0d7ebbc062bf6e516c0e1c760a5376fe13edd20df1-1269684888
VT 4/42 (9.53%)
Code: [Select]
hxxp://hellokittyn.tw/6565.php
Code: [Select]
hxxp://bestsocksshop.ru/index1.phpother domains:
Code: [Select]
prismonet.com
Logged
March 27, 2010, 07:52:23 pm
Reply #226

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Quote from: jackberri on March 27, 2010, 11:08:12 am
Code: [Select]
hxxp://catmur.com/img/icons/tabs/footer.jpg

IP Location: Spain - Grupo Interdominios S.A
[lb25.interdominios.com]
IP 93.174.4.37
AS42237
Code: [Select]
hxxp://comega.es/images/pinstalaciones.jpgmd5sum ===> 0a2caff9bb0c4a6813bb8f62d5095ab6
SHA256   ===> e0505fb0fcbe3144d4ce0cb5c8c4fbaac176da4d9523adcd897fb05ffe80df90
http://www.virustotal.com/analisis/e0505fb0fcbe3144d4ce0cb5c8c4fbaac176da4d9523adcd897fb05ffe80df90-1269692084
VT 11/42 (26.2%)
related:
Code: [Select]
stvparkcomputer.info
jokersimson.net
IP Location:   Spain - Madrid - Hostalia-cl
IP 82.194.66.217
[linux18.dns-servicios.com]
AS16371
Code: [Select]
hxxp://ubconquense.es/images/preview_f1.pngmd5sum ===> 9cfec3569410408f1274327f856614ec
SHA256   ===> 7d81a38d6938d9a1c6d0b5f23ed069225e8bdb643628af76d63c1e1a3d099e66
http://www.virustotal.com/analisis/7d81a38d6938d9a1c6d0b5f23ed069225e8bdb643628af76d63c1e1a3d099e66-1269688904
VT 23/42 (54.77%)
related:
Code: [Select]
stvparkcomputer.info
jokersimson.net
Logged
March 27, 2010, 11:10:28 pm
Reply #227

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location:  Malaysia - Piradius Net
[is.protected.by.themafia.info]
IP 119.82.30.246
ASN2497

Code: [Select]
hxxp://www.antivvirrus.com/zs/cfg.binmd5sum ===> d41d8cd98f00b204e9800998ecf8427e
SHA256   ===> e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Code: [Select]
hxxp://www.antivvirrus.com/zs/config.binmd5sum ===> a9e214f979bdb63a5f25572a7ae7d8ad
SHA256   ===> 0edf23183fbefebb62eddc65be1a3d2f8ad5dd9ed0569e01afabb0195b94c648
Code: [Select]
hxxp://www.antivvirrus.com/zs/bot.exemd5sum ===> 2bdf5386539a406ce9fdeeb637d3ac9d
SHA256   ===> 002e254b32251819e7791e457d94c35df7ba01fb7978ece9eb804c22b33c08d9
http://www.virustotal.com/analisis/002e254b32251819e7791e457d94c35df7ba01fb7978ece9eb804c22b33c08d9-1269721706
VT 29/41 (70.74%)
Code: [Select]
www.antivvirrus.com/zs/botum-install.exe
md5sum ===> 9b6ac4a6d0a316abb1fa5de487e7bfb7
SHA256   ===> 093b169cb0d1e047424c1eb6f38a101f6184210e8786733de954141821f8c489
http://www.virustotal.com/analisis/093b169cb0d1e047424c1eb6f38a101f6184210e8786733de954141821f8c489-1269731046
VT 5/42 (11.91%)
Code: [Select]
www.antivvirrus.com/zs/gate.php
Logged
March 28, 2010, 11:27:46 am
Reply #228

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location:  United Kingdom - Pi Obodovsky Ivan Sergeevich
IP 195.78.108.71
ASN49544
Code: [Select]
hxxp://seclinezzz.net/zzz.nrgmd5sum ===> 5959b796f7e0f30126ee1df01a17c55e
SHA256   ===> f2f46d04707d0ed744faff1a4532a5cde9b087fb9e94d56c7cba30e53c14c2ea
Code: [Select]
hxxp://seclinezzz.net/zzz.exemd5sum ===> 3931246483d5b84066e9f1ff24c7221e
SHA256   ===> 512cf303a35b4d081a830af014283ed1499f9b1484d4687bb0db1ecd5d84f49e
http://www.virustotal.com/analisis/512cf303a35b4d081a830af014283ed1499f9b1484d4687bb0db1ecd5d84f49e-1269775106
VT 3/42 (7.15%)
Code: [Select]
hxxp://seclinezzz.net/s.php
Code: [Select]
hxxp://seclinezzz.net/stat/index.php
related malware - trojan Sasfis
Code: [Select]
hxxp://seclinezzz.net/s5.exemd5sum ===> 4b0eb6b90c8dbeeaf5a870b7cdf77d00
SHA256   ===> 9a62ddb2edb1ab6a613748552cbd98b50b8e3005862e98486316e2e4f9f5a1c7
http://www.virustotal.com/analisis/9a62ddb2edb1ab6a613748552cbd98b50b8e3005862e98486316e2e4f9f5a1c7-1269775243
VT 3/41 (7.32%)

related malware - trojan Sasfis
IP Location:  United Kingdom - Pi Obodovsky Ivan Sergeevich
IP 195.78.108.71
ASN49544
Code: [Select]
hxxp://mys5.org/up.exemd5sum ===> e61c265fd436f79dbacfe94ed2bc4ddf
SHA256   ===> 15c6cbc2f60b1e16a12e8fd22c0e1d4c0ba50457e28bdfb60e622223c4e15863
http://www.virustotal.com/analisis/15c6cbc2f60b1e16a12e8fd22c0e1d4c0ba50457e28bdfb60e622223c4e15863-1269773148
VT 24/41 (58.54%)
Logged
March 28, 2010, 08:02:45 pm
Reply #229

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Quote from: jackberri on March 27, 2010, 11:10:28 pm
Code: [Select]
hxxp://www.antivvirrus.com/zs/cfg.binmd5sum ===> d41d8cd98f00b204e9800998ecf8427e
SHA256   ===> e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

IP Location: Noord-holland - Amsterdam - Leaseweb B.v
IP  95.211.132.102
[hosted-by.leaseweb.com]
AS16265

Code: [Select]
hxxp://microsoft-server4-update.com/picks0/main1.docmd5sum ===> 59a3996f9e80387335a1201652d9c432
SHA256   ===> b4b73a65d4ee6a4ea94bd90cf6f41616845065a37cd2f8c653daaf76ae9b999a
Code: [Select]
hxxp://adobe8-muts.cn/picks0/main1.docmd5sum ===> 59a3996f9e80387335a1201652d9c432
SHA256   ===> b4b73a65d4ee6a4ea94bd90cf6f41616845065a37cd2f8c653daaf76ae9b999a
Code: [Select]
hxxp://microsoft-server4-update.com/update0/update.php
Code: [Select]
hxxp://adobe8-muts.cn/update0/update.php
IP Location:  United Kingdom - Pi Obodovsky Ivan Sergeevich
IP 195.78.109.98
ASN49544
Code: [Select]
hxxp://aggood.net/e.binmd5sum ===> 6dea35f357a2b1388c951ec9c9278d9d
SHA256   ===> b062808ff13568acf832c6c736facf6beaaf03cafa0181bd9796af0bedefd8f6
Code: [Select]
hxxp://aggood.net/br488/91.php
IP Location:  Singapore - Newmedia Express Pte Ltd Singapore Web Hosting Provider
IP 203.174.83.98
ASN38001
Code: [Select]
hxxp://uytrec.cn/games/update.php
Logged
March 29, 2010, 12:26:10 pm
Reply #230

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP 188.124.15.143
IP Location: Turkey Vital Teknoloji - Dedicated Pool
[static.vit.com.tr]
ASN44565
Code: [Select]
hxxp://gavnoedov.net/2.datmd5sum ===> a96a28f42667488fb4918441c9605899
SHA256   ===> 1372046627da8d44e6043a1363715b5b741799571742044909cba917f8e85d1b

related:
IP Location:  United Kingdom Uk2.net Dedicated Servers
[cpanel19.uk2.net]
ASN13213
Code: [Select]
hxxp://83.170.83.1/~skwebsit/logo.jpgmd5sum ===> 1f7c77b6780c33e57eb15fcf1c1cc27a
SHA256   ===> 8fd67519622aa24cd8760b54a7bf38c419f297869937ae3c7ba041945251d592

other domains:
Code: [Select]
x-monitoring.com
Logged
March 29, 2010, 08:08:26 pm
Reply #231

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location:  United States  - Texas - Dallas - Softlayer Technologies Inc
IP 67.228.1.65
[67.228.1.65-static.reverse.softlayer.com]
ASN36351

Code: [Select]
hxxp://www.hiddenowned.viefirehosting.com/btn/config.binmd5sum ===> 79315412073a0bf8e19929f711b7268b
SHA256   ===> c5d41febfa0916449a19ee449c67674964af7cc5bcbaa8a858f779169bd7be11
Code: [Select]
hxxp://www.hiddenowned.viefirehosting.com/btn/bt.exemd5sum ===> eab505251a5f411126ffb99e08bfa066
SHA256   ===> 25999ebe5f48b13ebcb76cd002aa69ee3bab0dcff34153ce694a5dfc10a95b54
http://www.virustotal.com/analisis/25999ebe5f48b13ebcb76cd002aa69ee3bab0dcff34153ce694a5dfc10a95b54-1269893048
VT 26/39 (66.67%)
Code: [Select]
hxxp://www.hiddenowned.viefirehosting.com/btn/gate.php
Logged
March 30, 2010, 04:12:31 pm
Reply #232

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: China Beijing Linktom Network Technology Co. Ltd
IP 61.4.82.216
AS17964
Code: [Select]
hxxp://kokaine.biz/media/GooD.binmd5sum ===> 914fce59856c185d7063adcb23bdb4b2
SHA256   ===> b642061879519a132b7fc0f46a8aafc64fa7cc24b55f9bf2d960cbe6ca4c9652
Code: [Select]
hxxp://kokaine.biz/cw/index.php
related malware:
IP Location: China Beijing Linktom Network Technology Co. Ltd
IP 61.4.82.216
AS17964
Code: [Select]
hxxp://www.rusdrivers.spb.ru/admin.exe
Code: [Select]
hxxp://www.rusdrivers.spb.ru/driver.exemd5sum ===> 49972db1a4a0abb6501f5f3bfaf2c2d2
SHA256   ===> 0968b5c8c8582be84fc2aaaf76c3472edcb8271af8e4c4beb923c27fad8a71e9
http://www.virustotal.com/analisis/0968b5c8c8582be84fc2aaaf76c3472edcb8271af8e4c4beb923c27fad8a71e9-1269964910
VT 15/38 (39.48%)
other domains:
Code: [Select]
www.newsdownloads.cn
www.free-gifts.ru
www.rlosswe.com
www.loootamaria.com
www.detransfsolutions.com
Logged
March 30, 2010, 04:59:47 pm
Reply #233

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location:  United States  - Texas - Dallas - Theplanet.com Internet Services Inc
IP 174.120.233.254
[fe.e9.78ae.static.theplanet.com]
AS21844
Code: [Select]
hxxp://ignclan.com/e107_docs/help/English/cm/config.binmd5sum ===> 5221f652bd6eeb9212aec8608fbf934f
SHA256   ===> bb453aaea6ce852f0c81ea4d1ef4cd0a05746855c2b4764f51386f380ac04ea8
Code: [Select]
hxxp://ignclan.com/e107_docs/help/English/cm/bot.exemd5sum ===> d85407ae761f43cb3823608fef59a1ae
SHA256   ===> 19fe43a017cdfcf44ce389dbcfac39c0c8b5c7132e29c983b118da232d55199f
Code: [Select]
hxxp://ignclan.com/e107_docs/help/English/cm/gate.phphttp://www.virustotal.com/analisis/19fe43a017cdfcf44ce389dbcfac39c0c8b5c7132e29c983b118da232d55199f-1269968023
VT 30/42 (71.43%)
Logged
April 07, 2010, 07:16:23 pm
Reply #234

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: United States Anaheim Webexxpurts 
AS36167
Code: [Select]
hxxp://67.23.176.116/config.binmd5sum ===> baf959af5cbf02871b70bb2b4bcc692a
SHA256   ===> 4e511ed1577b30444617670b3d2aaa43274f0c77e150947b8d3067e7c8cab14f
Code: [Select]
hxxp://67.23.176.116/gate.phprelated:
IP Location: Canada Vancouver Netnation Communications Inc 
IP 64.40.123.31
[Hippo.van-dns.com]
AS14280
Code: [Select]
hxxp://www.cspmedical.com/survey/bot.exemd5sum ===> b0cef78872656c50edc23766d7011dc9
SHA256   ===> ffe75e0962733d4dfedc293354ad89d75f04cf3f74e5f77eb634126e1a00e8c4
http://www.virustotal.com/es/analisis/ffe75e0962733d4dfedc293354ad89d75f04cf3f74e5f77eb634126e1a00e8c4-1270666576
VT 27/39 (69.24%)
related:
IP Location: United States Kansas City Wholesale Internet Inc 
IP 69.197.161.218
AS32097
Code: [Select]
hxxp://tigerden.uppit.com/0110/0wsrtgo8/istealcrypt1.exemd5sum ===> cf74534a20045b99da764654eb2fa54e
SHA256   ===> 7a878e8dfc3f35f957740d0435afb3201922645a4eefbcd8233f0551e99a641e
http://www.virustotal.com/es/analisis/7a878e8dfc3f35f957740d0435afb3201922645a4eefbcd8233f0551e99a641e-1270666957
VT 35/39 (89.75%)
Logged
April 08, 2010, 04:44:02 pm
Reply #235

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location:  Spain  - La Rioja - Logrono - Arsys.es
[llgb376.servidoresdns.net]
IP  217.76.130.26
AS20718
Code: [Select]
hxxp://losbocatasdeantonio.com/img/content/16401_23404.gifmd5sum ===> 535970149f8d21f691f3cbc6548e5f3a
SHA256 ===> 6540d8be9c1a301effd3780d1a6a9c74bb8965818640d0813f9fa5b209daf809
[urlhttp://www.virustotal.com/es/analisis/6540d8be9c1a301effd3780d1a6a9c74bb8965818640d0813f9fa5b209daf809-1270739116[/url]
VT 26/39 (88.89%)
know related :
Code: [Select]
hxxp://www.stvparkcomputer.info/edu/trash3.bin
Logged
April 10, 2010, 09:21:29 am
Reply #236

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: Russian Federation Moscow Tetracom Cjsc 
IP 193.148.47.48
AS34840

Code: [Select]
hxxp://izdibabu.ru/bong.bmpmd5sum ===> be4b619f9aa323d9ecb4fb345955369a
SHA256 ===> 963f88684843449d5bc787fc22e6c6431ab797b91da1174d508ead15503e75af
Code: [Select]
hxxp://izdibabu.ru/swfx64.exemd5sum ===> c19f063161fada6bf6606c93f857dfc5
SHA256 ===> a57dd950059e7fe99cc269bba8b34a0b6e546f57150dc1280f558302688a0e74
http://www.virustotal.com/es/analisis/a57dd950059e7fe99cc269bba8b34a0b6e546f57150dc1280f558302688a0e74-1270890826
VT 3/39 (7.7%)
Code: [Select]
hxxp://izdibabu.ru/index1.php
Code: [Select]
hxxp://jisver.ru/index1.php
Logged
April 10, 2010, 04:40:49 pm
Reply #237

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: China Langfang Development Area Huarui Xintong Network Technology Co. Ltd   
IP 119.255.23.54
AS4837
Code: [Select]
hxxp://hihohy.com/httpd/loc.somd5sum ===> 444f7800a306eb6a635c3e997337f0cc
SHA256 ===> 1e3c53d4442d4e23fb52c4672f94617abdab8036133031500db8f82c6983139a
Code: [Select]
hihohy.com/2cgi/go.php
IP Location: United States Houston Acronoc Inc
IP 69.80.228.12
[hosted.by.x5x-noc.ru]
AS19166
Code: [Select]
hxxp://reepta.com/commonfiles/newcfg.binmd5sum ===> f8336c04de2468baf0340b7b7805965a
SHA256 ===> 4e17d467486437cbd1dfed36d3e13c13788194d7e56ea83bc10b65a5e1bdfb78
related:
IP Location: United States Chicago Hosting Services Inc
[174.36.82.177-static.reverse.softlayer.com]
AS36351
Code: [Select]
hxxp://174.36.82.177/cgi-bin/mdma/in2   ===> update32.exe
md5sum ===> a72b147eed8e0a2a7554ac81c9c0ac01
SHA256 ===> 33e57605aef708bf9a7409abae0472c497800a9714a53b2088a05f38e6d084f0
http://www.virustotal.com/es/analisis/33e57605aef708bf9a7409abae0472c497800a9714a53b2088a05f38e6d084f0-1270916761
VT 8/39 (20.52%)
Logged
April 10, 2010, 05:58:32 pm
Reply #238

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: Ukraine Odessa Wnet-odessa-colo   
IP 92.60.176.41
[real-host.ru]
AS15772

Code: [Select]
hxxp://vladlen.real-host.ru/sites/4311345.binmd5sum ===> c87c5c58a0bc137e07da2d9b4f017d17
SHA256 ===> e340ba45c74dca00d9a89fc80e831704681cbe769305351ec56459a77d0e3ab2
Code: [Select]
hxxp://vladlen.real-host.ru/sites/update.exemd5sum ===> f64bbe6d81ab24018ed294fdd0d5865f
SHA256 ===> 8ce8b2fe6d282ec97ca06432792ddcb7ef3689e59e68b7c233fef62861456ae3
http://www.virustotal.com/es/analisis/8ce8b2fe6d282ec97ca06432792ddcb7ef3689e59e68b7c233fef62861456ae3-1270921916
VT 23/39 (58.98%)
Code: [Select]
vladlen.real-host.ru/sites/index1.php
Logged
April 13, 2010, 04:18:44 pm
Reply #239

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: United Kingdom Pi Obodovsky Ivan Sergeevich
IP 195.78.109.241     
[i241.2u-panama.com]
AS49544
Code: [Select]
hxxp://mys5zzz.biz/f/q1.nrg      
md5sum ===> 2d4a0ffa5c8aa7db299e6854e9250501
SHA256 ===> eb7c18aa4703c559a6ff30606ac1d8944cfa4a7ca414d454688008058fb02885
Code: [Select]
hxxp://mys5zzz.biz/stat/index.php
Code: [Select]
hxxp://seclinezzz.tk/f/load.nrgmd5sum ===> 5c1a4f7553f9eb024a0bbbcd50ce8fff
SHA256 ===> 1a2a90b7b59659b027a67c77a65dcb51758bbaed34381ddc6555c13b3efbb567

trojan zeus (already listed) for seclinezzz.tk :
IP Location: Moldova - Eugenia E. Groza
IP 91.209.238.4
AS48671
Code: [Select]
hxxp://enoraup.com/load/load.exemd5sum ===> 00457cb63c8bb4f1e17f2634a4488e13
SHA256 ===> 91519ca48b75dc68ad8f8bff425d5eb4364694400d2bef3ffd87573e48bda4f9
http://www.virustotal.com/es/analisis/91519ca48b75dc68ad8f8bff425d5eb4364694400d2bef3ffd87573e48bda4f9-1271174609
VT 7/40 (17.5%)
Logged
Pages: 1 ... 14 15 [16] 17 18 ... 48   Go Up
« previous next »