Author Topic: New Zeus server  (Read 351151 times)

0 Members and 1 Guest are viewing this topic.

May 24, 2010, 07:08:25 pm
Reply #285

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 193.105.207.120
AS50793
Email Registrant: gavrilov81@mail.ru
Code: [Select]
hxxp://medriop56.ru/flash/ukey.binmd5sum ===> 2144164fb75460d271d14bb17bf2fec1
SHA256 ===> ee548aeb11eebda68e307f9d242297e65a55cd94cfd21d5d21b15938d8e67393
Code: [Select]
hxxp://medriop56.ru/flash/uka_.exemd5sum ===> 2a3cd46f44cccce8fc3328704654122a
SHA256 ===> a9a0a28cbc04944386cb9b5ae5b9c0d418babe140f78d7faea84c56545ad113f
https://www.virustotal.com/es/analisis/a9a0a28cbc04944386cb9b5ae5b9c0d418babe140f78d7faea84c56545ad113f-1274726686
VT 6/41 (14.64%)

Code: [Select]
hxxp://medriop56.ru/flash/killaa_.exemd5sum ===> 036e5dbc169af73249fa592b8903cc14
SHA256 ===> 951c4333b75062f458acea81706e85b8c8e3792672a15ef432ff46824e86189c
https://www.virustotal.com/es/analisis/951c4333b75062f458acea81706e85b8c8e3792672a15ef432ff46824e86189c-1274726348
VT 7/41 (17.08%)
Code: [Select]
hxxp://medriop56.ru/flash/kill_.exemd5sum ===> 3a23aafb729a1d4f60608a43fc7b744a
SHA256 ===> 131b17a7a1f6acdb979974a9ef9ed60ba80509d71981c970ffb1f004cc7b902f
https://www.virustotal.com/es/analisis/131b17a7a1f6acdb979974a9ef9ed60ba80509d71981c970ffb1f004cc7b902f-1274726515
VT 7/41 (17.08%)
Code: [Select]
hxxp://medriop56.ru/flash/rapport_.exemd5sum ===> 9d4e69b6d172238aceeef09d054a1066
SHA256 ===> d763d6f2a1ba54bec4bb19c2dfc81ed7b479b6a35d50003ca7fc4c70290e01cb
https://www.virustotal.com/es/analisis/d763d6f2a1ba54bec4bb19c2dfc81ed7b479b6a35d50003ca7fc4c70290e01cb-1274726964
VT 5/41 (12.2%)

May 24, 2010, 08:19:30 pm
Reply #286

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - BEST-HOSTER Group Co. Ltd 
IP  91.215.170.54
[piter54.dns-rus.net]
AS49693
Email Registrant: ndprinasx@mail.ru
Code: [Select]
hxxp://lljj.ruredirects to:
Code: [Select]
hxxp://www.golii-abama.lljj.ru/golii_abama)))).avi.exemd5sum ===> 476e45d0ce519d09e7e7ed47a0bf206f
SHA256 ===> 3a2d4b74a0470cd90e2fec80ff714c2abaa56eaef89ba32543c79f4c9ef58727
https://www.virustotal.com/es/analisis/3a2d4b74a0470cd90e2fec80ff714c2abaa56eaef89ba32543c79f4c9ef58727-1274731661
VT 8/41 (19.52%)

May 25, 2010, 09:51:09 am
Reply #287

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Taiwan - ERX-TANET-ASN1 Tiawan Academic Network (TANet)
IP 163.30.190.1 
AS1659
Code: [Select]
hxxp://host.lyjh.tyc.edu.tw/~te52094/img062.gifmd5sum ===> fed5437a19b56c0fff24be66f2b284bc
SHA256 ===> c2fe1110580d8d6374ba3e515523a04210150445f0f4076899ec2963517c10db
https://www.virustotal.com/es/analisis/c2fe1110580d8d6374ba3e515523a04210150445f0f4076899ec2963517c10db-1274780177
VT 6/41 (14.64%)
related:
Code: [Select]
barmatuxa.net
barmatuxa.info

May 25, 2010, 10:20:34 pm
Reply #288

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP  193.105.207.104
AS50793
Registrant/Email Registrant: Elena Zhuravleva/neigh@fastermail.ru
Code: [Select]
hxxp://2pulenepro.net/php/php.binmd5sum ===> 62d76ba5f0010535bfc9711a4b0662a8
SHA256 ===> 2d82db7ea47cb7c205c707011a859b662517a157bb177ce6e245d5878dd12beb
Code: [Select]
hxxp://2pulenepro.net/php/php.exemd5sum ===> a4da7d809a8a53cb35fd0ebc7363eab6
SHA256 ===> a79907b47de81778f400a19c906a40bc0e7f24a9fde54ac77c11cb3f2ec6c14e
https://www.virustotal.com/analisis/a79907b47de81778f400a19c906a40bc0e7f24a9fde54ac77c11cb3f2ec6c14e-1274748991
VT 5/41 (12.20%)
Code: [Select]
hxxp://2pulenepro.net/php/rapport.exemd5sum ===> 9d4e69b6d172238aceeef09d054a1066
SHA256 ===> d763d6f2a1ba54bec4bb19c2dfc81ed7b479b6a35d50003ca7fc4c70290e01cb
https://www.virustotal.com/analisis/d763d6f2a1ba54bec4bb19c2dfc81ed7b479b6a35d50003ca7fc4c70290e01cb-1274816852
VT 17/41 (41.46%)
Code: [Select]
hxxp://2pulenepro.net/php/killaa.exemd5sum ===> 036e5dbc169af73249fa592b8903cc14
SHA256 ===> 951c4333b75062f458acea81706e85b8c8e3792672a15ef432ff46824e86189c
https://www.virustotal.com/analisis/951c4333b75062f458acea81706e85b8c8e3792672a15ef432ff46824e86189c-1274816512
VT 16/40 (40.00%)
Code: [Select]
hxxp://2pulenepro.net/php/kill.exemd5sum ===> 3a23aafb729a1d4f60608a43fc7b744a
SHA256 ===> 131b17a7a1f6acdb979974a9ef9ed60ba80509d71981c970ffb1f004cc7b902f
https://www.virustotal.com/analisis/131b17a7a1f6acdb979974a9ef9ed60ba80509d71981c970ffb1f004cc7b902f-1274816484
VT 16/40 (40.00%)
Code: [Select]
hxxp://2pulenepro.net/php/drop.php

May 27, 2010, 07:53:54 am
Reply #289

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Moldova - UNINETMD-AS S.C. Uninet S.R.L 
IP 195.170.178.60
AS39858
Email Registrant: contact@privacyprotect.org
Updated Date: 12-may-2010
Creation Date: 01-May-2010
Code: [Select]
hxxp://domain452740.com/nhjq/n09230945.asp
hxxp://domain453001.com/nhjq/n09230945.asp
hxxp://domain454002.com/nhjq/n09230945.asp
hxxp://domain455110.com/nhjq/n09230945.asp
hxxp://domain456011.com/nhjq/n09230945.asp
hxxp://domain457198.com/nhjq/n09230945.asp
hxxp://domain458103.com/nhjq/n09230945.asp
hxxp://domain459110.com/nhjq/n09230945.asp
hxxp://domain460002.com/nhjq/n09230945.asp
hxxp://domain460003.com/nhjq/n09230945.asp
hxxp://domain460004.com/nhjq/n09230945.asp
hxxp://domain460005.com/nhjq/n09230945.asp
hxxp://domain460006.com/nhjq/n09230945.asp
hxxp://domain460007.com/nhjq/n09230945.asp
hxxp://domain460008.com/nhjq/n09230945.asp
hxxp://domain460009.com/nhjq/n09230945.asp
hxxp://domain460010.com/nhjq/n09230945.asp
hxxp://domain460011.com/nhjq/n09230945.asp
hxxp://domain460012.com/nhjq/n09230945.asp
hxxp://domain460013.com/nhjq/n09230945.asp
hxxp://domain460014.com/nhjq/n09230945.asp
hxxp://domain460015.com/nhjq/n09230945.asp
hxxp://domain460016.com/nhjq/n09230945.asp
hxxp://domain460017.com/nhjq/n09230945.asp
md5sum ===> 8945cb91d93d86d59935e07ee66f06cb
SHA256 ===> 149bffb68426536747e8cfae9a04b9c14b22bd3bfea06f91011da3ebb23d0fab
Code: [Select]
hxxp://domain452740.com/nhjq/redir.php

May 27, 2010, 03:17:04 pm
Reply #290

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
related bnale8.net:
IP Location: United States - RoadRunner RR-RC-Wholesale Internet, Inc 
IP 69.197.135.94
AS32097
Registrant/Email Registrant: v l hemingway/woagagnu4@yahoo.co.uk
Code: [Select]
hxxp://mastaace.ag/images/euro.pngmd5sum ===> 44e7b792d18b70c83000e8dbc2e6b7c8
SHA256 ===> 68855b1cc1e20c6c174f1b037adb4895b05662e78a3155a7bf91f9133110619c
IP Location: United States - RoadRunner RR-RC-Wholesale Internet, Inc 
IP 208.110.72.86
AS32097
Registrant/Email Registrant: Jeremy Spence/stoneonfire3@gmail.com
Code: [Select]
hxxp://hamilakinec.eu/data/info.php

May 27, 2010, 05:52:00 pm
Reply #291

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Canada - Eonix Corp IP Space - CWIE Cavecreek Wholesale Internet Exchange, LLC 
IP 75.75.243.127
AS19181

Code: [Select]
hxxp://samocity-fr.co.cc/xenos/gate.php
backdoor Poison:
Code: [Select]
hxxp://samocity-fr.co.cc/xenos/bot.exemd5sum ===> 7720d1825a3ea8bb3c8545332c2ff267
SHA256 ===> cf59c1dde3a3eb1308a32991f946b7e499752c759f15040d64a103d0cfc0a0f6
https://www.virustotal.com/es/analisis/cf59c1dde3a3eb1308a32991f946b7e499752c759f15040d64a103d0cfc0a0f6-1274981092
VT 4/41 (9.76%)

May 29, 2010, 07:03:45 am
Reply #292

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - VHost route - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.7
AS29106
Registrant/Email Registrant: max pet/maxpet1212@gmail.com
Code: [Select]
hxxp://galaradio.name/www/loc.somd5sum ===> bcba8049a7c4b06a28cb0d14e7ad949e
SHA256 ===> 135cb48a63bd2b5ace4634b1f47b805354474a06cae8cad882e5024c830b03c5
Code: [Select]
hxxp://galaradio.name/crypt_kill.exemd5sum ===> 2f3bbdd8ba32e90f9fceeadf50d2bcf1
SHA256 ===> c6e1794ea72eeeff4117eb942e19ed0ee88ec318e37804ee4df4595e55750554
https://www.virustotal.com/es/analisis/c6e1794ea72eeeff4117eb942e19ed0ee88ec318e37804ee4df4595e55750554-1275115889
VT 4/41 (9.76%)
Code: [Select]
http://galaradio.name/www/go.php

May 29, 2010, 09:02:27 am
Reply #293

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
Code: [Select]
hxxp://galaradio.name/www/loc.sosorry:
Code: [Select]
hxxp://galaradio.name/vhosts/loc.somd5sum ===> bcba8049a7c4b06a28cb0d14e7ad949e
SHA256 ===> 135cb48a63bd2b5ace4634b1f47b805354474a06cae8cad882e5024c830b03c5

May 29, 2010, 05:32:20 pm
Reply #294

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Russian Federation - VLine Telecom Block Moscow - VLTELECOM-AS VLineTelecom LLC
IP 109.196.130.43
AS39150
Email Registrant: punky@5mx.ru
Code: [Select]
hxxp://oashae2ieyek.ru/bin/ahwohn.binmd5sum ===> ba756bbe608ae156597164aba5dd95ec
SHA256 ===> 81740f291d618fa6d4cdecf8a1db35dba4982396a0c591821dc5ba601a093336
Code: [Select]
hxxp://oashae2ieyek.ru/bin/ahwohn.exemd5sum ===> 44e1a00364c1c06cee67521800feccbe
SHA256 ===> e1bb749c42fbf1347d8a29c0dfcec877c7851758e6654c847f0df2313eb96b06
https://www.virustotal.com/es/analisis/e1bb749c42fbf1347d8a29c0dfcec877c7851758e6654c847f0df2313eb96b06-1275153775
VT 24/41 (58.54%)

May 29, 2010, 10:55:28 pm
Reply #295

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: United States - Hosting Solutions International
IP 69.64.62.52
AS30083
Registrant ID:AT_11711862
Registrant/Email Registrant: Kimberly/madonsa77@gmail.com
Code: [Select]
hxxp://www.drun.in/pp/config.binmd5sum ===> 0dccebf537313dfd927a08fe4db40bed
SHA256 ===>  b350ea227e9ffa9d8408e8d0922c635a716d9239eb2f172177d92517ecf3a265
Code: [Select]
hxxp://www.drun.in/pp/sp.php
related: colossus321.startdedicated.com

May 30, 2010, 12:00:08 pm
Reply #296

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 193.105.207.120
AS50793
Registrant/Email Registrant: Dmitry Smirnov/boa@freenetbox.ru
Code: [Select]
hxxp://1pulenepro.net/smile/smile.binmd5sum ===> 64acbe904ad9c8745c42e985b253503c
SHA256 ===> 9c1e7cdb946a007247dd1c143c217a26b38f50d2c9e38bcdf726551a3b37936d
Code: [Select]
hxxp://1pulenepro.net/smile/smile.exemd5sum ===> 9b912bd5b63bcafc0c6f30afffa46473
SHA256 ===> 2d35e638ff6d0d13713a25c977a76ed337ff19b4b82d4d183bf7dfe3391e6d21
https://www.virustotal.com/es/analisis/2d35e638ff6d0d13713a25c977a76ed337ff19b4b82d4d183bf7dfe3391e6d21-1275219754
VT 2/41 (4.88%)
Code: [Select]
hxxp://1pulenepro.net/smile/kill.exemd5sum ===> c680c891e592a8657fb2a88be5d62776
SHA256 ===> ee8e733bc93efde95d75e72a0991639fd3d617643a0dfb773ae5d411d7d1cb41
https://www.virustotal.com/es/analisis/ee8e733bc93efde95d75e72a0991639fd3d617643a0dfb773ae5d411d7d1cb41-1275219889
VT 0/41 (0%)
Code: [Select]
hxxp://1pulenepro.net/smile/killaa.exemd5sum ===> a7a47fea839934c06ea538aad79dcb31
SHA256 ===> c182fa0bfbdb8e9e4e28e43c6066dc5eaa3af6123d98c603e361dd92ba9bcadd
https://www.virustotal.com/es/analisis/c182fa0bfbdb8e9e4e28e43c6066dc5eaa3af6123d98c603e361dd92ba9bcadd-1275220071
VT 1/41 (2.44%)
Code: [Select]
hxxp://1pulenepro.net/smile/rapport.exe md5sum ===> dda896412596379fd1ef77b3b1bd6440
SHA256 ===> e2df7d738a60d0f7fbb1108daeeb059b57b2c6a0868ccb9e93be37630573b227
https://www.virustotal.com/es/analisis/e2df7d738a60d0f7fbb1108daeeb059b57b2c6a0868ccb9e93be37630573b227-1275220201
VT 0/41 (0%)

May 31, 2010, 08:38:52 am
Reply #297

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP 193.105.207.120
AS50793
Email Registrant: gavrilov81@mail.ru
Code: [Select]
hxxp://reklamen7.ru/indigo/registr.exemd5sum ===> 8765e70f505b2b4b70ca0e4805ee575e
SHA256 ===> deffdbb851fefa1c3f7effd125e8a99209fc06c676d22c8010ae61828410aa2e
https://www.virustotal.com/es/analisis/deffdbb851fefa1c3f7effd125e8a99209fc06c676d22c8010ae61828410aa2e-1275293969
VT 2/41 (4.88%)
Code: [Select]
hxxp://reklamen7.ru/indigo/putin_gay.phpprobably file config:
Code: [Select]
hxxp://reklamen7.ru/indigo/ava.gif
Code: [Select]
hxxp://reklamen7.ru/indigo/kill.exemd5sum ===> c1b8163d236006a507fd2dd99590c8b5
SHA256 ===> 997d1a10ca3793d03e76662b0afa40b88412f5c21b9a32dd6b5e1491b8ae46ce
https://www.virustotal.com/es/analisis/997d1a10ca3793d03e76662b0afa40b88412f5c21b9a32dd6b5e1491b8ae46ce-1275293493
VT 0/41 (0%)
Code: [Select]
hxxp://reklamen7.ru/indigo/killaa.exemd5sum ===> 4b6985fed2b494bc6034d128cf8ad7d5
SHA256 ===> bbfe14922b6a90043067f03c0652e83f0a1d03ab860281cc4124f2d54b1eeb84
https://www.virustotal.com/es/analisis/bbfe14922b6a90043067f03c0652e83f0a1d03ab860281cc4124f2d54b1eeb84-1275293649
VT 0/41 (0%)
Code: [Select]
hxxp://reklamen7.ru/indigo/rapport.exemd5sum ===> 8ce87fa325fe53cb565580e9b22d303f
SHA256 ===> a7fd527927907ddd7f5835ebbbfae61b4bd86f491a4c9db5d070f70a2b7be8ea
https://www.virustotal.com/es/analisis/a7fd527927907ddd7f5835ebbbfae61b4bd86f491a4c9db5d070f70a2b7be8ea-1275293806
VT 0/41 (0%)

June 01, 2010, 06:33:09 am
Reply #298

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Moldova - UNINETMD-AS S.C. Uninet S.R.L
IP 195.170.178.60
AS39858
Email Registrant: contact@privacyprotect.org
Updated Date: 18-may-2010
Creation Date: 01-May-2010
Code: [Select]
hxxp://domain455110.com/nhjq/n09230945.aspmd5sum ===> 8bbab6f07f9a19bbd09670f0fafa54f9
SHA256 ===>  d453370328036b9e18a0ab5c9c7a1efd7b1ca8895b391ee7f8dfde8116750254
Code: [Select]
hxxp://domain455110.com/nhjq/redir.php

June 01, 2010, 10:34:23 am
Reply #299

jackberri

  • Special Members
  • Hero Member

  • Offline
  • *

  • 1508
IP Location: Poland - NETART - NetArt Autonomous System NetArt Spolka Akcyjna S.K.A  
IP 85.128.244.127
AS15967
[aoj127.rev.netart.pl]
Registrant's handle: ovh4a9e6e409rlt (INDIVIDUAL)
Code: [Select]
www.seo-cms.pl/_mod/tmp/w/config.binmd5sum ===> 0f1933e92de365ec62a50f71d4f442b1
SHA256 ===> 1310ced9f6abcb5ee4c4e45c89099fd6ca4ee6bc70d34602b471e51111016092
Code: [Select]
hxxp://www.seo-cms.pl/_mod/g.exemd5sum ===> ea8a806bcd374f4c5149ab3026760042
SHA256 ===> e56cfaa5b2a889bb79eb0cd9714f6e915313476b2eeb68b2ee7df4860215c411
https://www.virustotal.com/es/analisis/e56cfaa5b2a889bb79eb0cd9714f6e915313476b2eeb68b2ee7df4860215c411-1275399036
VT 33/41 (80.49%)
Code: [Select]
hxxp://www.seo-cms.pl/_mod/tmp/w/gate.phpmore:
Code: [Select]
www.seo-cms.pl/_mod/