« previous next »
Pages: 1 ... 37 38 [39] 40 41 ... 48   Go Down

Author Topic: New Zeus server  (Read 386236 times)

0 Members and 1 Guest are viewing this topic.

February 01, 2011, 08:27:03 am
Reply #570

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: Ukraine -Infium Ltd
IP 91.218.39.52
[unassigned52.infiumhost.com]
AS197145
LOVINGNAME.MERCURY.ORDERBOX-DNS.COM
LOVINGNAME.VENUS.ORDERBOX-DNS.COM
LOVINGNAME.EARTH.ORDERBOX-DNS.COM
LOVINGNAME.MARS.ORDERBOX-DNS.COM
Registrant ID:AT_13950582
Registrant/Email Registrant: Emelyanov Mihail/emihail201@yandex.ru
Code: [Select]
hxxp://blueservices.net.in/style/css/css.binmd5sum ===> 73ed3f92b472a8f72b6d825a4e0f8557
Code: [Select]
hxxp://blueservices.net.in/style/css/gate.php
Logged
February 01, 2011, 05:21:00 pm
Reply #571

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: Germany -Technische Universitaet Dresden - DFN-IP service G-WiN
IP 141.30.119.3
AS680
NS1.CARGO-TRAILERSNJ.NET
NS2.CARGO-TRAILERSNJ.NET
Registrant ID: SPAG-40380125
Registrant/Email Registrant: William Kelly/hostmaster@1and1.com
Code: [Select]
hxxp://poehali002.info/xed/config.bin
hxxp://poehali002.info/xed/recover.binmd5sum ===> 04f6de4afa43ddd437bc9ad40cde21f3
Code: [Select]
hxxp://poehali002.info/xed/yourbot.exemd5sum ===> 1f6add204d304629a16971894f52d4e9
http://www.virustotal.com/file-scan/report.html?id=15e278ee92c4fc034bf12a869abf0dad894a6e966a82acc827a0cdab9b0f806e-1296580205
VT 7/43 (16.3%)
Code: [Select]
hxxp://poehali002.info/xed/gate.php
Logged
February 02, 2011, 09:34:36 am
Reply #572

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: Netherlands - LEASEWEB - LeaseWeb AS
IP 62.212.74.208
[62.212.74.208.com]
AS16265
Code: [Select]
hxxp://evelins.cz.cc/asdweb/icon.tifmd5sum ===> 259f7d4930cd5e693aa9c91c66e1a4a1
Code: [Select]
hxxp://evelins.cz.cc/static.phprelated:
trojan Oficla
Code: [Select]
hxxp://onlineloads.cz.cc/builder/ve.exemd5sum ===> 117557fba716e76ab2083c11e5ea3ace
http://www.virustotal.com/file-scan/report.html?id=bc9432ac01c2d4d9acbfc0a1a897ecc571a6cc362275cddbca25eb3f4cc4f614-1296638294
VT 4/43 (9.3%)
Logged
February 02, 2011, 10:41:25 am
Reply #573

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: New Zeus server
Quote from: jackberri on February 02, 2011, 09:34:36 am
IP Location: Netherlands - LEASEWEB - LeaseWeb AS
IP 62.212.74.208
[62.212.74.208.com]
AS16265
Code: [Select]
hxxp://evelins.cz.cc/asdweb/icon.tifmd5sum ===> 259f7d4930cd5e693aa9c91c66e1a4a1

Did you look inside the config file ? :)
Quote
url_loader (binary download)
  hxxps://zeustracker.abuse.ch/aion.exe
Logged
Ruining the bad guy's day
February 03, 2011, 09:09:25 am
Reply #574

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Quote from: SysAdMini on February 02, 2011, 10:41:25 am
Did you look inside the config file ? :)
Quote
url_loader (binary download)
  hxxps://zeustracker.abuse.ch/aion.exe
I guess i'm pretty blind, lately  ;)
Logged
February 03, 2011, 11:19:01 am
Reply #575

CkreM

  • Special Access
  • Hero Member
  • Offline
  • *
  • 567
Re: New Zeus server
Zeus Version: 1.2.7.19
Code: [Select]
http://217.23.11.215/~newworld/trusteer.exe
http://217.23.11.215/~newworld/cfg.bin
http://217.23.11.215/~newworld/gate.php
Logged
Mal-Aware
February 03, 2011, 03:15:05 pm
Reply #576

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: Canada - MTO Telecom inc. Proxy Route Object Gogax - GOGAX Netelligent Proxy Record for Customer
IP  76.76.107.50
[generic.gogax.com]
AS21793
ns1.afraid.org
ns2.afraid.org
Registrant ID:ndn-1292366
Registrant/Email Registrant: Mariya Varshavskaya/xy@cheapbox.ru
Code: [Select]
hxxp://consolemato.com/auk/sid.nemd5sum ===> 43e3f945c2071afe7f4a2f03f6dc8248
Code: [Select]
hxxp://consolemato.com/auk/aug.exemd5sum ===> e1026b29fde50f52db3e26269894de18
http://www.virustotal.com/file-scan/report.html?id=4c18ee7195d0c5b8fb3cf9ef5484a3282e652edaeb91a98b23987585a878c895-1296740295
VT 19/43 (44.2%)
related:
IP Location: Mexico - Proxy-registered route objec - MX-AXTE-LACNIC Axtel
IP  201.140.57.249
[dedint-201-140-57-249.mtyxl.static.axtel.net]
AS14000
ns1.kidssnowbootsstore.net
ns1.pikstop.com
Registrant ID: IAOGGAX-RU
Registrant/Email Registrant: Evgenia Kostikova/grasp@yourisp.ru
Code: [Select]
hxxp://browndrives.com/auy/depoi.php
IP Location: Russian Federation -Delfa network - DELFANET-AS
IP  194.0.245.71
AS42533
NS1.DREAMHOST.COM
NS2.DREAMHOST.COM
NS3.DREAMHOST.COM
Registrant ID:ndn-1292366
Registrant/Email Registrant: Terry Buss/terrybuss@live.co.uk
Code: [Select]
hxxp://addaxonahacko.info/usa.binmd5sum ===> 9548bb1b9931c163ada73dafa51dd2ec
Code: [Select]
hxxp://addaxonahacko.info/redir.php
Logged
February 04, 2011, 10:00:41 am
Reply #577

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: Ukraine - FIN-ACTIVE-NET - FINACTIVE-AS
IP  193.186.9.94
AS44209
YNS1.YAHOO.COM
YNS2.YAHOO.COM
Registrant ID: D129646477456239
Registrant/Email Registrant: Christina Nijankin/nijankinchristina@yahoo.com
Code: [Select]
hxxp://amstelone3.biz/z2/config.binmd5sum ===> 55160d8c8cae20e70a9a894958cd2d7d
Code: [Select]
hxxp://amstelone3.biz/z2/bot.exemd5sum ===> 2a45f45d0d6e828ae10629d60645fd75
http://www.virustotal.com/file-scan/report.html?id=21830d35dc468e8f24e0f9149cba51e61d3321127cb5c5c6df988e0ff1cc5743-1296813383
VT 7/43 (16.3%)
Code: [Select]
hxxp://amstelone3.biz/z2/gate.php
Logged
February 04, 2011, 04:24:02 pm
Reply #578

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: China - CHINATELECOM-HLJ-AS-AP
IP  219.147.255.39
AS17897
ns1.counselingcareer.net
ns2.counselingcareer.net
Registrant/Email Registrant: Private Person/eta@yourisp.ru
Code: [Select]
hxxp://extratopupgrade.ru/satan.bin
hxxp://movenestecobra.ru/satan.binmd5sum ===> 67a3c3e0a742f70492b8261402ced0ff
Code: [Select]
hxxp://extratopupgrade.ru/load.bin
hxxp://movenestecobra.ru/load.binmd5sum ===> 88f27f26ce199de08e4147cbef88cf60
Code: [Select]
hxxp://extratopupgrade.ru/stars.php
hxxp://movenestecobra.ru/stars.php
Logged
February 05, 2011, 05:22:29 pm
Reply #579

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: China - CMNET-GD Guangdong Mobile Communication
IP  211.138.121.4
AS9808
ns1.taohap.net
ns2.taohap.net
Registrant/Email Registrant: Private Person/matt@yourisp.ru
Registrant/Email Registrant: Private Person/sobs@cheapbox.ru
Code: [Select]
hxxp://espmexusa.ru/sonshine.binmd5sum ===> 7e96349a2dcfa93fc11ab0d58b3b3c1e
Code: [Select]
hxxp://tunisianowar.ru/bookings3.php
Logged
February 06, 2011, 02:51:15 pm
Reply #580

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: Ukraine - S.Point - SPOINT-AS
IP  91.204.48.132
AS24965
ns3.gkg.net
ns4.gkg.net
Registrant ID: GKG-C00002E5D8
Registrant/Email Registrant: DAVID PIERCE/okehukugalyp@yahoo.com
Code: [Select]
hxxp://ktpprfipzqkmwu.org/news/?s=7962md5sum ===> bbc2d9c2d597fcae9b3f500cd3d513f2
Code: [Select]
hxxp://ktpprfipzqkmwu.org/news/?s=6225md5sum ===> 7945c5eadb0f93078f244bd9c7f444e1
http://www.virustotal.com/file-scan/report.html?id=3006ea7b928fe805bc7dff4d2ee628b51633c37f450dd434cb0d0a1ef2d04cc6-1296995713
VT 27/43 (62.8%)

IP Location: Ukraine - FIN-ACTIVE-NET route - FINACTIVE-AS
IP  193.186.9.79
AS44209
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Private Person/admin@nvffr.ru
Code: [Select]
hxxp://hdjfyi.ru/f.binmd5sum ===> 6909b0775f3589488f66c28d8a28ec8b
Code: [Select]
hxxp://hdjfyi.ru/3.php
Logged
February 06, 2011, 06:44:25 pm
Reply #581

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: Finland - EUHOSTFI-NET - EUHOST-AS
IP  91.221.67.4
[host-91-221-67-4.euhost.fi]
AS51765
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Vishnjakov Viktor Stepanovich/actionreklama@yandex.ru
Code: [Select]
hxxp://vimizont.com/cfg554/logo.gifmd5sum ===> d988e1575dba8aa1089b37c38e3e3367
Code: [Select]
hxxp://vimizont.com/vavilo/iktrkdjslppld.php
Logged
February 09, 2011, 10:45:04 am
Reply #582

CkreM

  • Special Access
  • Hero Member
  • Offline
  • *
  • 567
Re: New Zeus server
Zeus version 2.0.8.9:

Code: [Select]
http://micr0supdates.com/_crfsz/crzp11.exe
http://micr0supdates.com/_crfsz/crzp11
http://micr0supdates.com/_r0sx/_zen0r.php
Logged
Mal-Aware
February 09, 2011, 04:21:47 pm
Reply #583

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: Ukraine -FIN-ACTIVE-NET - FINACTIVE-AS
IP  193.186.9.94
AS44209
YNS1.YAHOO.COM
YNS2.YAHOO.COM
Registrant ID: E129705761092690
Registrant/Email Registrant: Donna Snyder/dadasd1231dadsadasda@yahoo.com
Code: [Select]
hxxp://iesnare.us/z2/config.binmd5sum ===> b5b89a3934582709e11bc7182e4a1b3e
Code: [Select]
hxxp://iesnare.us/z2/bot.exemd5sum ===> d33cdd00214d481127dfb3ecbb02d2bb
http://www.virustotal.com/file-scan/report.html?id=791d76089084e81cf82805615087c3b695dc478c758950abd515ec73e9020153-1297267840
VT 5/43 (11.6%)
Code: [Select]
hxxp://iesnare.us/z2/gate.php
IP Location: Ukraine - S.Point - SPOINT-AS
AS24965
Code: [Select]
hxxp://91.204.48.128/news/?s=36868md5sum ===> 511e164e5f9ab8a9f1d938298656e0d1
Code: [Select]
hxxp://91.204.48.128/news/?s=6225md5sum ===> 96217704be097f9c5adfeefe9d2dfa4c
Logged
February 10, 2011, 11:16:33 am
Reply #584

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
IP Location: Ukraine - S.Point - SPOINT-AS
AS24965
see: http://sitevet.com/db/asn/AS24965
Code: [Select]
hxxp://91.204.48.147/news/?s=169150md5sum ===> 5c6cf680ba39411165f6126333e9383f
Code: [Select]
hxxp://91.204.48.128/news/?s=6225md5sum ===> 7860bf837edb928d8f2b74bab354cba5


Logged
Pages: 1 ... 37 38 [39] 40 41 ... 48   Go Up
« previous next »