« previous next »
Pages: 1 ... 4 5 [6] 7 8 ... 48   Go Down

Author Topic: New Zeus server  (Read 394828 times)

0 Members and 2 Guests are viewing this topic.

January 25, 2010, 07:08:55 am
Reply #75

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Code: [Select]
hxxp://platinumhostingservice.comIP 109.95.114.194

AS50369
Registrar: ALANTRON BLTD

Updated Date: 05-dec-2009
Creation Date: 05-dec-2009

Name Aleksei Komarov
vista@fastermail.ru

Url config:

Code: [Select]
hxxp://platinumhostingservice.com/w847tvyf475ehh.bin
Trojans:

Code: [Select]
hxxp://platinumhostingservice.com/joystick.exe
md5sum ===> fa1f596612a133d03fa812fa7e24b9fc
http://www.virustotal.com/analisis/37832c0221a3a1deac71c6e71ce045c798f8d1ef18e58d8960fc0c52ea683fbc-1264395644
VT 3/41 (7.32%)

Code: [Select]
hxxp://platinumhostingservice.com/respunka.exe
md5sum ===> aa4a6ef6180e4e22e812f5f246a7c1fe
Code: [Select]
http://www.virustotal.com/analisis/eb7e508cbe961828a55d98e5ad0b5e97a247e23528da1140356d73bc3a3aaa0c-1264380635VT 4/41 (9.76%)

dropzone:

Code: [Select]
hxxp://platinumhostingservice.com/sukertoreurt.php
Logged
January 25, 2010, 08:14:19 am
Reply #76

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Code: [Select]
hxxp://smithyguy.com
IP 115.100.250.108
IP Location:
China - Beijing - Beijing - Beijing Qi Shang Zai Xian Rate Communications Technology Co. Ltd. Langfang Branch

AS9811
Registrar: TODAYNIC.COM, INC.

Updated Date: 20-jan-2010
Creation Date: 20-jan-2010

Registrant:
Name: Sport Co LTD
abuseemaildhcp@gmail.com

Nameserver Information:
ns1.ruskiii.com
ns2.ruskiii.com

Create: 2010-01-21 02:01:04
Update: 2010-01-21

Url config:

Code: [Select]
hxxp://smithyguy.com/smi/cfg.binmd5sum  ===> 0c37570ade7f3c9db8ddd18380424177
Logged
January 25, 2010, 01:25:59 pm
Reply #77

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Code: [Select]
hxxp://quicksitehostdns.com
IP 109.95.114.194
AS50369

Registrar: ALANTRON BLTD.

Updated Date: 22-dec-2009
Creation Date: 22-dec-2009

Name Polina Kuznetsova
wsw@maillife.ru

config url:
Code: [Select]
hxxp://quicksitehostdns.com/ykih648f464.bin

trojan:
Code: [Select]
hxxp://quicksitehostdns.com/morgus.exemd5sum ===> 587a6145b625027f1770fd795e889b00
http://www.virustotal.com/analisis/c6ad4aa7d5d190d9082e7efb2a1cf8b5cabd3542b209751f88e4de34897ced39-1264401795
VT 3/41 (7.32%)

dropzone:
Code: [Select]
hxxp://quicksitehostdns.com/kuskus.php
Logged
January 25, 2010, 02:28:51 pm
Reply #78

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Code: [Select]
hxxp://hostingdnssite.com
IP 109.95.114.196
AS50369

Registrar: ALANTRON BLTD.

Updated Date: 22-dec-2009
Creation Date: 22-dec-2009

Name Natalia Ilina
try@5mx.ru

config url:
Code: [Select]
hxxp://hostingdnssite.com/udkdhwehg84767.bin
trojan:
Code: [Select]
hxxp://hostingdnssite.com/rupor.exemd5sum ===> 4661e4763c6c5a16307abf8bb7e45c0e
http://www.virustotal.com/es/analisis/17027cc7b76fd71b05b5eb67cc65bd3e347cfee963e293c444d860781c74ba1f-1264429224
VT 9/41 (21.96%)
dropzone:
Code: [Select]
hxxp://hostingdnssite.com/katkat1.php
Logged
January 25, 2010, 04:44:50 pm
Reply #79

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Code: [Select]
hxxp://soprocms.com
IP 122.115.63.6
AS9811

Registrar: TODAYNIC.COM, INC.
Name Server: NS1.EVERYDNS.NET
Name Server: NS2.EVERYDNS.NET

Registrant: Alexander A Reva
Registrant email: klimckoe@yahoo.com

Updated Date: 10-jan-2010
Creation Date: 10-jan-2010

config url:
Code: [Select]
hxxp://soprocms.com/bot/cfg2.bin
dropzone:
Code: [Select]
hxxp://soprocms.com/bot/gate.php
Logged
January 25, 2010, 08:59:29 pm
Reply #80

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Code: [Select]
hxxp://postcodeknaller.nlIP 85.17.219.61

IP Location:
Netherlands - Noord-holland - Amsterdam - Leaseweb

Reverse: hosted-by.leaseweb.com
AS16265

Registrar: LeaseWeb B.V.




config url:
Code: [Select]
hxxp://postcodeknaller.nl/suez/config.bin
trojan:
Code: [Select]
hxxp://postcodeknaller.nl/suez/bot.exemd5sum ===> 4661e4763c6c5a16307abf8bb7e45c0e
http://www.virustotal.com/analisis/65633cd708aa630e4b8e6a81b9d8285b6f1f62c3f0097569bdb5d2df25129700-1264271393
VT 28/41 (68.29%)

dropzone:
Code: [Select]
hxxp://postcodeknaller.nl/suez/gate.php
*****************************************************************
See also:

Code: [Select]
hxxp://postcodeknaller.nl/
Logged
January 26, 2010, 04:09:11 am
Reply #81

CkreM

  • Special Access
  • Hero Member
  • Offline
  • *
  • 567
Re: New Zeus server
Nulled pack:
Code: [Select]
xxxcamerasexcheap.com/new/post.php
xxxcamerasexcheap.com/new/viewtopic.php?s=49c58ccafe
/edit

OOps...wrong place  :-\
Logged
Mal-Aware
January 27, 2010, 10:09:32 am
Reply #82

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Code: [Select]
hxxp://intleft.net
IP 217.23.9.133
IP Location: Netherlands - Worldstream
AS49981

Registrar: BIZCN.COM, INC.


Updated Date: 20-jan-2010
Creation Date: 20-jan-2010

Registrant Contact: Teresa Garcia
teresagarcia@xhotmail.net
Houston TX 77040

DNS:
ns3.cnmsn.com
ns4.cnmsn.com

Created: 2010-01-21

config url:
Code: [Select]
hxxp://intleft.net/mnogobaksov/www/cfg.bin
dropzone:
Code: [Select]
hxxp://intleft.net/mnogobaksov/www/gate.php
*******************************************

There are 2 domains hosted on this IP address:

Online-gamez.org
Pirate-loads.com
Logged
January 27, 2010, 02:51:27 pm
Reply #83

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Code: [Select]
hxxp//:s1.ebazaar.gr
IP: 217.112.89.11
IP Location: United Kingdom - England - Manchester - Poundhost Internet Services
Reverse:
Code: [Select]
dionysos.guru-host.com
AS29550

nameserver:
Code: [Select]
ns1.guru-host.com
config url:
Code: [Select]
hxxp//:s1.ebazaar.gr/tes/cfg.bin
dropzone:
Code: [Select]
hxxp://s1.ebazaar.gr/tes/gate.php

See also:

Trojans
Code: [Select]
hxxp://www.ebazaar.gr/js/reg_edit.exe
hxxp://ebazaar.gr/js/out_original.exe
hxxp://www.ebazaar.gr/js/out.exe
hxxp://www.ebazaar.gr/js/xer.exe
Code: [Select]
hxxp://www.ebazaar.grIP: 217.112.89.11
IP Location: United Kingdom - England - Manchester - Poundhost Internet Services
Reverse:
Code: [Select]
dionysos.guru-host.comAS29550
Logged
January 27, 2010, 03:33:48 pm
Reply #84

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Quote from: jackberri on January 27, 2010, 02:51:27 pm
Code: [Select]
hxxp//:s1.ebazaar.gr
IP: 217.112.89.11
IP Location: United Kingdom - England - Manchester - Poundhost Internet Services
Reverse:
Code: [Select]
dionysos.guru-host.com
AS29550

nameserver:
Code: [Select]
ns1.guru-host.com
config url:
Code: [Select]
hxxp//:s1.ebazaar.gr/tes/cfg.bin

dropzone:
Code: [Select]
hxxp://s1.ebazaar.gr/tes/gate.php

trojan:

Code: [Select]
hxxp://ebazaar.gr/js/out_original.exe
Logged
January 27, 2010, 03:51:49 pm
Reply #85

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: New Zeus server
Quote from: jackberri on January 27, 2010, 03:33:48 pm
Quote from: jackberri on January 27, 2010, 02:51:27 pm
Code: [Select]
hxxp//:s1.ebazaar.gr
IP: 217.112.89.11
IP Location: United Kingdom - England - Manchester - Poundhost Internet Services
Reverse:
Code: [Select]
dionysos.guru-host.com
AS29550

nameserver:
Code: [Select]
ns1.guru-host.com
config url:
Code: [Select]
hxxp//:s1.ebazaar.gr/tes/cfg.bin

dropzone:
Code: [Select]
hxxp://s1.ebazaar.gr/tes/gate.php

trojan:

Code: [Select]
hxxp://ebazaar.gr/js/out_original.exe

Code: [Select]
s1.ebazaar.gr/tes/bt.exe
Logged
Ruining the bad guy's day
January 27, 2010, 06:33:26 pm
Reply #86

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
New file for

Code: [Select]
hxxp://laiserattack.com
url config:
Code: [Select]
hxxp://laiserattack.com/asshole.jpg
domains hosted on this IP address:
Code: [Select]
blindefail.com
Logged
January 27, 2010, 11:23:21 pm
Reply #87

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Code: [Select]
hxxp://www.whiskyshopdufftown.co.uk
IP
Code: [Select]
83.223.101.118
Reverse:
Code: [Select]
server.britserver4.comIP Location: United Kingdom - G-cust-cj

AS29017

Registrant: Fiona Murdoch

config url:
Code: [Select]
hxxp://www.whiskyshopdufftown.co.uk/images/mail/config.bin
dropzone:
Code: [Select]
hxxp://www.whiskyshopdufftown.co.uk/images/mail/ip.php
Logged
January 27, 2010, 11:29:14 pm
Reply #88

SysAdMini

  • Administrator
  • Hero Member
  • Offline
  • *****
  • 3335
Re: New Zeus server
Quote from: jackberri on January 27, 2010, 11:23:21 pm

dropzone:
hxxp://www.whiskyshopdufftown.co.uk/images/mail/ip.php

Code: [Select]
www.linmaoshuiqing.cn/includes/maduls/gate.php
Logged
Ruining the bad guy's day
January 27, 2010, 11:34:23 pm
Reply #89

jackberri

  • Special Members
  • Hero Member
  • Offline
  • *
  • 1508
Re: New Zeus server
Quote from: SysAdMini on January 27, 2010, 11:29:14 pm


dropzone:
hxxp://www.whiskyshopdufftown.co.uk/images/mail/ip.php

Code: [Select]
www.linmaoshuiqing.cn/includes/maduls/gate.php[/quote]

My apologies
 :-[
Logged
Pages: 1 ... 4 5 [6] 7 8 ... 48   Go Up
« previous next »