ZeUs and other malicious goodness .....

MysteryFCM
Posts: 4912
Joined: Mon Jul 14, 2008 4:47 pm

ZeUs and other malicious goodness .....

Post by MysteryFCM » Mon Nov 30, 2009 5:34 am

Whole host of malicious goodness here for you (entire range (/24) needs painting red, preferably using a tank);

http://www.robtex.com/cnet/193.104.22.html

IP range is also associated with the ZeUs infection.

tinfoil
Posts: 240
Joined: Sat Sep 26, 2009 6:33 pm

Ratable list

Post by tinfoil » Mon Nov 30, 2009 4:58 pm

193.104.22.11
193.104.22.12
193.104.22.20
193.104.22.25
193.104.22.35
193.104.22.50
193.104.22.51
*.redirectcounter3.com
mail.redirectcounter3.com
redirectcounter3.com
ns1.redirectcounter3.com
ns2.redirectcounter3.com
print-design.cn
chinaaaredarmy.com
antispycenterprof.com
antispyware24x7.com
antispywaresnet.com
antispywarets.com
antisspywarescenter.com
bestantispysoft2010.com
eliminater2009pro.com
itsafetyonline.com
ivirusidentify.com
iwebantispyware.com
iwebpcdoctor.com
iwebpcprotect.com
myprivatesoft2009.com
ns1.antispyware24x7.com
ns1.antispywaresnet.com
ns1.antispywarets.com
ns1.bestantispysoft2010.com
ns1.eliminater2009pro.com
ns1.itsafetyonline.com
ns1.ivirusidentify.com
ns1.iwebantispyware.com
ns1.iwebpcdoctor.com
ns1.myprivatesoft2009.com
ns1.onlineantispysoft.com
ns1.pcdoctorz2010.com
ns1.pcprotect2010.com
ns1.pcsafety2009pro.com
ns1.pcsafetyplatinum.com
ns1.securityprosoft.com
ns1.securityztop.com
ns1.spydetector2009.com
ns1.spywaredetect24pro.com
ns1.viridentifycenter.com
ns1.websantispyware.com
ns1.webspydetectunlim.com
ns1.worldantispyware1.com
ns1.worldsantispysoft.com
onlineantispysoft.com
pcdoctorz2010.com
pcprotect2010.com
pcsafety2009pro.com
pcsafetyplatinum.com
securityprosoft.com
securityztop.com
spydetector2009.com
spywaredetect24pro.com
viridentifycenter.com
websantispyware.com
webspydetectunlim.com
winvantivirus.com
worldantispyware1.com
worldsantispysoft.com
antispyware24x7.com
antispywaresnet.com
antispywarets.com
antisspywarescenter.com
bestantispysoft2010.com
eliminater2009pro.com
itsafetyonline.com
ivirusidentify.com
iwebantispyware.com
iwebpcprotect.com
myprivatesoft2009.com
onlineantispysoft.com
pcdoctorz2010.com
pcprotect2010.com
pcsafety2009pro.com
pcsafetyplatinum.com
securityprosoft.com
securityztop.com
viridentifycenter.com
websantispyware.com
webspydetectunlim.com
worldantispyware1.com
worldsantispysoft.com
antispyware24x7.com
ns2.antispywaresnet.com
ns2.antisspywarescenter.com
ns2.itsafetyonline.com
ns2.onlineantispysoft.com
ns2.pcdoctorz2010.com
ns2.pcprotect2010.com
ns2.pcsafety2009pro.com
ns2.pcsafetyplatinum.com
ns2.securityprosoft.com
ns2.securityztop.com
ns2.spywaredetect24pro.com
ns2.viridentifycenter.com
ns2.websantispyware.com
ns2.webspydetectunlim.com
ns2.worldantispyware1.com
ns2.worldsantispysoft.com


I don't have any red paint with me today, but I killed a few spammers earlier, so I can use their remains. ;D

cconniejean
Posts: 696
Joined: Sun Jul 13, 2008 12:16 pm

Rated and comment with link

Post by cconniejean » Mon Nov 30, 2009 6:42 pm

Rated and comment with link to this thread.

c۞g
Posts: 21225
Joined: Mon Jan 05, 2009 4:02 am

re: ZeUs and other malicious goodness

Post by c۞g » Tue Dec 01, 2009 2:09 am

Whole host of malicious goodness here for you (entire range (/24)
256 IP's with all associated domains...
BTW, are these referenced in [url=https://zeustracker.abuse.ch/index.php t=_self]Zeus Tracker[/url] and if not... should they be?

[url=http://www.robtex.com/route/193.104.22.0-24.html t=_self][img]http://www.robtex.com/dot/193.104.22.0/24,AS34305,AS6461,AS6939,AS174,AS3549,AS9009,AS3356,AS2497,AS2914,AS6320,AS20562,AS12956,AS293,AS1103,AS8359,AS3303,AS20932,AS39792,AS12989,AS6067,AS9002,AS1221,AS5392,AS14361,AS16150,AS3267,AS286,AS3292,AS6762,AS4637!22-30,25-6,25-3,13-3,28-2,29-2,24-2,13-2,28-6,29-3,20-3,23-5,24-3,19-6,27-3,20-1,12-3,30-3,8-3,7-2,9-2,14-1,11-1,21-1,10-1,17-1,18-1,26-1,16-1,15-1,5-2,6-1,4-1,3-1,2-1,1-0!2.png[/img][/url]

inetnum: 193.104.22.0 - 193.104.22.255
netname: KratosWeb-NET
descr: Kratos LTD
country: MT

First the [url=http://rationalwiki.com/wiki/Conservapedia:IP_blocks#...and_.22.2F24.22.3F t=_self]/24 block[/url] of IP's
193.104.22.0
193.104.22.1
193.104.22.2
teratata.com
mail.teratata.com
slut.teratata.com
193.104.22.3
193.104.22.4
193.104.22.5
193.104.22.6
193.104.22.7
193.104.22.8
193.104.22.9
193.104.22.10
193.104.22.11
mail.redirectcounter3.com
ns1.redirectcounter3.com
redirectcounter3.com
root.redirectcounter3.com
193.104.22.12
ns2.redirectcounter3.com
193.104.22.13
193.104.22.14
193.104.22.15
193.104.22.16
193.104.22.17
193.104.22.18
193.104.22.19
193.104.22.20
print-design.cn
193.104.22.21
193.104.22.22
193.104.22.23
193.104.22.24
193.104.22.25
193.104.22.26
193.104.22.27
193.104.22.28
193.104.22.29
193.104.22.30
193.104.22.31
193.104.22.32
193.104.22.33
193.104.22.34
193.104.22.35
chinaaaredarmy.com
193.104.22.36
193.104.22.37
193.104.22.38
193.104.22.39
193.104.22.40
193.104.22.41
193.104.22.42
193.104.22.43
193.104.22.44
193.104.22.45
193.104.22.46
193.104.22.47
193.104.22.48
193.104.22.49
193.104.22.50
antispycenterprof.com
antispyware24x7.com
antispywaresnet.com
antispywarets.com
antisspywarescenter.com
bestantispysoft2010.com
eliminater2009pro.com
itsafetyonline.com
ivirusidentify.com
iwebantispyware.com
iwebpcdoctor.com
iwebpcprotect.com
myprivatesoft2009.com
ns1.antispyware24x7.com
ns1.antispywaresnet.com
ns1.antispywarets.com
ns1.bestantispysoft2010.com
ns1.eliminater2009pro.com
ns1.itsafetyonline.com
ns1.ivirusidentify.com
ns1.iwebantispyware.com
ns1.iwebpcdoctor.com
ns1.myprivatesoft2009.com
ns1.onlineantispysoft.com
ns1.pcdoctorz2010.com
ns1.pcprotect2010.com
ns1.pcsafety2009pro.com
ns1.pcsafetyplatinum.com
ns1.securityprosoft.com
ns1.securityztop.com
ns1.spydetector2009.com
ns1.spywaredetect24pro.com
ns1.viridentifycenter.com
ns1.websantispyware.com
ns1.webspydetectunlim.com
ns1.worldantispyware1.com
ns1.worldsantispysoft.com
onlineantispysoft.com
pcdoctorz2010.com
pcprotect2010.com
pcsafety2009pro.com
pcsafetyplatinum.com
securityprosoft.com
securityztop.com
spydetector2009.com
spywaredetect24pro.com
viridentifycenter.com
websantispyware.com
webspydetectunlim.com
winvantivirus.com
worldantispyware1.com
worldsantispysoft.com
193.104.22.51
ns2.antispyware24x7.com
ns2.antispywaresnet.com
ns2.antisspywarescenter.com
ns2.bestantispysoft2010.com
ns2.eliminater2009pro.com
ns2.itsafetyonline.com
ns2.ivirusidentify.com
ns2.iwebantispyware.com
ns2.onlineantispysoft.com
ns2.pcdoctorz2010.com
ns2.pcprotect2010.com
ns2.pcsafety2009pro.com
ns2.pcsafetyplatinum.com
ns2.securityprosoft.com
ns2.securityztop.com
ns2.spywaredetect24pro.com
ns2.viridentifycenter.com
ns2.websantispyware.com
ns2.webspydetectunlim.com
ns2.worldantispyware1.com
ns2.worldsantispysoft.com
193.104.22.52
193.104.22.53
193.104.22.54
193.104.22.55
193.104.22.56
193.104.22.57
193.104.22.58
193.104.22.59
193.104.22.60
193.104.22.61
193.104.22.62
193.104.22.63
193.104.22.64
193.104.22.65
193.104.22.66
193.104.22.67
193.104.22.68
193.104.22.69
193.104.22.70
193.104.22.71
193.104.22.72
193.104.22.73
193.104.22.74
193.104.22.75
193.104.22.76
193.104.22.77
193.104.22.78
193.104.22.79
193.104.22.80
193.104.22.81
193.104.22.82
193.104.22.83
193.104.22.84
193.104.22.85
193.104.22.86
193.104.22.87
193.104.22.88
193.104.22.89
193.104.22.90
193.104.22.91
193.104.22.92
193.104.22.93
193.104.22.94
193.104.22.95
193.104.22.96
193.104.22.97
193.104.22.98
193.104.22.99
193.104.22.100
193.104.22.101
193.104.22.102
193.104.22.103
193.104.22.104
193.104.22.105
193.104.22.106
193.104.22.107
193.104.22.108
193.104.22.109
193.104.22.110
193.104.22.111
193.104.22.112
193.104.22.113
193.104.22.114
193.104.22.115
193.104.22.116
193.104.22.117
193.104.22.118
193.104.22.119
193.104.22.120
193.104.22.121
193.104.22.122
193.104.22.123
193.104.22.124
193.104.22.125
193.104.22.126
193.104.22.127
193.104.22.128
193.104.22.129
193.104.22.130
193.104.22.131
193.104.22.132
193.104.22.133
193.104.22.134
193.104.22.135
193.104.22.136
193.104.22.137
193.104.22.138
193.104.22.139
193.104.22.140
193.104.22.141
193.104.22.142
193.104.22.143
193.104.22.144
193.104.22.145
193.104.22.146
193.104.22.147
193.104.22.148
193.104.22.149
193.104.22.150
193.104.22.151
193.104.22.152
193.104.22.153
193.104.22.154
193.104.22.155
193.104.22.156
193.104.22.157
193.104.22.158
193.104.22.159
193.104.22.160
193.104.22.161
193.104.22.162
193.104.22.163
193.104.22.164
193.104.22.165
193.104.22.166
193.104.22.167
193.104.22.168
193.104.22.169
193.104.22.170
193.104.22.171
193.104.22.172
193.104.22.173
193.104.22.174
193.104.22.175
193.104.22.176
193.104.22.177
193.104.22.178
193.104.22.179
193.104.22.180
193.104.22.181
193.104.22.182
193.104.22.183
193.104.22.184
193.104.22.185
193.104.22.186
193.104.22.187
193.104.22.188
193.104.22.189
193.104.22.190
193.104.22.191
193.104.22.192
193.104.22.193
193.104.22.194
193.104.22.195
193.104.22.196
193.104.22.197
193.104.22.198
193.104.22.199
193.104.22.200
193.104.22.201
193.104.22.202
193.104.22.203
193.104.22.204
193.104.22.205
193.104.22.206
193.104.22.207
193.104.22.208
193.104.22.209
193.104.22.210
193.104.22.211
193.104.22.212
193.104.22.213
193.104.22.214
193.104.22.215
193.104.22.216
193.104.22.217
193.104.22.218
193.104.22.219
193.104.22.220
193.104.22.221
193.104.22.222
193.104.22.223
193.104.22.224
193.104.22.225
193.104.22.226
193.104.22.227
193.104.22.228
193.104.22.229
193.104.22.230
193.104.22.231
193.104.22.232
193.104.22.233
193.104.22.234
193.104.22.235
193.104.22.236
193.104.22.237
193.104.22.238
193.104.22.239
193.104.22.240
193.104.22.241
193.104.22.242
193.104.22.243
193.104.22.244
193.104.22.245
193.104.22.246
193.104.22.247
193.104.22.248
193.104.22.249
193.104.22.250
193.104.22.251
193.104.22.252
193.104.22.253
193.104.22.254
193.104.22.255


needs painting red, preferably using a tank);
I like handhelds, they're... more of a personal touch. :-)

[img]http://i562.photobucket.com/albums/ss66/gate7wizard/WOT%20Shark/WOT_gatlin.png[/img]
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W

Xp54321
Posts: 1046
Joined: Sun Oct 05, 2008 3:14 am

Done

Post by Xp54321 » Tue Dec 01, 2009 3:13 am

Rated and commented.

Thanks.

:-)

—Xp54321

MysteryFCM
Posts: 4912
Joined: Mon Jul 14, 2008 4:47 pm

....

Post by MysteryFCM » Tue Dec 01, 2009 1:22 pm

Some of them are referenced in ZeUsTracker, yes, not all of them AFAIK though, but the entire range has been malicious for aslong as I can remember (along with a few RapidSwitch ranges if you fancy some work when you're not busy ;o))

Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net

c۞g
Posts: 21225
Joined: Mon Jan 05, 2009 4:02 am

re: RapidSwitch ranges

Post by c۞g » Tue Dec 01, 2009 10:16 pm

Post them in a new thread... "RapidSwitch Ranges" might be a good title, along with why they're not Trustworthy. If I can't find time, I'm sure others in this Community could.
;-)
-------
WOT Services Ltd. - gives us safety through Web of Trust.
WOT Community - gives us security through unity.
Thank you all
- G7W

amishrabbit
Posts: 544
Joined: Wed Jun 24, 2009 4:10 pm

"why they're not trustworthy"

Post by amishrabbit » Wed Dec 02, 2009 11:31 pm

as in [url=http://hphosts.blogspot.com/2008/09/242-reasons-to-avoid-781291429.html t=_self]this[/url] or [url=http://www.google.com/safebrowsing/diagnostic?site=AS:29131 t=_self]this[/url]?

phantazm
Posts: 4906
Joined: Thu Jan 03, 2008 1:46 pm

Done too...

Post by phantazm » Wed Dec 16, 2009 12:30 am

Rated and commented; a bit later but finally done...

Meep
Posts: 51
Joined: Sat Mar 21, 2009 11:07 pm

Curiously, I don't see that

Post by Meep » Wed Dec 16, 2009 12:22 pm

Curiously, I don't see that range on Spamhaus SBL or if it was, it was already removed, not sure without more research.

The closest SBL blocklisting is on: 193.104.27.0/24
See http://www.spamhaus.org/sbl/sbl.lasso?query=SBL81900
Spamhaus put a lot of Zeus Botnet C&C ranges either under RIPE or nline.ru
http://www.spamhaus.org/sbl/listings.lasso?isp=nline.ru
http://hosts-file.net/?s=193.104.27.211
Spamming info forum - http://inboxrevenge.com

Post Reply

Who is online

Users browsing this forum: No registered users and 9 guests