New Zeus server

[jackberri]

Code: [Select]

hxxp://chocolatery.info/config.bin
hxxp://chocolatery.info/bot.exe
hxxp://chocolatery.info/gate.php

[jackberri]

New files for 

Code: [Select]

193.104.27.171

Code: [Select]

hxxp://193.104.27.171/uk/ukk1.bin
hxxp://193.104.27.171/moneyuk1.exe
hxxp://193.104.27.171/ukk/gg1.php

[jackberri]

Only the config file 

Code: [Select]

hxxp://wermacht.net/12/c1.bin

[SysAdMini]

Only the config file 

Code: [Select]

hxxp://wermacht.net/12/c1.bin

No problem. Found.

[jackberri]

Code: [Select]

hxxp://history03kf.com/P0rtL1ps/657n8y4trb887.bin
hxxp://history03kf.com/P0rtL1ps/MNcs6d5rcw4CWEWE54weh5EJt5j6TSDY5.php

[jackberri]

Only the config file 

Code: [Select]

hxxp://silence7.homeip.net/zx/config.bin
IP

Code: [Select]

95.169.186.103

Code: [Select]

silence7.homeip.net has one IP number , but the reverse is ns.km34517.keymachine.de. homeip.net is a domain controlled by five nameservers at dyndns.org. All of them are on different IP networks. Incoming mail for homeip.net is handled by two mailservers having a total of 14 IP numbers. Two mailservers have the same IP number. All of them are on the same IP network. homeip.net has one IP number. silence7.homeip.net is hosted on a server in Russian Federation.

[jackberri]

Code: [Select]

http://donccapone.com/tmp/check.php

Code: [Select]

IP: 195.78.108.50
And:

Code: [Select]

1211news.com/index.exe

Code: [Select]

1211news.com//tmp/check.php

Code: [Select]

promoalp.ru

[jackberri]

Code: [Select]

hxxp://vifiogod7com.net/vgame/logo.jpgIP:

Code: [Select]

115.100.250.114
AS9811

[jackberri]

Code: [Select]

hxxp://cashing-s.com/exp/cfg.binIP

Code: [Select]

122.115.63.45Route

Code: [Select]

122.115.60.0/22AS9803

[jackberri]

Code: [Select]

hxxp://www.traffsearch.com/zecp/cfg2.bin
hxxp://www.traffsearch.com/zecp/gate.php
IP

Code: [Select]

212.95.38.98
Create: 2010-01-09 01:13:18
Reverse Lookup

Code: [Select]

ns3.erikmedya.comCreation Date: 08-jan-2010
AS28753

[jackberri]

Code: [Select]

hxxp://britishsupport.net/bx/vlc.exe
hxxp://britishsupport.net/bx/cgi.bin
IP

Code: [Select]

222.122.60.186AS4766

[jackberri]

Code: [Select]

hxxp://businesscosult4u.comCreation Date: 10-jan-2010
IP: 122.115.63.4
Reverse: netnic.com.cn
AS: AS9803

binary url

Code: [Select]

hxxp://businesscosult4u.com/load/load.exe
http://www.virustotal.com/es/analisis/33e1dae365ac4c0a643eb542d9e705cc181f5b754e7c73e4b1486515075fee03-1263497416
VT 8/41 (19.52%)

dropzone

Code: [Select]

hxxp://businesscosult4u.com/include/linkstat.php

[jackberri]

Code: [Select]

hxxp://zexmad.com
Creation Date: 12-jan-2010

IP: 91.213.174.13

config file

Code: [Select]

hxxp://zexmad.com/web/cfg.bin
binary url

dropzone

Code: [Select]

hxxp://zexmad.com/web/gate.php

[jackberri]

config file

Code: [Select]

hxxp://pilonoc.cn/web/cfg.bin
binary url

Code: [Select]

hxxp://pilonoc.cn/web/ldr.exe
dropzone

Code: [Select]

hxxp://pilonoc.cn/web/gate.php
Are now online

[SysAdMini]

config file

Code: [Select]

hxxp://pilonoc.cn/web/cfg.bin
binary url

Code: [Select]

hxxp://pilonoc.cn/web/ldr.exe
dropzone

Code: [Select]

hxxp://pilonoc.cn/web/gate.php
Are now online

Thank you, but already on list.

http://www.malwaredomainlist.com/mdl.php?search=pilonoc.cn&colsearch=All&quantity=50