Unfortunately i do not have a sandbox or netflow at my disposal but i came across this outbound request on our network, the ip correlates to an older Zeus v2 server though after running it through numerous online analyzers, i found it to host some nasty iframes pointing to some known malicious java and .pdf exploits.
http://oooooo1.ru Exploits being served
Hidden I-frames in the above point to
Which had the following show up in URLvoid,http://wepawet.cs.ucsb.edu/view.php?hash=affed39dae0585650a79aa1478d6f91f&t=1281121042&type=js
If i come across any new ones ill throw them in this thread. Any further investigation to determine whether it is hosting a C&C or just the exploits i came across would be helpful. Thanks.