New Zeus server

[jackberri]

config file:
IP Location: Malaysia - Exa Bytes Network Sdn.Bhd. - EXABYTES-AS-AP
IP 110.4.45.100
[angelica.mschosting.com]
AS46015
Registrant/Registrant Email: Mohd Suhaimi Hassan/zam@krimnet.com

Code: [Select]

hxxp://ketengahholding.com.my/boom.jpgmd5sum ===> 636fc5028a363ab000f997c4d78cf65f
SHA256 ===>  c36d10acd33f9e198246618c6a1b75579bc0e108eba07c86ba33a5a2f1c759b4
ZeuS trojan:
IP Location: Germany  - PlusServer AG - PLUSSERVER-AS
IP 85.25.152.20
[india800.server4you.de]
AS8972
Registrant/Registrant Email: Christian Gatzen/christian@gatzen.info

Code: [Select]

hxxp://music-nah.de/zoom1.gifmd5sum ===> 9cd61119095bc039b879fa673808b08c
SHA256 ===>  37035c16e7c5b12d479b7e6bc2972946b3954eb8f43169cf2a94b3149874dff1
http://www.virustotal.com/es/analisis/37035c16e7c5b12d479b7e6bc2972946b3954eb8f43169cf2a94b3149874dff1-1278670664
VT 19/41 (46.35%)
dropzone (already listed):

Code: [Select]

hxxp://www.listwowgame.com/webstate/webstat.php
IP Location: Bosnia and Herzegovina  - GlobalNET Bosnia - BA-GLOBALNET-AS
IP 77.78.240.113
AS42560
Registrant/Registrant Email: Private Person/esvr@freemailbox.ru

Code: [Select]

hxxp://esvr1.ru/bin/aobeuzar.binmd5sum ===> 056ceb74d44771133804a8d1eda6ae7d
SHA256 ===>  5be567e26421720b71c857f8efc08f9a47a96f56e1138159258ae5d0ba39a359

Code: [Select]

hxxp://esvr1.ru/bin/aobeuzar.exemd5sum ===> 3063bdae2b6cdcd61dfcc4d96aeae201
SHA256 ===>  f434b993fb60090de7e85983fac298fb136bac547087811ee2ffe03861f492e0
http://www.virustotal.com/es/analisis/f434b993fb60090de7e85983fac298fb136bac547087811ee2ffe03861f492e0-1278664051
VT 36/41 (87.81%)

IP Location: China - China Telecom JiangXi province - CHINA-TELECOM
IP 59.53.91.121
AS4134
Registrant/Registrant Email: Lyubov Bushmakina/rat@bigmailbox.ru

Code: [Select]

hxxp://snasidsopa.com/dez/dez.lomd5sum ===> ae7ffdc100a387a1ec87c695ea10447e
SHA256 ===>  baf878574b68ab747db42e13fa620c47d5c92463947c550b3553161917a1cc26

Code: [Select]

hxxp://snasidsopa.com/dez/dez.exemd5sum ===> 60f41a41089e6df3cfb1d1273e138ce4
SHA256 ===>  aa4304476f721b2cef9885882756d93342a8f2d4d6d19a8f4cc7c8f0d00b02f9
http://www.virustotal.com/es/analisis/aa4304476f721b2cef9885882756d93342a8f2d4d6d19a8f4cc7c8f0d00b02f9-1278665941
VT 22/41 (53.66%)
related:

Code: [Select]

hxxp://bluestateing.com/

new files:

Code: [Select]

hxxp://vertucom62.me/mas/stam/server.php

[jackberri]

IP Location: United States  - 1&1 Internet Inc. - ONEANDONE-AS
IP 74.208.95.157
AS8560
Registrant/Registrant Email: Srinivas Yedida/yr_sri@yahoo.com

Code: [Select]

hxxp://raysdp.com/Images/zoom1.gif       md5sum 11d313b26f58028be2f1d3faee6b75d2
hxxp://raysdp.com/Images/zoom2.gif       md5sum 439dcf838705d54269605f8d98b7d5a3
hxxp://raysdp.com/Images/zoom3.gif       md5sum 41377b2f8b94eb3df31a4c4a557f0194
hxxp://raysdp.com/Images/zoom4.gif       md5sum 2e96c2ca618c99198da86e8bddb992c5
hxxp://raysdp.com/Images/zoom5.gif       md5sum aac1b8f7b85359caf6bb2a99bcdd37b4
hxxp://raysdp.com/Images/zoom6.gif       md5sum 4bf165a7b53892766769f92f57fc6c49http://www.virustotal.com/es/analisis/67614d015d781ad0e19d0bc0cd04ebba3ae49a624c5a6174cd21e7d0ee187ba2-1278677865
http://www.virustotal.com/es/analisis/ce34c93559ca17748c42454819a6832d45061bc4972e8660ea6a7771f071342b-1278677938
http://www.virustotal.com/es/analisis/ce4ff16a3af9ba9a1111a73244732a110305b24dd80eeb57b79ef6a5c82ae2be-1278678034
http://www.virustotal.com/es/analisis/a25c23ad56d372f2dced72e26f38da40e118d2e1526089bb458025443f8e92d5-1278678071
http://www.virustotal.com/es/analisis/189c55aee25c18f6ae61f22ce7ad9b143d1624cbdc3b710fd4be9bdf700913c5-1278678109
http://www.virustotal.com/es/analisis/88d699924757bf56e1c5a9646b890ada4108c46d874e350c3f91d4e162a5e7d8-1278678138
config file (already listed):

Code: [Select]

hxxp://linkbuilding.nl/boom.jpgdropzone (already listed):

Code: [Select]

hxxp://www.listwowgame.com/webstate/webstat.php

[jackberri]

IP Location: France - OVH ISP Paris - OVH Paris
IP 213.186.33.87
[cluster014.ovh.net]
AS16276
Registrant/Registrant Email: Belkadi Abdelkader/fuarjyu9kjkaam6kzc5y@u.o-w-o.info

Code: [Select]

hxxp://talents-dz.com/images/zoom1.gif       md5sum 737a85da9311cca0e89de1fc4ec72394
hxxp://talents-dz.com/images/zoom2.gif       md5sum f241d2cac45d5d0f4efd53801e8b73behttp://www.virustotal.com/es/analisis/8ed5d2407aa39e959de52c595fe9170a74870b86bf8307e6ce371ffb47c59066-1278685617
http://www.virustotal.com/es/analisis/678254be3e5bcc568891957c127f5e8285aa5ef2b88999a98dc5c12d72df5549-1278685867

config file (already listed):

Code: [Select]

hxxp://ketengahholding.com.my/boom.jpg
dropzone (already listed):

Code: [Select]

hxxp://www.listwowgame.com/webstate/webstat.php

[jackberri]

IP Location: Netherlands  - LEASEWEB - LeaseWeb AS
IP 85.17.143.67
[w1.attodns.nl]
AS16265
ZeuS trojan:

Code: [Select]

hxxp://randycolle.nl/sisadmin_doktor_2.jpgmd5sum ===> 4d55f4449a5d548465e96a1d1df215a1
SHA256 ===>  a19ea880adc160d9319f61dafe36caad3d1980c2b60a634b73c1288be187bd96
http://www.virustotal.com/es/analisis/a19ea880adc160d9319f61dafe36caad3d1980c2b60a634b73c1288be187bd96-1278699340
VT 15/41 (36.59%)
config file:

Code: [Select]

hxxp://ketengahholding.com.my/baner.gifmd5sum ===> 9962d2be7b62475107534fd795d73c97
SHA256 ===>  3f16e7c6af7c71de93d52787e74bcf3e8064400ffdc13a36d6d1b42ef117bc0b

dropzone (already listed):

Code: [Select]

hxxp://www.listwowgame.com/webstate/webstat.php

[jackberri]

IP Location: Austria - ANEXIA Internetdienstleistungs GmbH - ANEXIA-AS
IP 188.65.74.70
AS42473
Registrant ID: TOD-42502831
Registrant/Registrant Email: Joudy Lay/admin@kjjm.biz

Code: [Select]

hxxp://kjjm.biz/backup.tgzmd5sum ===> 072ee350762c82aaf301e1973e2f91fc
SHA256 ===>  95bf83103fdb6c5ef0dae19f40dfd6905e39e5f1b311dbd215e3fb73192e07b9

IP Location: Taiwan  - KGEX.com - KGTNET-TW KG Telecommunication Co
IP 61.61.20.136
AS9918
Registrant ID: TOD-42502831
Registrant/Registrant Email: Hilary Kneber/hilarykneber@yahoo.com

Code: [Select]

hxxp://lyuboidomen.net/src/footer.jpgmd5sum ===> 0e7ecc2599199d07700985cc463108cc
SHA256 ===>  8e58c71f1c06cbbd1d4e530a1ac38eefc3bb9ae87c1cfdfc3f14a8865d32831f

Code: [Select]

hxxp://yuboidomen.net/src/img.php
config file:
IP Location: United States - PNAP-CHG layeredtech routes - FASTSERVERS , Inc
IP 74.200.236.203
[ws20.pronameserver.com]
AS16805
Registrant/Registrant Email: James Shayler/jamesshayler@btopenworld.com

Code: [Select]

hxxp:///phuket-apartmentrentals.com/baner.gifmd5sum ===> 9962d2be7b62475107534fd795d73c97
SHA256 ===>  3f16e7c6af7c71de93d52787e74bcf3e8064400ffdc13a36d6d1b42ef117bc0b
ZeuS trojan:
IP Location: United States  - ThePlanet.com Internet Services, Inc. - THEPLANET-AS2
IP 67.15.56.68
[win2.interactivedns.com]
AS21844
Registrant/Registrant Email: T-soft/prashpadia@gmail.com

Code: [Select]

hxxp://t-softindia.com/sisadmin_doktor_2.jpgmd5sum ===> f37409323f5fd5ec4851ba6e532e02a4
SHA256 ===>  346d6a6ebe57c28a64eb9fe1cb512332a5c25106904248945664f007f52642b2
http://www.virustotal.com/es/analisis/346d6a6ebe57c28a64eb9fe1cb512332a5c25106904248945664f007f52642b2-1278760851
VT 19/41 (46.35%)
dropzone (already listed):

Code: [Select]

hxxp://www.listwowgame.com/webstate/webstat.php
IP Location: Germany - HANSENET - HANSENET Telekommunikation GmbH
IP 92.227.85.52
[g227085052.adsl.alicedsl.de]
AS13184
Registrant/Registrant Email: Linda J. Watts/LindaJWatts@bigmail.net

Code: [Select]

hxxp://hosting-king.net/config.binmd5sum ===> 10886337e9c6af2c15311f1538316f67
SHA256 ===>  a314e5b0dc318a44572dcb40b15c05da1f619b53459df7bdbc2a6e575dddb361

Code: [Select]

hxxp://hosting-king.net/bot.exemd5sum ===> ce81df0e7050bd417f2ff20ff98b1b60
SHA256 ===>  25a8ec602c85f1764543e2748a1dfaa86a7dfe387621d105f0f6892dc7809083
http://www.virustotal.com/es/analisis/25a8ec602c85f1764543e2748a1dfaa86a7dfe387621d105f0f6892dc7809083-1278757270
VT 12/41 (29.27%)

IP Location: Germany  - SCHLUND-PA-4 - ONEANDONE-AS
IP 82.165.223.177
[kundenserver.de]
AS8560
Registrant/Registrant Email: Frederic Fransen/fransen.f@gmail.com

Code: [Select]

hxxp://fredericfransen.com/zoom1.gifmd5sum ===> e6b33e0eb9791e6ebe49d40c62f80791
SHA256 ===>  fbaa169a4e457cc8f10d29c77775ab6259da7d7848a73d3f191593a3d889fe6f
http://www.virustotal.com/es/analisis/fbaa169a4e457cc8f10d29c77775ab6259da7d7848a73d3f191593a3d889fe6f-1278760005
VT 19/40 (47.5%)
config file (already listed):

Code: [Select]

hxxp://ketengahholding.com.my/boom.jpg

[jackberri]

Code: [Select]

hxxp://yuboidomen.net/src/img.php

sorry:

Code: [Select]

hxxp://lyuboidomen.net/src/img.php

[jackberri]

IP Location: Moldova - STARNET-AS
IP 195.206.246.246
AS31252
Registrant/Registrant Email: Alex Frog/admin@agradomhome109.com

Code: [Select]

hxxp://chanellinedot27.com/Fant0m1cks/RWhtriyDR43y5gFtyTE65.binmd5sum ===> 411db9344ebf852735c27cbc54bc751c
SHA256 ===>  f7080abc050460488234e7f7c05598cc7e25e5e0f441fa82841c25548c097e0b

Code: [Select]

hxxp://chanellinedot27.com/Fant0m1cks/LXiuyyYyr64i6Yt6Ck76xcti5CVtyto7d6fVl676fVtt3.php
IP Location: United States - ADDED FOR - AS36444
IP 207.32.185.30
AS36444
Registrant/Registrant Email: Domains by Proxy, Inc./ACCURATEABSTRACTS.COM@domainsbyproxy.com

Code: [Select]

hxxp://accurateabstracts.com/IMG/Accurate_03.jpgmd5sum ===> 166f297bfb6105de94e376c234faccf4
SHA256 ===>  88b63bc62c5f33782243866348bba7485f33b3ad63f38d9bff39c240c7c82eab

[jackberri]

Code: [Select]

hxxp://91.194.0.163/joseppe_vaudg.binmd5sum ===> d4f54381fe4a112e4f79118ca075fada
SHA256 ===>  08a9a5e52c00327c00d683cd7481f58b0d53fce0ad3a7565e742f1fea5934a45

[jackberri]

IP Location: Israel - Proxy-registered route objec - BEZEQ-INTERNATIONAL-AS
IP 62.219.30.3
[win40.1host.co.il]
AS8551

Code: [Select]

hxxp://iimba.org.il/banner.jpgmd5sum ===> aed36630a906e309e70f79035dee03ff
SHA256 ===>  c98ce2b1bfe23962a7d3bbe003915c1dbb78d8f5b1789b1a2f7dcc9f9073eca0

[jackberri]

IP Location: Germany - Neue Medien Muennich - NMM-AS
IP 85.13.139.218
[dd17936.kasserver.com]
AS34788
Registrant/Registrant Email: Werner Kaltofen/info@all-inkl.com

Code: [Select]

hxxp://seelenbuecher.de/images/zoom1.gifmd5sum ===> 88dee198feffec974c110f39246b518d
SHA256 ===>  2bccb889d37a4032860f3dfc6fd210d6763510efab603ad96217c0e925da29d5
http://www.virustotal.com/es/analisis/2bccb889d37a4032860f3dfc6fd210d6763510efab603ad96217c0e925da29d5-1279127046
VT 21/42 (50%)
related (already listed):

Code: [Select]

hxxp://linkbuilding.nl/boom.jpg

[jackberri]

IP Location: Russian Federation - Encore Ltd. Route Object - ALFATELECOM
IP 91.216.215.70
AS51274
Registrant/Registrant Email: Private Person/vatchin@mail.ru

Code: [Select]

hxxp://google-stats.ru/373cfg/923googlestats2main.jpgmd5sum ===> 0a6ff3bcb5c55efc480b915bb93cd2c5
SHA256 ===>  30774d561f1f44013b11fb9f6d8acddf3a1f3a0c8974da9ca07948691e72486e

Code: [Select]

hxxp://google-stats.ru/exestat/google.exemd5sum ===> 9c2b9c06dd9e55499830d3bb7adaf59f
SHA256 ===>  db96186317c64bd98d9449c791264cc6d78bd853506bd1804235702b0fb39569
http://www.virustotal.com/es/analisis/db96186317c64bd98d9449c791264cc6d78bd853506bd1804235702b0fb39569-1279188369
VT 7/41 (17.08%)

Code: [Select]

hxxp://google-stats.ru/stats/count.php
IP Location: Italy - TRIVENET - TRIVENET S.p.A. TELECOMUNICAZIONI ITALY
AS12481
Registrant/Registrant Email: Trivenet S.p.A./abuse@trivenet.it

Code: [Select]

hxxp://212.103.194.188/GEOMARKETING/geomarketing_dmd5sum ===> abb53d136433f4245301661d9a2c69b1
SHA256 ===>  138b83454a2f49a342a507cc1fb5369d81a50a6e78717d7d04b78cbd7cc21ef7
dropzone:
IP Location: Russian Federation - VLine Telecom Block Moscow - VLTELECOM-AS
IP 109.196.143.71
AS39150
Registrant/Registrant Email: Egor Slesarev/admin@yellow-cargo.com

Code: [Select]

hxxp://yellow-cargo.com/httpdocs/help.php

[jackberri]

IP Location: China  - Tietong Telecommunications Corporation
IP 122.70.149.197
[ip149.hichina.com]
AS38356
Registrant/Registrant Email: Polina Kuznetsova/flab@bigmailbox.ru

Code: [Select]

hxxp://salx.cc/rni.cpmmd5sum ===> a3125df476ef9beee7bf5ea85210999f
SHA256 ===>  aec2d119bb7ba335e60d1c3968b70613a77b2ce08179b7b1462405e3c890f2a8
dropzone (already listed: new IP)
IP Location: China  - Broadband Ip Network Based Dwdm
IP 61.28.22.201
AS17490
Registrant/Registrant Email: Oksana Sajapina/daft@qx8.ru

Code: [Select]

hxxp://annintus.com/yahooman.php
IP Location: Moldova  - STARNET-AS
IP 195.206.246.220
AS31252
Registrant/Registrant Email: Uljana Malya/admin@cawwe.com

Code: [Select]

hxxp://cawwe.com/picture/gif.gifmd5sum ===> 75cdc5f3890506d576b78d261098479f
SHA256 ===>  30beef78977dfec6392e641ab8c460e7cf7b879df98ac715d57d71469e890635

Code: [Select]

hxxp://cawwe.com/picture/gaterrz.php
IP Location: Moldova  - STARNET-AS
IP 195.206.246.225
AS31252
Registrant/Registrant Email: Viktor Fedorov/admin@ushship.com
Registrant/Registrant Email: Artur Har/admin@eurelectrics.com

Code: [Select]

hxxp://ushship.com/xed/config.binmd5sum ===> 97f412b648b24d7948c010729532c15f
SHA256 ===>  a482e08e23f3f9c5ae758fff2bcc1e0aa8bd1cb764d659420a4a82d3f2e3458f

Code: [Select]

hxxp://eurelectrics.com/xed/config.binmd5sum ===> 80a13cd05da31fd54dbd1a1386d6c2ac
SHA256 ===>  f0dad1d5b98fa38037716a7d598324259a193d5393403f3e699a610c80ff158b

Code: [Select]

hxxp://ushship.com/xed/yourbot.exemd5sum ===> 3921a7ecf7e01c001107ffda5ea243e9
SHA256 ===>  f9b71f91548edf256fae03cf00a45a089badb881d11aa472ab95c01636bcc701
http://www.virustotal.com/es/analisis/f9b71f91548edf256fae03cf00a45a089badb881d11aa472ab95c01636bcc701-1279191059
VT 17/42 (40.48%)

Code: [Select]

hxxp://eurelectrics.com/xed/yourbot.exemd5sum ===> ef07ada306f7bcb3b686e264611d07a0
SHA256 ===>  f82ebf92a13584c552498951868e3f0c5a0e253492c78f3c5de43a6a4eeeb340
http://www.virustotal.com/es/analisis/f82ebf92a13584c552498951868e3f0c5a0e253492c78f3c5de43a6a4eeeb340-1279191740
VT 35/42 (83.34%)

Code: [Select]

hxxp://ushship.com/xed/gate.php

Code: [Select]

hxxp://eurelectrics.com/xed/gate.php
IP Location: Russian Federation  - KALUGA-NET - KALUGANET AI Ltd.
IP 193.104.34.63
AS50108
Registrant/Registrant Email: Private Person/admin@alarmingzone.ru
Registrant/Registrant Email: Alex Kron/admin@werh.biz

Code: [Select]

hxxp://nnam.ru/backup.tgzmd5sum ===> 367a5f85c7d04f0c9e76e38b181f619f
SHA256 ===>  a7b9a5eb8f78a23af7ff1b3132c19550793af643a42c8c44faba2a8779c4e78f
dropzone:

Code: [Select]

hxxp://werh.biz/sdkljhdfdlgklk3434.php

[jackberri]

IP Location:  United Kingdom - NETCONNEX Broadband Ltd. - London, UK
IP 91.207.220.74
[www.hidden.org]
AS21396
Registrant: Lasker Collections Limited

Code: [Select]

hxxp://b2bdebtcollection.co.uk/images/sisadmin_doktor_2.jpgmd5sum ===> 1f2e88634a4c34ed6df4c5c9c6dc2bcc
SHA256 ===>  604918a309965f5ce7571aca4a3d792e5c9859e6ead2e35b5e5cdf252750fe8d
http://www.virustotal.com/es/analisis/604918a309965f5ce7571aca4a3d792e5c9859e6ead2e35b5e5cdf252750fe8d-1279216497
VT 21/42 (50%)

IP Location:  United States - PNAP-CHG layeredtech routes - FASTSERVERS , Inc
IP 74.200.236.203
[ws20.pronameserver.com]
AS16805
Registrant: lara murray

Code: [Select]

hxxp://magmaessex.co.uk/media/images/sisadmin_doktor_2.jpgmd5sum ===> 634fb10caece0457f919108b3e4f145a
SHA256 ===>  f2a62179ba8475c20807ea2fff0d82ec11194fe0ebec465fe2818b3646f90b36
http://www.virustotal.com/es/analisis/f2a62179ba8475c20807ea2fff0d82ec11194fe0ebec465fe2818b3646f90b36-1279218442
VT 18/42 (42.86%)

IP Location:  Netherlands - LEASEWEB - LeaseWeb AS
IP 85.17.7.36
[chandler.binadit.com]
AS16265

Code: [Select]

hxxp://extraware.nl/images/sisadmin_doktor_2.jpgmd5sum ===> 949ab8485dfa78e757e9ad869e3add4b
SHA256 ===>  4998d72af7ca77bf08c88ebea12898333364f909881af64e4c250f1ffb66d77a
http://www.virustotal.com/es/analisis/4998d72af7ca77bf08c88ebea12898333364f909881af64e4c250f1ffb66d77a-1279219515
VT 19/42 (45.24%)
related (already listed):

Code: [Select]

hxxp://www.ketengahholding.com.my/baner.gif
IP Location:  United States - PAH-INC Go Daddy Software, Inc
IP 68.178.254.145
[p3slh033.shr.phx3.secureserver.net]
AS26496
Registrant/Registrant Email: Tom Poole/tom@poole.com

Code: [Select]

hxxp://aquafino.com/images/sisadmin_doktor_2.jpgmd5sum ===> 1f2e88634a4c34ed6df4c5c9c6dc2bcc
SHA256 ===>  604918a309965f5ce7571aca4a3d792e5c9859e6ead2e35b5e5cdf252750fe8d
http://www.virustotal.com/es/analisis/604918a309965f5ce7571aca4a3d792e5c9859e6ead2e35b5e5cdf252750fe8d-1279216497
VT 21/42 (50%)


IP Location:  Germany - SCHLUND-PA-2 - 1&1 Internet Ag
IP 212.227.192.137
[kundenserver.de]
AS8560
Registrant/Registrant Email: Boukhalfa Dilmi/boukhalfadilmi@yahoo.fr

Code: [Select]

hxxp://montemeubles-location.com/sisadmin_doktor_2.jpgmd5sum ===> 273977febaa098a95d9f2316014e908
SHA256 ===>  01c4c354e360175ab4af6240329fd69c9fbcc282843b50953fdab1aa8b8cd379
http://www.virustotal.com/es/analisis/01c4c354e360175ab4af6240329fd69c9fbcc282843b50953fdab1aa8b8cd379-1279215292
VT 21/42 (50%)
related (already listed)

Code: [Select]

hxxp://phuket-apartmentrentals.com/baner.gif
IP Location:  Russian Federation - Keyweb AG IP Network - KEYWEB-AS
IP 95.169.190.224
[ns.km35228.keymachine.de]
AS31103
Registrant/Registrant Email: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://cruelstar.net/sol777.exemd5sum ===> 72363e01b650a68a99cce54e41f3f82d
SHA256 ===>  5e982e4ce92ff3b384c9980fe9eb34b98d4ec7e1fac7f7a6363302a1a2640ef1
http://www.virustotal.com/es/analisis/5e982e4ce92ff3b384c9980fe9eb34b98d4ec7e1fac7f7a6363302a1a2640ef1-1279217444
VT 26/42 (61.91%)

Code: [Select]

hxxp://atx7.biz/pic55/gtx71.php
IP Location:  South Africa - MTNNS-AS MTN Network Solutions
IP 41.204.200.87
[dedi87.cpt2.host-h.net]
AS16637

Code: [Select]

hxxp://houseofafricaguesthouse.co.za/images/sisadmin_doktor_2.jpgmd5sum ===> 6d83c3e3bdcd4121af9ebc838182cf93
SHA256 ===>  029dca2325d996bb3b2582b3fd3a8d8f603cf05bdb4d5509404e08dfa6d2628b
http://www.virustotal.com/es/analisis/029dca2325d996bb3b2582b3fd3a8d8f603cf05bdb4d5509404e08dfa6d2628b-1279220211
VT 21/42 (50%)
related:

Code: [Select]

http://blog.natebennettfleming.com/main.php?i=I8yqiNsarvKjghP/U8pOyJEf&e=3related (already listed):

Code: [Select]

hxxp://www.ketengahholding.com.my/baner.gif

[jackberri]

IP Location: United Kingdom - NETCONNEX Broadband Ltd. London, UK
IP 91.207.220.74
[www.hidden.org]
AS21396
Registrant: Lasker Collections Limited

Code: [Select]

hxxp://b2bdebtrecovery.co.uk/images/sisadmin_doktor_2.jpgmd5sum ===> 617bd2e16a84cc2527faab01a4e026cc
SHA256 ===>  63b22e99f47f61ab6b88a093beb6895e3389797681ee3e585ccdb242b9233d3f
http://www.virustotal.com/es/analisis/63b22e99f47f61ab6b88a093beb6895e3389797681ee3e585ccdb242b9233d3f-1279227000
VT 22/42 (52.39%)
related (already listed):

Code: [Select]

hxxp://phuket-apartmentrentals.com/baner.gif
IP Location: Denmark - Tele Danmark - TDC Data Networks TDC A/S
IP 193.89.99.224
AS3292

Code: [Select]

hxxp://cardo.dk/baner.jpgmd5sum ===> 7b9cf8d10c1081ce482239e00ec82066
SHA256 ===>  5522865b6640101c167e612763901761619c24458dd5ce6e591d86ca8cbcf736
http://www.virustotal.com/es/analisis/5522865b6640101c167e612763901761619c24458dd5ce6e591d86ca8cbcf736-1279232989
VT 9/40 (22.5%)
config file:
IP Location: Denmark - One.com - NGDC NetGroup A/S
IP 193.202.110.148
[srv148.one.com]
AS16245

Code: [Select]

hxxp://pifa.se/banner.gifmd5sum ===> c59fd3e6e6d59c9f491501b53ad554e2
SHA256 ===>  7efbf581aa9dca2b5c393390f511579f74db2d78be3d68763994feb29e942342
related:

Code: [Select]

hxxp://ns2.natebennettfleming.com/main.php?h=www.pifa.se&i=J86ui9Eao/iigBj7U8VOw5MXog==&e=4

[jackberri]

IP Location: United States - PNAP-LAX newdream-8 - DREAMHOST-AS
IP 69.163.223.137
[apache2-pat.vilnius.dreamhost.com]
AS26347
Registrant/Registrant Email: Private Registrant/kodebazaar.com@proxy.dreamhost.com

Code: [Select]

hxxp://kodebazaar.com/ban00.jpgmd5sum ===> 57a27b7083fb4501177f79d45b49445d
SHA256 ===>  5b7d27223351d61a80f9fb7d6797a7c8426a8eaecfe983e2ddbd7ebde4d2abac
http://www.virustotal.com/es/analisis/5b7d27223351d61a80f9fb7d6797a7c8426a8eaecfe983e2ddbd7ebde4d2abac-1279265396
VT 9/42 (21.43%)
related:

Code: [Select]

hxxp://visvrienden.nl/wp-includes/images/banner.gifrelated (already listed: new IP)
IP Location: France - ProXad network / Free SAS - PROXAD Free SAS
IP: 88.191.30.24
[sd-2435.dedibox.fr]
AS12322

Code: [Select]

http://www.listwowgame.com/webstate/webstat.php
IP Location: United States  - PAH-INC Go Daddy Software, Inc.
IP 72.167.131.106
[p3slh173.shr.phx3.secureserver.net]
AS26496

Code: [Select]

hxxp://unbreakabletattoo.com/baner.jpgmd5sum ===> b8ab4b229332cd553aba60817a9fbf2e
SHA256 ===>  7e4058c9b6018bc9b5d30f397a0f74a5a48f5dd99208e78719711f87a0b96f1e
http://www.virustotal.com/es/analisis/7e4058c9b6018bc9b5d30f397a0f74a5a48f5dd99208e78719711f87a0b96f1e-1279270828
VT 13/42 (30.96%)
config file:
IP Location: United States  - CORPCOLO Corporate Colocation, Inc
IP 74.124.210.84
[biz51.inmotionhosting.com]
AS17139

Code: [Select]

hxxp://vendicious.com/images/powered.gifmd5sum ===> 7ef39c6836463b0fc7590aaa35dec800
SHA256 ===>  379aa3b91db628416da49a5b830d5cad0587244d2e33cd28a2bb05f32b958584
related (already listed):

Code: [Select]

http://www.listwowgame.com/webstate/webstat.php
IP Location: Denmark - Tele Danmark - TDC Data Networks TDC A/S
IP 193.89.99.224
AS3292

Code: [Select]

hxxp://jeffs-koreskole.dk/ban00.jpgmd5sum ===> 0a97bca6404a95282a1196ca29106c3a
SHA256 ===>  fc505fdfb1d9bd6600d1b467a3796b3c6e81c7d184b9c0c2ca518273411854e1
http://www.virustotal.com/es/analisis/fc505fdfb1d9bd6600d1b467a3796b3c6e81c7d184b9c0c2ca518273411854e1-1279261163
VT 11/41 (26.83%)
config file:
IP Location: Netherlands  - PCextreme B.V. - Routed by AS25525 - REASONNET-AS
IP 109.72.85.37
[nl02.pcextreme.nl]
AS25525

Code: [Select]

hxxp://visvrienden.nl/wp-includes/images/banner.gifmd5sum ===> f08254f4c1537eb15facdcd35c7b0cb0
SHA256 ===>  4e47fb88d2056224be6690b01301e8e678fe6f808af626e0cf1d79628d0d32f6

IP Location: Bosnia and Herzegovina  - GlobalNET Bosnia - BA-GLOBALNET-AS
IP 77.78.240.115
AS42560
Registrant/Registrant Email: Private Registrant/skit@5mx.ru

Code: [Select]

hxxp://zephehooqu.ru/bin/teemaeko.binmd5sum ===> 504d61333e63401acaf19005319a8b39
SHA256 ===>  d57146f74c857d2f569186797d9bc7d0d71298367412694be330874d2ef2f89c

Code: [Select]

hxxp://zephehooqu.ru/bin/teemaeko.exemd5sum ===> 9758f04d2f1bd664f37c4285a013372a
SHA256 ===>  cfa160f6f4d763daf400c03d1b994bccca2d26c8c4c8ea5717113d935fe59382
http://www.virustotal.com/es/analisis/cfa160f6f4d763daf400c03d1b994bccca2d26c8c4c8ea5717113d935fe59382-1279266466
VT 27/42 (64.29%)