New Zeus server

[jackberri]

IP Location: Russian Federation - INTERA-AS Zhek-Universal Ltd
IP 194.79.250.57
AS48876
Registrant/Registrant Email: Hilary Kneber/hilarykneber@yahoo.com

Code: [Select]

hxxp://pnp2biztracker.com.tw/bin/allis.jsmd5sum ===> 2abcabf03d5ea32098109f099099a55a

Code: [Select]

hxxp://pnp2biztracker.com.tw/zs2biz/vorota.php

[jackberri]

IP Location: Belize - ORG-nA8-RIPE - NETDIRECT AS
IP 188.72.199.43
[188.72.199.43.vps.network.paylicense.net]
AS28753
Registrant: Dan Henry Nicolson

Code: [Select]

hxxp://poolkill.co.uk/browers.binmd5sum ===> b7529dc60e85d8edb533d70e906a1058

Code: [Select]

hxxp://poolkill.co.uk/green/hoip.php

[jackberri]

IP Location: Russian Federation - INTERA NET - INTERA-AS
IP 194.79.250.56
AS48876
Registrant/Registrant Email: Private Person/admin@alarmingzone.ru

Code: [Select]

hxxp://gyahw.ru/2d.binmd5sum ===> 50ff29c3cc497398bbe0db997f676c1f

Code: [Select]

hxxp://gyahw.ru/1.php

[jackberri]

IP Location: Taiwan - KBT Koos Broadband Telecom
IP 61.63.60.123
[61-63-60-host123.kbtelecom.net.tw]
AS18042
Registrant/Registrant Email: Igor Darenko/coed@qx8.ru

Code: [Select]

hxxp://ya-beep.net/x8000_z/utoo.jpgmd5sum ===> dfa258baa41d3c5d9916a150f72f82b0

Code: [Select]

hxxp://ya-beep.net/x8000_z/dfj3i20jdss3fn.php

[jackberri]

Registrant/Registrant Email: Bailey H. Hardee/BaileyHHardee@example.com

Code: [Select]

hxxp://gfguhsdig.com/simpsons/qweqwe.imgmd5sum ===> f200e9c37f51d3b407be627bbb26cf9b

Code: [Select]

hxxp://gfguhsdig.com/simpsons/wert.phprelated:

Code: [Select]

hxxp://perscrt.com/rz/report.php

[jackberri]

IP Location: Moldova - GlobalNET Bosnia - BA-GLOBALNET-AS
IP 77.78.240.36
AS42560
Registrant ID: CR62596107
Registrant/Registrant Email: Rasmus Nielsen/rasmusnielsen@email.com

Code: [Select]

hxxp://thereisnoss.biz/quote/config.binmd5sum ===> 1c4fa4f53402027813568a35c149ba1c

Code: [Select]

hxxp://thereisnoss.biz/quote/bot.exemd5sum ===> d46b2e5e869e1eed4f6d7ca7dee03ecd
http://www.virustotal.com/file-scan/report.html?id=aa9dc6bdb3e8ec7b34b0a901fa43068573505a248059acbea54abec3f818bb8f-1284735390
VT 5/43 (11.6%)

Code: [Select]

hxxp://thereisnoss.biz/quote/gate.php

[jackberri]

IP Location: China - CHINA-TELECOM
IP 218.93.248.112
AS4134
Registrant/Registrant Email: Vladimir Dudnik/pizza@fastermail.ru

Code: [Select]

hxxp://jadesquadg.com/eso/esa.spmd5sum ===> 928dd2063751f25401ed420904f23e87
dropzone:

Code: [Select]

hxxp://gnomsmotor.ru/esp/gujoh.php

[jackberri]

IP Location: United States - Huge Hosting ARIN Allocation - DATA393 - Datacenter INV01
IP 65.38.168.180
[2red.veraserve.com]
AS29863
Registrant/Registrant Email: John Wilt/jcwilt@sbcglobal.net

Code: [Select]

hxxp://pharmprops.com/images/hep1020.gifmd5sum ===> 6db54c0b8c47aca9da8e19e426630994

Code: [Select]

hxxp://keybizz.org/soft/new/ie.exemd5sum ===> 7a34fa585c794a90c7ca79b28bc1bee3
http://www.virustotal.com/file-scan/report.html?id=fd15059d479a863a74af4fb614cd55f07eb7f6ece34ee4603dfcb2650b6cdb1d-1284788361
VT 3/42 (7.1%)

[jackberri]

Registrant: Plane, Pearlie

Code: [Select]

hxxp://mysamsungapps.net/29akscfg/9lsasmysamsungapps.jpgmd5sum ===> d5d5ffd9f0047e6dc3bddf7e6db0aeaa

Code: [Select]

hxxp://mysamsungapps.net/samsung/samsung.php

[jackberri]

Registrant/Registrant Email: Ananoliy Kunirkin/boa@maillife.ru

Code: [Select]

hxxp://seowindow.net/x8000_b/htv.jpgmd5sum ===> 9c4021a51b89ceaeace330469d5a17a9

Code: [Select]

hxxp://seowindow.net/x8000_b/dfj3i20jdss3fn.php

[jackberri]

IP Location: Russian Federation - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.19
AS29106
Registrant/Registrant Email: Anton Petushkov/antonpetushkov@yahoo.com

Code: [Select]

hxxp://inweb11.com/ca1.somd5sum ===> 0387ed3630b9d3aae7e129501c2a0445

Code: [Select]

hxxp://inweb11.com/index.php

[jackberri]

IP Location: Russian Federation - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.19
AS29106
Registrant/Registrant Email: Anton Petushkov/antonpetushkov@yahoo.com

Code: [Select]

hxxp://panavan10.com/paf.somd5sum ===> b2550fec9af91c7ecc8babc8ec6f73b1

Code: [Select]

hxxp://panavan10.com/stats.php

[jackberri]

IP Location: Kazakhstan - ALFAHOSTNET Alfa-Host LLP
IP 193.105.207.104
AS50793
Registrant/Registrant Email: Private Person/dns@inkognittto.ru

Code: [Select]

hxxp://peeeeee.ru/support/oem/support/price.xmlmd5sum ===> e74098c963da611c053b6a9cf62bf1b3

Code: [Select]

hxxp://peeeeee.ru/support/oem/support/oem.exe md5sum ===> d0951209c5f3bf14f6392f2201a3859e
http://www.virustotal.com/file-scan/report.html?id=9bc70549fdc968bf8614434b35f3242469801c086225b25cae89c2da610cf4dc-1285853332
VT 13/43 (30.2%)

Code: [Select]

hxxp://peeeeee.ru/support/oem/support/support.php
IP Location: Kazakhstan - ALFAHOSTNET Alfa-Host LLP
IP 193.105.207.120
AS50793
Registrant/Registrant Email: Private Person/dns@stolimonov.ru

Code: [Select]

hxxp://dvestekkk.ru/404/lock/404.htaccessmd5sum ===> 756730837b91dfa25c77c4046c2c977c

Code: [Select]

hxxp://dvestekkk.ru/404/lock/404.exemd5sum ===> b23d9ad64cbaaaed4b58e8d9dc9f51de
http://www.virustotal.com/file-scan/report.html?id=c40aaf2dbcca1f4afa0de3e6a6e85dab39bec6b7926588dac2fa5d1443746481-1285903433
VT 22/43 (51.2%)

Code: [Select]

hxxp://dvestekkk.ru/404/lock/block.phprelated:

Code: [Select]

hxxp://sworo.ru/localpeer/uttorent-updates/ip.txtmd5sum ===> 756730837b91dfa25c77c4046c2c977c

Code: [Select]

hxxp://sworo.ru/localpeer/uttorent-updates/2.4.exe md5sum ===> c4e28e07ebb3a69fd165977f0331f1c5
http://www.virustotal.com/file-scan/report.html?id=83c1f54f0704b79cf1a6221fa6614a635ba2288bd907c91d2d7f89fceaeae6c0-1285903574
VT 3/42 (7.1%)

Code: [Select]

hxxp://sworo.ru/localpeer/uttorent-updates/utupdates.php

[jackberri]

IP Location: Russian Federation - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.18
AS29106
Registrant/Registrant Email: Anton Petushkov/antonpetushkov@yahoo.com

Code: [Select]

hxxp://pro100to.com/ca12.somd5sum ===> e3e92fe039e7f5d49f2caf23a629e963

Code: [Select]

hxxp://pro100to.com/index.php
IP Location: Russian Federation - Telos-Solutions-AS
IP 91.212.127.43
AS49087
Registrant/Registrant Email: Private Person/ol.feodosoff@yandex.ru

Code: [Select]

hxxp://padreim.ru/wbc/avg/index.php

Code: [Select]

hxxp://193.41.38.121/kazaki.binmd5sum ===> 88d7daaa0713d6ff35ce2f8d9e3b3060

[jackberri]

IP Location: Moldova - STARNET-AS
IP 195.206.246.92
AS31252
Name Server:NS1.DNS-DIY.NET             
Name Server:NS2.DNS-DIY.NET
Registrant ID:OLNI20163400
Registrant/Registrant Email: Mitley Noider/admin@hp3qvb.in

Code: [Select]

hxxp://hp3qvb.in/php/cfg004.binmd5sum ===> cf5f028a3f64945b1fe234c74917d361

Code: [Select]

hxxp://hp3qvb.in/php/IXsNjAfsRc1D.php
related zeusbotnet malware:

IP Location: Germany - HETZNER-RZ-FKS-BLK2
IP 178.63.123.226
[static.226.123.63.178.clients.your-server.de]
AS24940
ns2.vps-server.ru         
ns1.vps-server.ru
Registrant/Registrant Email: Aleksey Kolesnikov/wblake77@gmail.com

Code: [Select]

hxxp://gamersclubonline.net/gbot/s.cgi?q=WVQMBQMGBxZTDQADZDw0MTI2JmM%3Dmd5sum ===> d6d1a02b8da728ca0ac8e2cd4c979e4d
http://www.virustotal.com/file-scan/report.html?id=c7814002171e08d9e4a13288178498a463a8d0d48ebba3de3ad64e926dd3a8ee-1286009006
VT 7/43 (16.3%)

Code: [Select]

hxxp://gamersclubonline.net/gbot/sc.cgi?q=%2BI1O0fpZrz3y1EAcp6IclMGl6Q%3D%3D