New Zeus server

[jackberri]

config file

Code: [Select]

hxxp://pilonoc.cn/web/cfg.bin
binary url

Code: [Select]

hxxp://pilonoc.cn/web/ldr.exe
dropzone

Code: [Select]

hxxp://pilonoc.cn/web/gate.php
Are now online

Thank you, but already on list.

http://www.malwaredomainlist.com/mdl.php?search=pilonoc.cn&colsearch=All&quantity=50

On list:

Code: [Select]

pilonoc.cn/1/ldr.exe
pilonoc.cn/1/gate.php
pilonoc.cn/1/cfg.bin

[SysAdMini]

On list:

Code: [Select]

pilonoc.cn/1/ldr.exe
pilonoc.cn/1/gate.php
pilonoc.cn/1/cfg.bin

Ok, you are right.

[jackberri]

Code: [Select]

hxxp://businesscosult4u.com/
IP: 122.115.63.4
Reverse:

Code: [Select]

netnic.com.cnAS: AS9803

Creation Date: 10-jan-2010

config file

Code: [Select]

hxxp://businesscosult4u.com/1111/cfg2.bin
dropzone

Code: [Select]

hxxp://businesscosult4u.com/1111/gate.php

[jackberri]

Code: [Select]

hxxp://www.mercuryepm.com
IP: 67.199.146.116

Reverse:
AS: AS25973

config file

Code: [Select]

hxxp://www.mercuryepm.com/phpmailer/_reports/config.bin

[jackberri]

Code: [Select]

hxxp://hostanalytics.bissnes.net
IP 64.191.75.69
Reverse s2.localhost
AS AS21788

config file

Code: [Select]

hxxp://hostanalytics.bissnes.net/host-analyzer/9s8239m8s21sextgb8sae8/update.cfg
hxxp://hostanalytics.bissnes.net/host-analyzer/9s8239m8s21sextgb8sae8/update.cfg_1.2.4.2
hxxp://hostanalytics.bissnes.net/host-analyzer/9s8239m8s21sextgb8sae8/update.cfg_1.2.7.7

[jackberri]

New config file for

Code: [Select]

ree.fcrazy.eu

Code: [Select]

hxxp://ree.fcrazy.eu/pnz/info.bin

[jackberri]

New binary for

Code: [Select]

ree.fcrazy.eu

Code: [Select]

http://fcrazy.eu/flh/doit.phpload/zs_update.exe

[jackberri]

Code: [Select]

hxxp://oiuyrw.bizIP: 122.115.63.30
Reverse: netnic.com.cn
AS: AS9803


config file

Code: [Select]

hxxp://oiuyrw.biz/oekdl/n/teko.bin
hxxp://oiuyrw.biz/oekdl/n/teko1.bin
http://www.nsspy.org/archive/everydns.net/2010-01-08/1.html

[jackberri]

Code: [Select]

hxxp://windows-update.cn
IP: 78.109.23.64
Reverse: rx11.ru
AS: AS41665

config file

Code: [Select]

hxxp://windows-update.cn/php2.ini

[jackberri]

Code: [Select]

hxxp://nazionalepugilifootball.comIP:

Code: [Select]

81.31.145.12
Reverse:

Code: [Select]

da28.joomlahost.it
AS: AS47242

config file

Code: [Select]

hxxp://nazionalepugilifootball.com/css/cfg3.bin

[jackberri]

Code: [Select]

hxxp://shop.prociechi.itIP: 62.149.175.39
Reverse:

Code: [Select]

host39-175-149-62.serverdedicati.aruba.itAS31034

config file

Code: [Select]

hxxp://shop.prociechi.it/catalog/images/icons/config.bin

[jackberri]

Code: [Select]

hxxp://morsayniketamere.cn
IP:

Code: [Select]

91.206.201.14
AS47781

Code: [Select]

Administrative Email: hilarykneber@yahoo.com
config file

Code: [Select]

hxxp://morsayniketamere.cn/baners/config.bin

[jackberri]

Code: [Select]

hxxp://realtybestus.com
IP: 213.155.24.229

AS41665

Code: [Select]

registrant-email: krekivoshki@live.com

config file

Code: [Select]

hxxp://realtybestus.com/abc/bin8.xls

[jackberri]

Code: [Select]

hxxp://www.muchomucho.net
IP 75.119.205.176
AS26347

Creation Date: 11-jan-2009

Code: [Select]

Registrant Contact: Shawn Sanford shawn@muchomucho.net
Config file:

Code: [Select]

hxxp://www.muchomucho.net/blog/wp-includes/cp/config.bin

[jackberri]

Code: [Select]

hxxp://kvantvertop.com
IP 115.100.250.75
AS9811

Creation Date: 15-Jan-2010

Code: [Select]

Domain Admin (contact@privacyprotect.org)
Config file:

Code: [Select]

hxxp://kvantvertop.com/us/orders.xls
hxxp://115.100.250.75/us/test/price.xls
Binary file:

Code: [Select]

hxxp://kvantvertop.com/us/directwin.exe
dropzone

Code: [Select]

hxxp://kvantvertop.com/ie.php