New Zeus server

[jackberri]

IP Location: Ukraine -VHost route - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP  91.213.174.44
AS29106
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Evgeniy Jaakson/eejaak@aol.com

Code: [Select]

hxxp://seadistaminefast.com/1111.somd5sum ===> 280687c0c1fa50cc6bf1749a0ebf4e95

Code: [Select]

hxxp://seadistaminefast.com/i.phprelated:

Code: [Select]

hxxp://lll3zast.com/crypt_KillEXE.exemd5sum ===> 76b3414d7e24e0ad9ba49b4270163a0b
http://www.virustotal.com/file-scan/report.html?id=32a33bdb627300386523dad859b95ecafbbfa06ae29ae561433e9e4a6f0d2d50-1291217097
VT 27/42 (64.3%)

IP Location: United States -Ace Data Centers, Inc. - Bluehost Inc.
IP  91.213.174.44
[host150.hostmonster.com]
AS11798
ns1.hostmonster.com
ns2.hostmonster.com
Registrant/Email Registrant: DrummingMad/Dean@DrummingMad.com

Code: [Select]

hxxp://drummingmad.com/images/smilies/joke.gifmd5sum ===> 280687c0c1fa50cc6bf1749a0ebf4e95

Code: [Select]

hxxp://www.dimental.com/coolstar/coolstar.phprelated:

Code: [Select]

hxxp://privateconfigurationforme.com/index/header.exemd5sum ===> 16b9fdb3eb29eef3d703e5126d911f94
http://www.virustotal.com/file-scan/report.html?id=903ddd63715dfd829af48528be6a557829b2bbd44fabd9f463c3955ee9c49ae2-1291225248
VT 1/43 (2.3%)

[jackberri]

IP Location: United States - InternetNamesForBusiness.com - INFB InternetNamesForBusiness.com
IP  209.235.144.9
[hostedc31.carrierzone.com]
AS30447
dns01.gpn.register.com
dns02.gpn.register.com
Registrant/Email Registrant: PERFORMANCE CAR COMPANY/performancecars@btconnect.com

Code: [Select]

hxxp://performancecarcompany.com/stats/setup.exemd5sum ===> b56de435cc07131d6f6f7d9a6794dee1
http://www.virustotal.com/file-scan/report.html?id=93b73298be2d815a6652488dd4595a442f162054e89e73181b978fea42fc4048-1291232535
VT 21/43 (48.8%)

Code: [Select]

hxxp://performancecarcompany.com/stats/x9000.exemd5sum ===> 1343dcb5e4b0bf84e0da8426b23ab613
http://www.virustotal.com/file-scan/report.html?id=575db55b0eabbdb35ae59ea9be714600a87aabeffe62ea6f489414702a1a89ee-1291232878
VT 22/43 (51.2%)

related (already listed):

Code: [Select]

hxxp://ourpole.com/x9000_z/jqgrt.bin
hxxp://ourpole.com/x9000_z/jfde03jda32wlkv.php

[jackberri]

IP Location: Ukraine -ITMUA-AS TOB
IP  194.1.220.48
AS50738
ns3.gkg.net
ns4.gkg.net
Registrant/Email Registrant: roger nunez/etiqawahobisyr@yahoo.com

Code: [Select]

hxxp://tafutxqvzkiqnsp.com/news/?s=9032
hxxp://194.1.220.142/news/?s=3230md5sum ===> f7dc13022ca4c4b174bba373c50d19a7

Code: [Select]

hxxp://tafutxqvzkiqnsp.com/news/?s=6225
hxxp://194.1.220.142/news/?s=6225md5sum ===> b9a2de97e2e8e1aa056fe7f240ec33a2
http://www.virustotal.com/file-scan/report.html?id=dc514ef65567cbf8b327bffa877f2d515253c33500b124c9226ede5cd5917836-1291294247
VT 9/43 (20.9%)

[jackberri]

IP Location: China - CNC Group CHINA - China-Network-Communications (CNC Group)
IP 122.156.219.126
AS4837
ns1.uniqol.net
ns2.uniqol.net
Registrant/Email Registrant: Igor Nikenin/ChapoohNet-domains@gmail.com

Code: [Select]

hxxp://timewhich.net/ppnl3.bin
hxxp://timewhich.net/panel3/ppnl3.bin
hxxp://bd0hjsknhafokysl4yltpkutm.net/ppnl3.bin
hxxp://bd0hjsknhafokysl4yltpkutm.net/panel3/ppnl3.binmd5sum ===> f9026842cac55729d85e1d9703d9b944

Code: [Select]

hxxp://timewhich.net/panel3/ppnl3.exe
hxxp://bd0hjsknhafokysl4yltpkutm.net/ppnl3.exemd5sum ===> 547c0e1a9fd93b52f95ce6b4cb3e30dd
http://www.virustotal.com/file-scan/report.html?id=03a4369f802f8e348f22d2c691cf1044172637ff979844d1e0a20844578ae07c-1291313631
VT 7/43 (16.3%)

Code: [Select]

hxxp://timewhich.net/panel3/gotobank.php
hxxp://bd0hjsknhafokysl4yltpkutm.net/panel3/gotobank.php

[jackberri]

IP Location: Ukraine -INFORMEX-NET - INFORMEX-MNT
AS20564

Code: [Select]

hxxp://193.178.172.53/news/?s=3104md5sum ===> 11324f1361f35f1de6dc16aae5c8ebd3

Code: [Select]

hxxp://193.178.172.53/news/?s=6225md5sum ===> 56ae39b67657f0ea358ee32ec7592d78
http://www.virustotal.com/file-scan/report.html?id=4c9ec0754caf1e224e3d948fd73018d528503adc47ee4341d09ea53731dbdfe7-1291321763
VT 30/43 (69.8%)

[jackberri]

IP Location:  China - Chinanet-zj Quzhou Node Network
IP  122.227.108.26
AS4134
ns1.holdglass.com
ns2.holdglass.com
Registrant/Email Registrant: Vladislav Petrenko/altsrv@gmail.com

Code: [Select]

hxxp://trhxzrdqtgsmru8lulzuzwwax.net/ppnl3.bin
hxxp://trhxzrdqtgsmru8lulzuzwwax.net/panel3/ppnl3.binmd5sum ===> cb6c98dfd1739f02225a7df15202a2d2

Code: [Select]

hxxp://trhxzrdqtgsmru8lulzuzwwax.net/panel3/ppnl3.exemd5sum ===> 8df7643a4c2d3014e8000d59e1674c72
http://www.virustotal.com/file-scan/report.html?id=eefffb421327847a0e2dac88eda2ea272dfacb00cce93641682a8cb72737e8a6-1291658261
VT 16/43 (37.2%)

Code: [Select]

hxxp://trhxzrdqtgsmru8lulzuzwwax.net
IP Location: Ukraine - ITMUA-AS TOB
IP 194.1.220.43
AS50738
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Private Person/admin@ruoff.ru

Code: [Select]

hxxp://newupdate.ru/s0la6rleswoa4ia/p21agO.binmd5sum ===> 6c83d9fc2c2030a0aea4790f1e3cf266

IP Location: Russian Federation - VHost route - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.44
AS29106
ns2.reg.ru
ns1.reg.ru
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://notephgotolib.com/de1.somd5sum ===> 079e2d5bc3c374ff49166c7cfe8046b4

[jackberri]

IP Location: Ukraine - ITMUA-AS TOB
IP 109.196.130.58
AS39150
ns1.niceday242steal.net 109.196.130.58
ns2.niceday242steal.net 109.196.130.58
Registrant/Email Registrant: Victor I Brikatnin/mire@maillife.ru

Code: [Select]

hxxp://niceday242steal.net/nnesx/cf2.binmd5sum ===> e03ca0dcd2db149e3781f6187be09c8c

[jackberri]

IP Location: Ukraine - ITMUA-AS TOB
IP 194.1.220.43
AS50738
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Private Person/admin@ruoff.ru

Code: [Select]

hxxp://sysupdate.ru/XIu2LaboagOUmOU/g8eHlu.binmd5sum ===> b40957b98a0016f82765e2697b2f2085

[jackberri]

IP Location: United States - THEPLANET-AS2
IP 75.125.133.82
[cp102.hostingcare.net]
AS21844
Registrant/Email Registrant: Mr Asif/info@ebusinesssubmit.com

Code: [Select]

hxxp://ebusinesssubmit.com/images/menu_005.gifmd5sum ===> b0f1038a773e5677b70dd0ab711b6223

Code: [Select]

hxxp://doberenz.net/pickpic/images/list.php
IP Location: Russian Federation - Antarktida-PLUS
IP 91.220.62.35
AS51699
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://rewadotkant.com/11x88.somd5sum ===> 3ce31c458606a65c29ca10af5c5c454d

[jackberri]

IP Location: Ukraine - INTERPHONE NET
IP 195.214.238.241
AS24881
Registrant/Email Registrant: Dean E. Taul/DeanETaul@gmail.com

Code: [Select]

hxxp://eimhuwyt.com/best/gwgw222.imgmd5sum ===> 241827e6534c3b06f0e61cc6f9573aed

Code: [Select]

hxxp://eimhuwyt.com/best/qwert.php
IP Location: Ukraine - Antarktida-PLUS
IP 91.220.62.35
AS51699
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://kameltruksc.com/11x10.somd5sum ===> bca5a2cdb68a5913088de5362bcf9615

Code: [Select]

hxxp://kameltruksc.com/i.php

[jackberri]

IP Location: Russian Federation - Delfa network - DELFANET-AS
IP 194.0.245.78
AS42533
Registrant/Email Registrant: john Malsa/admin@answerone.asia

Code: [Select]

hxxp://answerone.asia/zs/config.binmd5sum ===> 4b04444c6e445cb5f1f5668d4cd0ec2c

Code: [Select]

hxxp://answerone.asia/zs/bot.exemd5sum ===> db746488f1138d9a66565f66dda20b63
http://www.virustotal.com/file-scan/report.html?id=16e527b805c47b6bc2e33a77ae3f00126d9909214d8cfbd877530f79d5878ac6-1292067098
VT 39/43 (90.7%)

Code: [Select]

hxxp://answerone.asia/zs/gate.php

[jackberri]

IP Location: Ukraine - GORBY-AS Alexandr Gorbunov
IP 195.226.197.35
AS51303
Registrant/Email Registrant: Cobos V Sanchez/admin@for-advanced-cfg3.com

Code: [Select]

hxxp://for-advanced-cfg3.com/abudabi/uk.dbmd5sum ===> b0c83f11ad8156c539510c01db0f92a2

Code: [Select]

hxxp://for-advanced-cfg3.com/monte-karlo/usdase.dbmd5sum ===> ea7ff87d5b061cd384c10a4de7ecdfb7

Code: [Select]

hxxp://for-advanced-cfg3.com/abudabi/uk.exemd5sum ===> 22a28c8317d49d98d1114e43991fc9a5
http://www.virustotal.com/file-scan/report.html?id=d27365424fbd3e52dc1bfceaf8f54a95c76031eaef911d68d5c7f9f6893494ce-1292095222
VT 1/43 (2.3%)

Code: [Select]

hxxp://for-advanced-cfg3.com/monte-karlo/us.exemd5sum ===> 96bda1cf5b2f45e829ae9a81b8372de3
http://www.virustotal.com/file-scan/report.html?id=120775468daf3b3d3d4cdfb5fff35b1817bbb7e1e592219bdcd7a49d00f7d3f3-1292095204
VT 3/43 (7.0%)
already listed:

Code: [Select]

hxxp://195.226.197.24/~hosting/woops/ttf.php

[jackberri]

Code: [Select]

hxxp://rs719l3.rapidshare.com/files/433742163/fotos.jpgmd5sum ===> d3d80725002f80760e0c8f9c6e7e6906
http://www.virustotal.com/file-scan/report.html?id=531d61d985fd57562bdb6a4c8b62915cab52a191b17f779b5b9a27e0697c32ca-1292160814
VT 26/43 (60.5%)
IP Location: Ukraine - NET-VPNME Route Object -  VPNME-AS Igor Vladimirovich Kanaev
IP 195.226.220.45
AS51354
Registrant/Email Registrant: Private Person/dm.nagib@ymail.com

Code: [Select]

hxxp://maxpowerlatam.ru/max/anime.jpgmd5sum ===> 0bb56775a48c30bd969914d18c6dc1d6

Code: [Select]

hxxp://maxpowerlatam.ru/max/music.phprelated:
IP Location: Germany - Deutsche Telekom AG -  DTAG Deutsche Telekom AG
IP 80.150.6.143
[tld.t-online.de]
AS3320

Code: [Select]

hxxp://modellbau-cleeberg.de/img/jSpread.exemd5sum ===> d80ea394ecc849ff1130266502351a12
http://www.virustotal.com/file-scan/report.html?id=f4f60ee3c6044874c2e5278ef1b42fd8d2fbde691b55aad5716a6c77ac8d44a3-1292159737
VT 32/43 (74.4%)
IP Location: Germany - DE-HEC - HOSTEUROPE-AS
IP 80.237.132.213
[wp206.webpack.hosteurope.de]
AS20773

Code: [Select]

hxxp://hswshop.de/foto.jpg.exemd5sum ===> 588de01d66c30af7dada7314f466345f
http://www.virustotal.com/file-scan/report.html?id=9ebff4a323e10ab780c023ed241974764df5d7236998eb9cc77ed082efe0dae8-1292161542
VT 14/43 (32.6%)

[jackberri]

IP Location: United States - THEPLANET-AS2
IP 67.18.8.98
[datsun.websitewelcome.com]
AS21844
Registrant/Email Registrant: ProfitBiz.net/suprman5225@aol.com

Code: [Select]

hxxp://frilled-dragon.com/comments/selectandthe.exemd5sum ===> 3454164605d20d7a41fef13f3fef87a2
http://www.virustotal.com/file-scan/report.html?id=7ebfe96f1c7250b8e34246f16151516fb0d5d6aa98f5647eb93031f5cacf63ac-1292235837
VT 18/43 (41.9%)
related (already listed):

Code: [Select]

hxxp://fishnetministries.org/templates/list.php
IP Location: Russian Federation - VLine Telecom -VLTELECOM-AS
IP 109.196.142.35
AS39150
Registrant/Email Registrant: Evgeniy Drobovich/handle@bigmailbox.ru

Code: [Select]

hxxp://udodirchots.com/esw/rog.ermd5sum ===> c72a9075f1e81df332eaff48ad1a1a06

IP Location: Ukraine - VHost route- VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.44
AS29106
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://milkdrinktea.com/11x13.somd5sum ===> 6d440b9a470a361c6a360c7dcbecffe6

Code: [Select]

hxxp://milkdrinktea.com/i.php
IP Location: Ukraine - VHost route- VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.44
AS29106
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://kaapuchinram.com/11x12.somd5sum ===> 33e305b56c6c70f528b499dc0bd6b75f

Code: [Select]

hxxp://kaapuchinram.com/i.php

[jackberri]

IP Location: Ukraine - VHost route - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.44
AS29106
Registrant/Email Registrant: Evgeniy Jaakson/eejaak@aol.com

Code: [Select]

hxxp://unagimakimoto.com/11x15.somd5sum ===> b4a8b363caccf0ef7e98ba6ad45043d5

Code: [Select]

hxxp://unagimakimoto.com/i.php