New Zeus server

[jackberri]

IP Location: Ukraine - NET-VPNME Route Object - VPNME-AS Igor Vladimirovich Kanaev
IP 195.226.220.50
AS51354
ns1.everydns.net
ns2.everydns.net
ns3.everydns.net
ns4.everydns.net
Registrant/Email Registrant: Mark C TH/mcthomas34@first-host.net

Code: [Select]

hxxp://dtdtdtdouble6677.com/2xx/c2/cfg_doubtes2.binmd5sum ===> a8bc63e5c52ca104f7e9349f97cf4f14

Code: [Select]

hxxp://dtdtdtdouble6677.com/2xx/e.php

[jackberri]

IP Location: Ukraine - Antarktida-PLUS
IP 91.220.62.35
AS51699
ns2.reg.ru
ns1.reg.ru
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://polirtikolost.com/000x118.somd5sum ===> cf0cbefaaf8a8eecc871d64b5a102be8

Code: [Select]

hxxp://polirtikolost.com/i.php
IP Location: Ukraine - ITMUA-AS TOB
IP 194.1.220.80
AS50738
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Private Person/admin@nvffr.ru

Code: [Select]

hxxp://jjjayy.ru/a.binmd5sum ===> 01a1828c78e8dc01f1b9e044c269a248

Code: [Select]

hxxp://jjjayy.ru/d.php

[jackberri]

IP Location: United States - iWeb Route Object -  IWEB-AS
IP 67.205.111.22
AS32613

Code: [Select]

hxxp://all4corp.com/xed/config.bin
hxxp://all4corp.com/xed/recover.binmd5sum ===> c94531f29253dced04791837c4df42ff

Code: [Select]

hxxp://all4corp.com/xed/yourbot.exemd5sum ===> 63ed9ce45590427b17ed293246fa7935
http://www.virustotal.com/file-scan/report.html?id=a78ae65f4b529109b44b9e51acbe3cb4c51e9a51073ccfa24f8c935f95520f64-1292341955
VT 23/43 (53.5%)

Code: [Select]

hxxp://all4corp.com/xed/gate.php

[jackberri]

IP Location: Ukraine - ITMUA-AS TOB
IP 194.1.220.35
AS50738
ns1.no-more-sleep.com
ns2.no-more-sleep.com
Registrant/Email Registrant: Sigurny Parker/admin@no-more-sleep.com

Code: [Select]

hxxp://no-more-sleep.com/z2/config.binmd5sum ===> 0444d129b431101d953bd8a5a7d470fb

Code: [Select]

hxxp://no-more-sleep.com/z2/bot.exemd5sum ===> 0a1addfe1423891b80afba1df567dd99
http://www.virustotal.com/file-scan/report.html?id=50bf72a171dd401a4415fec17c0c5017c1b0686a87899b6b5910656c82a4faf7-1292434204
VT 4/43 (9.3%)

Code: [Select]

hxxp://no-more-sleep.com/z2/gate.php
IP Location: Ukraine - L-NET Route Object - LYAHOV-AS Lyahovich Maksim
IP 91.217.249.140
AS51554
free01.editdns.net
free02.editdns.net
Registrant/Email Registrant: Pavel Pugachev/ya_whois@yandex.ru

Code: [Select]

hxxp://shitorfuck.com/gorozo/y.bmd5sum ===> 0c154c4c5567b1561950fff3eb617236

Code: [Select]

hxxp://shitorfuck.com/gorozo/olololo.php
IP Location: Ukraine -ITMUA-AS TOB
IP 194.1.220.142
AS20564
NS1.DOMAINSERVICE.COM         208.73.210.41
NS2.DOMAINSERVICE.COM         208.73.211.42
NS3.DOMAINSERVICE.COM
NS4.DOMAINSERVICE.COM
Registrant/Email Registrant: Mark Carter/oxumafehidygady@yahoo.com

Code: [Select]

hxxp://ngmsoggkrrriljrv.com/news/?s=161356md5sum ===> 041ba8cae1a8176f1fd88c5e6bcf1b6d

Code: [Select]

hxxp://ngmsoggkrrriljrv.com/news/?s=6225md5sum ===> a43202b4492e4fa036e7dcdb3c35548e
http://www.virustotal.com/file-scan/report.html?id=7eb9a3c17c6fc4ce5c08c5bfa48b8621d9128a5a1152a11d8012bd414ff77949-1292429585
VT 18/43 (41.9%)

IP Location:  China  - CHINA-TELECOM
IP  122.227.108.26
AS4134
ns1.holdglass.com
ns2.holdglass.com
Registrant/Email Registrant: Igor Nikenin/i-nikitin.2000@gmail.com

Code: [Select]

hxxp://flowershopco.com/panel3/ppnl3.exe
hxxp://wzcqwrmchtl4flrhdfngr4jnl.net/panel3/ppnl3.exemd5sum ===> 57571888ad9d1dc4774863fdb10b58c8
http://www.virustotal.com/file-scan/report.html?id=f2d1c4895e41beb2d3411a43c8a6986ea2d0d9432dcdd5576f54a056b01ee58e-1292430380
VT 24/43 (55.8%)

Code: [Select]

hxxp://flowershopco.com/panel3/gotobank.php
hxxp://wzcqwrmchtl4flrhdfngr4jnl.net/panel3/gotobank.php
IP Location: Ukraine - Antarktida-PLUS
IP 91.220.62.35
AS50738
ns2.reg.ru
ns1.reg.ru
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://illusiohstar.com/000x119.somd5sum ===> 2a9496a4edee4cc8f6c23055fd18d3a5

Code: [Select]

hxxp://illusiohstar.com/i.php
IP Location: Ukraine - Antarktida-PLUS
IP 91.220.62.35
AS50738
ns2.reg.ru
ns1.reg.ru
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://interodialset.com/000x120.somd5sum ===> 240e74250254543e4b7d38f0b9016021

Code: [Select]

hxxp://interodialset.com/i.php

[jackberri]

IP Location: Ukraine - L-NET Route Object -  LYAHOV-AS Lyahovich Maksim
IP 91.217.249.167
AS51554
ns1.derttttt.ru
ns2.derttttt.ru
Registrant/Email Registrant: Private Person/dns@derttttt.ru

Code: [Select]

hxxp://ocmande222.ru/data/data.jpg
IP Location: China - CHINANET-SCIDC-AS
IP 221.236.15.4
AS38283
ns1.python-blog.net
ns2.python-blog.net
Registrant/Email Registrant: Sandra Alonso/sandraalonso90@yahoo.com

Code: [Select]

hxxp://ary-neigeborn.com/stars.o1md5sum ===> 8243894e36586d8c22dce87d88f61f7f

Code: [Select]

hxxp://ary-neigeborn.com/stars.php

[jackberri]

IP Location: Ukraine -Antarktida-PLUS
IP  91.220.62.35
AS51699
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Evgeniy Jaakson/eejaak@aol.com

Code: [Select]

hxxp://jakudzahamato.com/000x121.somd5sum ===> 27b51d4b76f08d3fed8901f9665c8812

Code: [Select]

hxxp://jakudzahamato.com/i.php
IP Location: China -CHINANET-JS-AS-AP
IP  61.147.67.237
AS23650
ns.xost.com.ua
ns2.xost.com.ua
Registrant/Email Registrant: anatoliy Petrenko/sasaluschik@mail.ru

Code: [Select]

hxxp://gmailservices.com/fvto/conf.blrmd5sum ===> a427d79e18ae061344fdd25cc463a180

Code: [Select]

hxxp://gmailservices.com/drots/notrbl.php
IP Location: United States
IP 96.31.64.227
[server18.imaginadw.com]
AS29802
ns2.imaginadw.com
ns1.imaginadw.com
Registrant/Email Registrant: Carlos Devia/carlosdevia@imaginacolombia.com

Code: [Select]

hxxp://tecnimercedes.com/images/logo.jpgmd5sum ===> 130c7fc7958fa250b1ef3967c9a96ce9

[jackberri]

IP Location: Ukraine - GORBY-AS Alexandr Gorbunov
IP  195.226.197.36
AS51303
ns1.freedns.ws
ns2.freedns.ws
Registrant/Email Registrant: Cachetta Harris/admin@for-advanced-cfg4.com

Code: [Select]

hxxp://for-advanced-cfg4.com/monte-karlo/usdase.dbmd5sum ===> 74664662ca26e803d3201708b9fe5c67

Code: [Select]

hxxp://for-advanced-cfg4.com/abudabi/uk.dbmd5sum ===> 3a8dd01ce9312f4aeb156461c6b9e4d5

Code: [Select]

hxxp://for-advanced-cfg4.com/abudabi/uk.exemd5sum ===> d791ed9bd83cf47b94067f79551dbb8c
http://www.virustotal.com/file-scan/report.html?id=c854f743769e79d886107c9b5e02e306a51a065006c233374c819716f76f658e-1292521874
VT 3/43 (7.0%)

Code: [Select]

hxxp://for-advanced-cfg4.com/monte-karlo/us.exemd5sum ===> 232aed6f0c4d11cff07720ffea73e2c6
http://www.virustotal.com/file-scan/report.html?id=f53db9435c2081ac51c003fa57c513425b1ddc03a3bd04aec5e55e5da47e26c6-1292521911
VT 1/43 (2.3%)

Code: [Select]

hxxp://195.226.197.24/~hosting/woops/ttf.php
IP Location: United States -tyBit add -AITNET Advanced Internet Technologies
IP 216.117.129.32
[nameservices.net]
AS10843
ns0.aitcom.net
ns1.aitcom.net
Registrant/Email Registrant: Bob Roberts/bginkc@gmail.com

Code: [Select]

hxxp://knuckleheadskc.commd5sum ===> d6acd9e1894ef64178330c3697901996

Code: [Select]

hxxp://www.iberianlawyer.com/components/com_jobline/jobline.list.php

[jackberri]

Code: [Select]

hxxp://knuckleheadskc.commd5sum ===> d6acd9e1894ef64178330c3697901996

Code: [Select]

hxxp://www.iberianlawyer.com/components/com_jobline/jobline.list.php

Code: [Select]

hxxp://knuckleheadskc.com/image04.jpgmd5sum ===> d6acd9e1894ef64178330c3697901996

Code: [Select]

hxxp://www.iberianlawyer.com/components/com_jobline/jobline.list.php

[jackberri]

IP Location: Ukraine -VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.44
AS29106
ns1.reg.ru
ns2.reg.ru
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://werlijokityp.com/000x124.somd5sum ===> edac1f41cdf70befe6b1fe5526072b8a

Code: [Select]

hxxp://werlijokityp.com/i.php

Code: [Select]

hxxp://91.213.174.6/ups/crypt_ALL.exe
hxxp://91.213.174.10/ups/crypt_ALL.exe
hxxp://91.213.174.44/ups/crypt_ALL.exemd5sum ===> 31c51d3b6c637ff66bfb84c5c1bcdbad
http://www.virustotal.com/file-scan/report.html?id=fceed6adaee5900c05af0f716262e7414427331d00483f324aa4c3c4c3849d32-1292528961
VT 2/42 (7.0%)

Code: [Select]

hxxp://91.213.174.6/ups/Output.exe
hxxp://91.213.174.10/ups/Output.exe
hxxp://91.213.174.44/ups/Output.exemd5sum ===> df29b9866397fd311a5259c5d4bc00dd
http://www.virustotal.com/file-scan/report.html?id=09e67b5fba19cd441f8df70b30e54afa925e6597d1db64b3465b2433d1a9e4e5-1292529219
VT 3/43 (2.3%)

[jackberri]

IP Location: Russian Federation - VLine Telecom Block - VLTELECOM-AS
IP  109.196.142.37
AS39150
ns1.sharedfvm.com
ns2.sharedfvm.com
Email Registrant: Sean T Ryan/sryan@infin8web.com

Code: [Select]

hxxp://firefoxantiscam.com/grep/pluginsmd5sum ===> cff5b8c95f65d515d4453676486db120

Code: [Select]

hxxp://91.207.182.50/z2/config.binmd5sum ===> d0fb59cace1daeca0e5aaff192655d54

Code: [Select]

hxxp://91.207.182.50/z2/bot.exemd5sum ===> db29c546d6ee598805c7d5f9f6500344
http://www.virustotal.com/file-scan/report.html?id=97435989c5be0e37fc235f6c23daeeef06ae60ec1ab563f67e810dc68149eed1-1292572186
VT 20/43 (46.5%)

Code: [Select]

hxxp://91.207.182.50/z2/gate.php

[jackberri]

IP Location: United States- SAVVIS Communications
IP  64.14.68.87
[server286.com]
AS3561
ns1.server286.com
ns2.server286.com
Email Registrant: RICHARD MARTEL/(INSPECTOR-RICH@USA.NET, IMNOT12@AOL.COM)

Code: [Select]

hxxp://ohiolabradoodles.com/Labradoodles/birthi7.jpgmd5sum ===> 88e6ee95ed3c2abacabd0bb5a63093ed5

Code: [Select]

hxxp://massski.com/includes/CDDB.php
IP Location: Ukraine -VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.44
AS29106
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Aaltonen Alexander/aolalexalt@yahoo.com

Code: [Select]

hxxp://lib32listends.com/000x125.somd5sum ===> cd6150e073aaee5917622b204f465401

Code: [Select]

hxxp://lib32listends.com/i.php
IP Location: Ukraine -VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.44
AS29106
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Aaltonen Alexander/aolalexalt@yahoo.com

Code: [Select]

hxxp://enkwertiout.com/000x126.somd5sum ===> b1a363eb8046d98b622a188365c309c0

Code: [Select]

hxxp://enkwertiout.com/i.php

[jackberri]

IP Location: Romania - Sc Grand Confort Srl
IP  188.229.90.159
AS49469
ns3.cnmsn.com
ns4.cnmsn.com
Registrant/Email Registrant: Whois Privacy Protection Service/hconvcromu@whoisservices.cn

Code: [Select]

hxxp://rainjournalhere.com/test/config.binmd5sum ===> ce4215bd5a1a78fd3b817fc533b29e20

Code: [Select]

hxxp://rainjournalhere.com/test/bot.exemd5sum ===> 9042122db925ed4e254e46dd7bfe92e5
http://www.virustotal.com/file-scan/report.html?id=810523a3967411a13c2eb491d947d09a87a5fc2be0c2a7f4e672c275e11a497d-1292698571
VT 20/43 (46.5%)

Code: [Select]

hxxp://rainjournalhere.com/test/gate.php

[jackberri]

IP Location: Russian Federation - VLine Telecom - VLTELECOM-AS
IP  109.196.142.39
AS39150
dns1.webdrive.ru
dns2.webdrive.ru
Registrant/Email Registrant: Viktoriya Stimtseva/nahi83@mail.ru

Code: [Select]

hxxp://sbooking.ws/f_ewghkwegr/heku779/btn3/f2re65.binmd5sum ===> bf941954749923fd7f25018263cd063b

IP Location: Russian Federation - Antarktida-PLUS
IP  91.220.62.35
AS51699
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Evgeniy Jaakson/eejaak@aol.com

Code: [Select]

hxxp://dkfbjkbgbfowerg.com/000x130.somd5sum ===> a4da11fb5880a6a7819fe8e2c7cd2be7

Code: [Select]

hxxp://dkfbjkbgbfowerg.com/i.php
IP Location: Ukraine - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP  91.213.174.221
AS29106
ns1.nameself.com
ns2.nameself.com
Registrant/Email Registrant: Kovaleva Nadejda/nadejda_kovaleva@yahoo.com

Code: [Select]

hxxp://jscompressing.com/img/logo.jpgmd5sum ===> af3bbfa1f928209e528d894080f77088

[jackberri]

IP Location: Russian Federation - Route for Yuzhno-Sakhalinsk Internet Exchange -ASN-YS-IX Yuzhno-Sakhalinsk
IP  194.88.11.143
AS31506
ns3.cnmsn.com
ns4.cnmsn.com
Registrant/Email Registrant: Vladimir Bevza/admin@dpxp.net

Code: [Select]

hxxp://fsdm.net/sx881/gta77.binmd5sum ===> 470bcd4e01632c31955eea956962f498

IP Location: Russian Federation - VLTELECOM-AS
IP  109.196.142.35
AS39150
ns1.infonoteoda.com
ns2.infonoteoda.com
Registrant/Email Registrant: Vladimir Bevza/admin@dpxp.net

Code: [Select]

hxxp://infonoteoda.com/auu/auv.mumd5sum ===> 48ca4991247482b2ee794daa7b6da245

IP Location: Ukraine - INFORMEX-MNT
IP  193.178.172.88
AS20564
ns3.cnmsn.com
ns4.cnmsn.com
Created: 2010-12-14
Registration Service Provided By: Bizcn.com
Registrant/Email Registrant: Hilary Kneber/hilarykneber@yahoo.com

Code: [Select]

hxxp://hosting-place.cc/1/cgi.binmd5sum ===> 255c1a5187b4710d7a83eb68b3f37285

Code: [Select]

hxxp://dfi-university.com/images/gif/3/_tmp/003/tmp/gate7489.php

[jackberri]

IP Location: Russian Federation -Route for Yuzhno-Sakhalinsk Internet Exchange - ASN-YS-IX
AS31506
dns.rebel.com
dns2.rebel.com
Registrant ID: RBL1901486
Registrant/Email Registrant: Michael Krejci/ovylypetutyz@yahoo.com

Code: [Select]

hxxp://expqlojkxytqp.biz/news/?s=76514
hxxp://ytlupjhtokqhhqwf.com/news/?s=76514
hxxp://oryxyioosnrmfvvq.com/news/?s=76514
hxxp://194.88.11.48/news/?s=76514md5sum ===> 8697d747d2c2c194dadf19c1c2242ce3

Code: [Select]

hxxp://expqlojkxytqp.biz/news/?s=81321
hxxp://ytlupjhtokqhhqwf.com/news/?s=81321
hxxp://oryxyioosnrmfvvq.com/news/?s=81321
hxxp://194.88.11.48/news/?s=81321md5sum ===> 67b3b1d270a21c841827f0d1d10e2f34

Code: [Select]

hxxp://expqlojkxytqp.biz/news/?s=6225
hxxp://ytlupjhtokqhhqwf.com/news/?s=6225
hxxp://oryxyioosnrmfvvq.com/news/?s=6225
hxxp://194.88.11.48/news/?s=6225md5sum ===> e28ac6318d4417218a1052e2e2b3b4a1
http://www.virustotal.com/file-scan/report.html?id=bd65ba00555822cddc050af39a64509a7bbef00e6fe4b4f19a3ad1a1933aab3a-1293024393
VT 22/42 (52.4%)