New Zeus server

[jackberri]

IP Location:  United States - GODADDY
IP 173.201.177.36
[ip-173-201-177-36.ip.secureserver.net]
AS26496
Name Server: NS03.DOMAINCONTROL.COM | NS04.DOMAINCONTROL.COM
Registrant/Email Registrant: Greg Bush/gpbush@yahoo.com

Code: [Select]

http://goodeating.info/x/sf.bin          md5sum ===> 8c019a8cbc9c9701d87ef372d9977c69         
http://goodeating.info/x/sadkdfk.php
IP Location:  Romania - RADIOTEL-ISP-AS
IP 94.63.144.84
AS48020
Name Server: ns1.highnetlifenet.com | ns2.highnetlifenet.com
Registrant/Email Registrant: Sebastijan Stancar/pearl@mail13.com

Code: [Select]

http://highnetlifenet.com/update/mb          md5sum ===> 3652f3ddf5b48fcfa480f5d1a83b7b28       
http://highnetlifenet.com/update/check.php
IP Location:  United States - GNAXNET-AS
IP 205.251.134.253
[server19.namecheaphosting.com]
AS16626
Name Server: DNS1.NAMECHEAPHOSTING.COM | DNS1.NAMECHEAPHOSTING.COM
Registrant/Email Registrant: WhoisGuard Protected/4b27a56b8e7346e29079521f0d59139c.protect@whoisguard.com

Code: [Select]

http://www.frozyn.info/vaux/config.bin          md5sum ===> 8bb066662797d0db8c93c2a7cc5cd2cb         
http://www.frozyn.info/vaux/gate.php
IP Location:  Romania - iTelecom Pixel View SRL
IP 95.64.9.8
[customer-8.xwebhosting.ro]
AS50244
Name Server: ns1.blackbuckseri.com | ns2.blackbuckseri.com
Registrant/Email Registrant: Robin Poutiainen/seamy@mail13.com

Code: [Select]

http://blackbuckseri.com/dez/dez.lo          md5sum ===> 591a25ae0856e186db65203f24ba8be9
http://blackbuckseri.com/dez/dez.exe          md5sum ===> 1d23605cff86ca91a4fe267a16285cc6           
http://www.virustotal.com/file-scan/report.html?id=d8d8967d4f07feb79baf6b81bb0b52191047e27b40174a949b1179a9532a42c6-1306322346
VT 9/43 (20.9%)

IP Location:  United States - DIMENOC-HOSTDIME
IP 72.29.79.226
[server.jukasa.com]
AS33182
Name Server: NS1.JUKASA.COM | NS2.JUKASA.COM
Registrant/Email Registrant: Lidia Galimany/lidiagalimany@yahoo.com

Code: [Select]

http://catugol.com/includes/1/config.bin          md5sum ===> acebcd0100ea78ae9f9b2f8ae51410ff
http://catugol.com/includes/1/bot.exe          md5sum ===> 008f992f60ae7464e066bbd03e2b7517           
http://catugol.com/includes/1/gate.phphttp://www.virustotal.com/file-scan/report.html?id=c8bb1fca50eb1109c164821419ee6025a5fa08127b9c0d928ee2092265695ff8-1306322785
VT 19/43 (44.2%)

[jackberri]

IP Location: United States - WEBAIR Internet Development INC
IP 209.200.9.228
[springs.webair.com]
AS27257
Name Server: dns1.spiritdomains.com | dns2.spiritdomains.com | dns3.spiritdomains.com | dns4.spiritdomains.com
Name Server: ns4.currencytradechat.com | ns3.currencytradechat.com
Registrant/Email Registrant: Amy Linehan/bemofematagi@yahoo.com
Registrant/Email Registrant: Protected Domain Services - Customer ID: NCR-3029946/currencytradechat.com@protecteddomainservices.com

Code: [Select]

http://209.200.9.228/news/?s=27846                         md5sum ===> 5b4368ed9c7b13e07e81e9199ac5c87a
http://oekpxrusrpicmrzi.net/news/?s=27846                  md5sum ===> 5b4368ed9c7b13e07e81e9199ac5c87a
http://www.currencytradechat.com/news/?s=27846             md5sum ===> 5b4368ed9c7b13e07e81e9199ac5c87a
http://209.200.9.228/news/?s=6225                          md5sum ===> 9f69d1e2a77d22cdc9daf49a0df251b6
http://oekpxrusrpicmrzi.net/news/?s=6225                   md5sum ===> 9f69d1e2a77d22cdc9daf49a0df251b6
http://www.currencytradechat.com/news/?s=6225              md5sum ===> 9f69d1e2a77d22cdc9daf49a0df251b6

[jackberri]

IP Location:  Ukraine - TLAS ITL Company
IP 46.28.64.99
AS15626
Name Server: ns5.itl.ua | ns6.itl.ua
Registrant/Email Registrant: Sergey Hindric/sergeyh@tubehub.net

Code: [Select]

http://quantummechanic.cc/z/config.bin          md5sum ===> 30d42ab40a599237ba11d65aa4f064e2
http://quantummechanic.cc/z/bot.exe             md5sum ===> 42e4729b86e4b1a5bad0def619812473           
http://quantummechanic.cc/z/gate.phphttp://www.virustotal.com/file-scan/report.html?id=b9477adf0853186897df74d2aa98801bc9a8816c6047de66c316f8e32c2a336a-1306401725
VT 37/43 (86.0%)

IP Location:  Ukraine - Datagroup PRIVATE JOINT STOCK COMPANY "DATAGROUP"
IP 93.183.203.41
AS21219
Name Server: NS1.NS-SERVICES.NET | NS2.NS-SERVICES.NET | NS4.NS-SERVICES.NET | NS3.NS-SERVICES.NET
Registrant/Email Registrant: Evgeniy Simonov/simonich@inbox.ru

Code: [Select]

http://kaliberdapod.net/s21/jop.jpg          md5sum ===> e7ccc7870e6cd138096990facc4fd038
IP Location:  India - HTIL-TTML-IN-AP
IP 123.252.193.141
AS17762
Name Server: free01.editdns.net | free02.editdns.net
Registrant/Email Registrant: Heine Koenders/jenny@fxmail.net

Code: [Select]

http://98DFGR994883798df.com/9f8g/9d7g.bin          md5sum ===> 423966a53e89f5555cc752f2158dbef4
IP Location:  Russian Federation - RTCOMM-AS
IP 81.177.139.165
AS8342
Name Server: ns1.jino.ru | ns2.jino.ru

Code: [Select]

http://beefcake.jino.ru/b34ake.bin          md5sum ===> 570a20aa5fcc14918a6f44569675497e       
http://beefcake.jino.ru/grsa12.php

[jackberri]

IP Location:  United States - GODADDY
IP 208.109.119.216
[ip-208-109-119-216.ip.secureserver.net]
AS26496
Name Server: NS1.RAID1HOSTING.NET | NS2.RAID1HOSTING.NET
Registrant/Email Registrant: MODELOS & MODELOS/domcliente@mediamarketing.com.co

Code: [Select]

http://www.modelosymodelos.com/clases/cafe.bin          md5sum ===> deb531b96ecdc5a915ad6d90c7ff4211
http://www.modelosymodelos.com/clases/cafe.exe          md5sum ===> 5530e8ac87b8f7d8d5620061dd93d6bb http://www.virustotal.com/file-scan/report.html?id=0fa49cb9388aad680eb80ba68065e3548c60a784fce729b17086d332eef93f1a-1306595738
VT 12/42 (28.6%)


IP Location:  Spain - OVH ISP Paris
IP 87.98.231.19
[cluster010.ovh.net]
AS16276
Name Server: dns18.ovh.net | ns18.ovh.net
Registrant/Email Registrant: MODELOS & MODELOS/domcliente@mediamarketing.com.co

Code: [Select]

http://cc4real.es/systtem/cfg.bin          md5sum ===> 835b0dfb6df5050a073c0ca68b21113e
http://cc4real.es/systtem/bot.exe          md5sum ===> ce23a6c3f56a2eb7653e3d4b835fc2d8           
http://cc4real.es/systtem/gate.phphttp://www.virustotal.com/file-scan/report.html?id=7751d207ae64119acd420017a93d41c769ef4cda4f12de54366ad18baacdbd31-1306584393
VT 37/43 (86.0%)

IP Location:  United States - SINGLEHOP
IP 184.154.231.8
[ns1.siteground227.com]
AS32475
Name Server: NS1.SITEGROUND227.COM | NS2.SITEGROUND227.COM
Registrant/Email Registrant: Siu Leung Tsang/gururio@yahoo.com

Code: [Select]

http://ognir.info/magento/.../.../config.bin      md5sum ===> 6a16d52b52813128ceea061a16cd47bb
http://ognir.info/magento/MORPH_A9D3129CFC96.EXE          md5sum ===> 4eea678739a2b6d63a68dff8268ba2da
http://ognir.info/magento/svchost.exe          md5sum ===> fc256436722f0abff39dd107d264292c           
http://ognir.info/magento/.../.../gate.phphttp://www.virustotal.com/file-scan/report.html?id=156fe1b64481fb5cb38afe1e10b911a484f9f3c1fa1c756509abe82e003e1315-1306583153
VT 28/42 (66.7%)
http://www.virustotal.com/file-scan/report.html?id=7624d4919fcf9134e12f17d1e9e0ddb56db1a166a549cbeb6a1702ca25050e64-1306583087
VT 23/42 (54.8%)

[jackberri]

IP Location:  Russian Federation - WEBALTA-AS
IP 92.241.168.185
[bambabam.w2c.ru]
AS41947
Name Server: ns1.2x4hosting.ru | ns2.2x4hosting.ru

Code: [Select]

http://shr0mnet.w2c.ru/zb/files/config.bin          md5sum ===> e2064891ce2b3f924717567dc252d89c
http://shr0mnet.w2c.ru/zb/files/bot.exe          md5sum ===> a476b6457ff38e4729fb58d21725ab95           
http://shr0mnet.w2c.ru/zb/panel/gate.phphttp://www.virustotal.com/file-scan/report.html?id=dad02049a027754c80b0dd82323a8205f330b7cced07020c3a3ea130bc18b0a2-1306745032
VT 31/43 (72.1%)

IP Location:  Malaysia - TMIDC-AP
IP 119.110.103.221
AS17464
Name Server: ns3.01isp.com | ns4.01isp.com
Registrant/Email Registrant: James K. Deady/easymeedysoft@gmail.com

Code: [Select]

http://symantecantispywareupdate.com/lol/up.bin          md5sum ===> 1cc9cfc4429f7cbf55febe0367374436
http://symantecantispywareupdate.com/lol/gate.php
IP Location:  Ukraine - Datagroup PRIVATE JOINT STOCK COMPANY "DATAGROUP"
IP 93.183.203.41
AS21219
Name Server: NS1.NS-SERVICES.NET | NS2.NS-SERVICES.NET | NS3.NS-SERVICES.NET | NS4.NS-SERVICES.NET
Registrant/Email Registrant: Evgeniy Simonov/simonich@inbox.ru

Code: [Select]

http://bestfihteerdr.com/s22/pip.jpg          md5sum ===> b809ccda2ec9bbe8bf904871a5e10929
IP Location:  United States - QUADRANET
IP 173.254.208.185
[173.254.208.185.static.quadranet.com]
AS29761
Name Server: ns3.01isp.com | ns4.01isp.com

Code: [Select]

http://spy.lilsnoop.com/backup.bin          md5sum ===> dcd89be280876bbe68c7b0b318619f9e
http://spy.lilsnoop.com/gate.php
IP Location:  Ukraine - Infium Ltd
[ip-188-190-96-53.hosted-in.infiumhost.com]
AS197145

Code: [Select]

http://188.190.96.53/36362252          md5sum ===> 96cce2fd43ac49420710ce05321bf374
http://188.190.96.53/processer.php

[jackberri]

IP Location:  United States - NOBIS Primary aut-num for Nobis Technology Group, L..C
IP 74.117.238.2
[74.117.238.2.rdns.continuumdatacenters.com]
AS15003
Name Server: ns1.httphouse.com | ns2.httphouse.com

Code: [Select]

http://rev.dhllogistiks.com/config.bin          md5sum ===> a1890fd01e4be34ffcbd6cf8e8f99a3f
http://rev.dhllogistiks.com/bot.exe          md5sum ===> 000a10bb968d37acaf37adf02c283c69           
http://rev.dhllogistiks.com/gate.phphttp://www.virustotal.com/file-scan/report.html?id=565e2c57d63d5fa0ea0d21abe16ed0fceef3dddd29e1ad16f0ddfe67c3721d33-1306855012
VT 32/42 (76.2%)

IP Location:  United States - Network Operations Center Inc 
IP 92.241.168.185
[184-82-233-195.hostnoc.net]
AS21788
Name Server: ns1.2x4hosting.ru | ns2.2x4hosting.ru

Code: [Select]

http://184.82.233.195/loginz00z/config.bin          md5sum ===> 5452cd3e657a5a54febbc6095499de82
http://184.82.233.195/loginz00z/lAv.exe          md5sum ===> f3148607545cb31dfb3442e03433076c           
http://184.82.233.195/loginz00z/gate.phphttp://www.virustotal.com/file-scan/report.html?id=9e126ed0031eccf489fafcff77eb1b68fbc113350d4be48fd7ac011414a9df21-1306854625
VT 27/42 (64.3%)

IP Location:  Germany - LEASEWEB-DE
IP 212.95.44.98
[212-95-44-98.local]
AS28753
Name Server: NS9.SCOPEHOSTS.COM | NS10.SCOPEHOSTS.COM
Registrant/Email Registrant: Amy Linehan/contact@privacyprotect.org

Code: [Select]

http://nataratin.org/directory/cfg.bin          md5sum ===> e6897175b0ba446b18b42033aae89e56
http://nataratin.org/directory/bt.exe          md5sum ===> 950600906c76ab7e23a32801de9a876a           
http://nataratin.org/directory/gate.phphttp://www.virustotal.com/file-scan/report.html?id=318e4f85ca3a1c74edb360336e6628435cf751bd6320bb4b6787a470a2dd3897-1306854758
VT 32/42 (76.2%)

IP Location:  Romania - RO-3X-AS
IP 89.40.156.12
AS48931
Name Server: ns1.hi2.ro | ns2.hi2.ro
Registrant/Email Registrant: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

http://piratfm.com/mmo/banner/config.bin          md5sum ===> 761bce94440b89eef592011cd2a98352
http://piratfm.com/mmo/banner/bot.exe          md5sum ===> 581d652a139b2906901c6aac091b4374           
http://piratfm.com/mmo/banner/gate.phphttp://www.virustotal.com/file-scan/report.html?id=21d803f368fb6463f3a05135481b87b3ae3dadce0713e01d23265df037fd7913-1306854883
VT 32/42 (76.2%)

IP Location:  Kazakhstan - KAZTELECOM-AS
IP 95.57.120.124
[ip124.gohost.kz]
AS9198
Name Server: ns3.cnmsn.com | ns4.cnmsn.com
Registrant/Email Registrant: Bingo-Bongo/admin@bigdomainforwarding.net

Code: [Select]

http://bigdomainforwarding.net/photos/zb1/cc/cg.bin          md5sum ===> 5836e0aaf80d023f6659d4a29b2936f8         
http://bigdomainforwarding.net/photos/zb1/gate.php

[jackberri]

IP Location:  Romania - iTelecom Pixel View SRL
IP 95.64.9.8
[customer-8.xwebhosting.ro]
AS50244
Name Server: ns1.stonetrailyou.com  | ns2.stonetrailyou.com
Registrant/Email Registrant: Malena Bosgraaf/finale@cutemail.org

Code: [Select]

http://stonetrailyou.com/itt/rom.en          md5sum ===> 1756d9605b4dac02126ce1b2b67ef711
http://stonetrailyou.com/itt/ita.exe         md5sum ===> e1f51209e5b5d0031ed3efb8e62ee7eehttp://www.virustotal.com/file-scan/report.html?id=58c7a9401b9862e0800b8d19bc6c46c7b0792d7a51868ff9f44fcf585fdd3036-1306871450
VT 27/43 (62.8%)

[jackberri]

IP Location:  United States - Sunnyvale Yahoo! Inc
IP 67.195.145.141
IP 67.195.145.142
[p8p-a.geo.vip.sp1.yahoo.com]
AS36752
Name Server: yns1.yahoo.com  | yns2.yahoo.com
Registrant/Email Registrant: Carolyn Sinclair/contact@myprivateregistration.com

Code: [Select]

http://topsecurityplace.com/avg32.bin         md5sum ===> aa6883a4873606e792daf3db50869886
http://topsecurityplace.com//update32.php

[SysAdMini]

Hi Jack,

welcome back !

[jackberri]

Hi Jack,

welcome back !

Thx

...a little + bionic

[jackberri]

IP Location:  Romania - AS44088 DORINEX-AS
IP 95.64.45.52
[cpan-hosting52.dorinehosting.ro]
AS44088
Name Server: NS1.BURGERSWITCHE.COM  | NS2.BURGERSWITCHE.COM
Registrant/Email Registrant: Jisse Bokhorst (ID00464955)/pluto@mailae.com

Code: [Select]

http://burgerswitche.com/dez/dez.lo           md5sum ===> cbe82d564501a01a0d47b689772a1d94
http://burgerswitche.com/dez/dez.exe          md5sum ===> d9f79262152ae95267c469a69ff9ed62http://www.virustotal.com/file-scan/report.html?id=cd78e2a1e6bc84ae8cbaaef22ea8a74b912e6a58e042ae53fb46d29b047c7950-1313171295
VT 30/43 (69.8%)

IP Location:  Germany - HETZNER-AS Hetzner Online AG RZ
IP 188.40.133.216
[www1.subdomain.com]
AS24940
Name Server: yns1.yahoo.com  | yns2.yahoo.com
Registrant/Email Registrant: Carolyn Sinclair/contact@myprivateregistration.com

Code: [Select]

http://serva4ok.server2.eu/l0v3/cfg_z3u5.bin         md5sum ===> a2f6835141975f0b74a2d8b5a63e60b9
http://serva4ok.server2.eu/l0v3/g4t3_z3u5.php

[jackberri]

IP Location:  United States - SERVERCENTRAL Server Central Network
IP 205.234.236.202
[unknown.kayotex.net]
AS23352
Name Server: NS2.DOCKERLAND.COM  | NS1.DOCKERLAND.COM
Registrant/Email Registrant: Private, Registration/dockerland.com@domainsbyproxy.com

Code: [Select]

http://server.dockerland.com/.../cfg1.bin         md5sum ===> 20fe86fa47a75bcb4191bdbf2ab89019related:
IP Location:  France - AMEN DEDICATED
IP 62.193.236.135
[wpc1996.amenworld.com]
AS48185
Name Server: ns1.amen.fr [62.193.206.141]  |    ns2.amen.fr [62.193.201.13]
Registrant/Email Registrant: Person/info@id-pop.com

Code: [Select]

http://idpop.fr/components/com_articles/z/gate.php
IP Location:  Romania - GULF DTH FZ LLC
IP 94.63.150.159
AS51140
Name Server: NS33.DOMAINCONTROL.COM  | NS34.DOMAINCONTROL.COM
Registrant/Email Registrant: Jerry Taylor/mt4lifea@gmail.com

Code: [Select]

http://hdyskevoieaf.com/state.bin         md5sum ===> efbf0831ed46d7a8d031eea69f101fe6

[jackberri]

IP Location:  Romania - Netserv Consult Srl
IP 95.64.45.53
[pan-hosting53.dorinehosting.ro]
AS44088
Name Server: ns1.tinytorrentof.com  | ns2.tinytorrentof.com
Registrant/Email Registrant: Leena Mandemaker/ends@mailti.com

Code: [Select]

http://tinytorrentof.com/six/fer.tr         md5sum ===> 97c11efe16791816721659b9a3ddd0ec

[jackberri]

IP Location:  Italy - ARUBA-ASN
IP 62.149.128.72
[mxd2.aruba.it]
AS31034
Name Server: dns.technorail.com  | dns2.technorail.com
Registrant/Email Registrant: POCI'S SNC/edoardo_civiero@hotmail.it

Code: [Select]

http://pocis.it/img/sport/sport099.jpg         md5sum ===> f59eaba47f9241889bb691e52986ec70
IP Location:  Panama - NEWWORLDNETWORK
IP 195.242.161.166
AS23520
Name Server: NS1.NS-SERVICES.NET  | NS2.NS-SERVICES.NET| NS4.NS-SERVICES.NET| NS3.NS-SERVICES.NET
Registrant/Email Registrant: Evgeniy Simonov/simonich@inbox.ru

Code: [Select]

http://200.63.44.172/~esppkpro/downloads/wrap.bin         md5sum ===> 4d9fb6e0f4c426f14f714d39f707a7db
http://200.63.44.172/~esppkpro/downloads/patch.exe         md5sum ===> 62ae2f81ed16dddadc90244c82090f92
http://200.63.44.172/~esppkpro/projects/store/order.phphttp://www.virustotal.com/file-scan/report.html?id=99d4a98fc94a53b6fe247aaa54228b617f37ef4ebeb62c678ca066bd33c80f36-1313777431
VT 27/44 (61.4%)

IP Location:  Ukraine - FORTUNE-AS
IP 195.242.161.166
AS47434
Name Server: NS1.NS-SERVICES.NET  | NS2.NS-SERVICES.NET| NS4.NS-SERVICES.NET| NS3.NS-SERVICES.NET
Registrant/Email Registrant: Evgeniy Simonov/simonich@inbox.ru

Code: [Select]

http://dovedovbdkf.com/tw/pip.jpg         md5sum ===> 2e1a742a13b6ce6792d05a8e2016ec35
IP Location:  Romania - ARNET-AS
IP 95.64.51.10
AS49130
Name Server: ns1.freedns.ws  | ns2.freedns.ws
Registrant/Email Registrant: Private Person/admin@dshopsystem.ru
IP Location:  United States - LUNARPAGES proxy aut-num for Lunarpages by MZIMA
IP 74.50.31.239
[pele.lunarmania.com]
AS15244
Name Server: NS5.lunarmania.com  | NS6.lunarmania.com
Registrant/Email Registrant: Whois Privacy Protection Service/hysmftbwc@whoisprivacyprotect.com
IP Location:  Romania - ARNET-AS
IP 95.64.51.11
AS49130
Name Server: ns1.freedns.ws  | ns2.freedns.ws
Registrant/Email Registrant: Tom Rifisk/tom.rifisk@mail.com

Code: [Select]

http://dshopsystem.ru/dbs/logo.php         md5sum ===> 3a85efba3641fe486a90a5dbacceea02
http://cmgofeaston.com/images/dbs.exe         md5sum ===> 8af75c5e8938ff8a4ca0c44eb76f11fa
http://cmgofeaston.com/images/ImgUpload055.zip md5sum ===> cb4b153d7a82c654aa0bae33c18fc245
http://opcehcblbaismrrzib.net/img10/flash.phphttp://www.virustotal.com/file-scan/report.html?id=a048b9894994fa1c1d21eacb15b5c4b33b368a3dd31d49c7fdd66923c1b8eb60-1313775618
VT 22/44 (50.0%)
http://www.virustotal.com/file-scan/report.html?id=8a210d2d1666d7003b15931382a39b7e8b49da548c9e781159e96a2c48186a6d-1313775472
VT 38/44 (86.4%)

[jackberri]

IP Location:  Germany - STRATO AG
IP 81.169.145.148
[w94.rzone.de]
AS6724
Name Server: docks06.rzone.de  | shades08.rzone.de
Registrant/Email Registrant: Zonemaster STRATO AG Webhosting/zonemaster@strato.de

Code: [Select]

http://zum-pfaennchen.de/img/menuItemTopHover10.jpg         md5sum ===> b7a37467a2c371a2cbdd3ab52caf9e5c
IP Location:  Germany - HOSTEUROPE-AS
IP 83.169.1.160
[piggy.westmuensterhaendler.de]
AS20773
Name Server: ns1.hans.hosteurope.de  | ns2.hans.hosteurope.de

Code: [Select]

http://kljb-ammeln.de/img/icons/ed_blank8.gif         md5sum ===> cd5ac7cf14cc5cd8c300225eaefec825
related (already listed):

Code: [Select]

http://thmc.de/images/interover_07.gif         md5sum ===> c1bf7feb3416eb2a8d079e2dc8f0557d