New Zeus server

[jackberri]

IP Location:  Denmark - Tele Danmark - TDC Data Networks TDC A/S
IP 193.89.99.224
AS3292

Code: [Select]

hxxp://www.folkebladet.dk/baner.jpgmd5sum ===> 7e7c1400766b89e9f5976310c0645f73
SHA256 ===>  54e3c3b7e39e4ef24af1e131e624e37d1782736c19f82deed41de01694c39865
http://www.virustotal.com/es/analisis/54e3c3b7e39e4ef24af1e131e624e37d1782736c19f82deed41de01694c39865-1279282475
VT 10/42 (23.81%)
related (already listed):

Code: [Select]

hxxp://www.pifa.se/banner.g​if
hxxp://www.listwowgame.com/​webstate/webstat.php
IP Location:  United States - THEPLANET-AS2
IP 174.132.165.222
[de.a5.84ae.static.theplanet.com]
AS21844
Registrant/Registrant Email: Mumtaz Saxena/saxena@timing.net

Code: [Select]

hxxp://ezonemall.com/baner.jpgmd5sum ===> 86ba1cf852558e237eaa73bae9303516
SHA256 ===>  25676e68dd3a3579e850a95421a0609b6f81e5863cbba5defbed4bb0ff32110f
http://www.virustotal.com/es/analisis/25676e68dd3a3579e850a95421a0609b6f81e5863cbba5defbed4bb0ff32110f-1279283850
VT 9/42 (21.43%)
related (already listed):

Code: [Select]

hxxp://vendicious.com/images/powered.gif
hxxp://www.listwowgame.com/​webstate/webstat.php
IP Location:  United States - SERVEPATH ServePath, LLC
IP 74.3.203.91
[74-3-203-91.dsl-phx.179x.org]
AS26228
Registrant/Registrant Email: Norma Harris/NormaPHarris@gmail.com

Code: [Select]

hxxp://lightpalace.net/config.binmd5sum ===> e8c290894341cf9640e7894546688ec4
SHA256 ===>  5f0e55ed2dfc378ee27d4d595abe482ff5aecd9b7e3a60719a386567f903298b

Code: [Select]

hxxp://lightpalace.net/bot.exemd5sum ===> b74d9e64900c7aa3c3d1509893e7eee3
SHA256 ===>  1c08821eaebfaf366b3a55dc784fd614a10b3ed6c3bac18105bf8147b2b6d86d
http://www.virustotal.com/es/analisis/1c08821eaebfaf366b3a55dc784fd614a10b3ed6c3bac18105bf8147b2b6d86d-1279285492
VT 5/42 (11.91%)

Code: [Select]

hxxp://lightpalace.net/gateAK.php

[jackberri]

IP Location:  Moldova - STARNET
IP 195.206.246.250
AS31252
Registrant/Registrant Email: Kim Nasarov/admin@update-java2.com

Code: [Select]

hxxp://update-java2.com/src/update2.setmd5sum ===> 3690cdb0100e2ed72cf754b751b2e555

Code: [Select]

hxxp://update-java2.com/aaaa/11g.php

Code: [Select]

hxxp://update-java2.com/src/time.exemd5sum ===> c30ea1b6ab9cc249644fdb2708f53246
http://www.virustotal.com/es/analisis/51a6fbc12125046303df92f8b71b5147794942eae855efbdbdc51fd5cfd9ae91-1280045482
VT 22/42 (52.39%)

IP Location:  Moldova - STARNET
IP 195.5.161.224
AS31252
Registrant/Registrant Email: Kim Nasarov/admin@update-java2.com

Code: [Select]

hxxp://wxw.ms-update.net/cnf/msn.dllmd5sum ===> eeffcc08ca467882d32d112298590795

Code: [Select]

hxxp://wxw.ms-update.net/cnf/msn.exemd5sum ===> 9a603af868a3416af82ec042b7d51649
http://www.virustotal.com/es/analisis/51a6fbc12125046303df92f8b71b5147794942eae855efbdbdc51fd5cfd9ae91-1280045482
VT 27/42 (64.29%)

Code: [Select]

hxxp://wvvw.my-dns-stat.net/updates/updates.php
IP Location:  Moldova - STARNET
IP 195.5.161.224
AS31252

Code: [Select]

hxxp://wvvw.dns-configs.net/msn/ms_3.dllmd5sum ===> ffa2540b38cb9973dbe6a369592d14fa

Code: [Select]

hxxp://wvvw.dns-configs.net/cnf/msn.exemd5sum ===> 449cf4fd3742923a23755074bfe7fc94
http://www.virustotal.com/es/analisis/8549ee40dc8aebec77772ce517d1b53dbb2a900b120915b48a2d6d795b741026-1280046684
VT 23/42 (54.77%)

Code: [Select]

hxxp://wvvw.my-dns-stat.net/updates/updates.php
IP Location:  United States - Endurance International Group - BIZLAND-ASN
IP 66.96.146.80
AS29873

Code: [Select]

hxxp://9999tech.com/ban00.jpgmd5sum ===> 3be6ff23e6ac14b4144a04fc226922ce
http://www.virustotal.com/es/analisis/6b8340e1ee8339b2dab30f4dc45f8323d4b3a2c5ed68535f36e2d08d294e0a81-1280048128
VT 19/42 (45.24%)
related (already listed):

Code: [Select]

hxxp://vendicious.com/images/powered.gif
hxxp://listwowgame.com/webstate/webstat.php
IP Location: Moldova - STARNET-AS
IP 195.5.161.5
AS31252

Code: [Select]

hxxp://slapfan.in/star/aol.exemd5sum ===> 0731b136ef2db2694ffdde68fc096537
http://www.virustotal.com/es/analisis/a773df9975fb190c1a7095b8ed5e3cba31911765f3d12f3347f16f62ab701459-1280048799
VT 1/42 (2.39%)
related (already listed):

Code: [Select]

hxxp://regflinbullst.net/mas/pro/server.php

[jackberri]

IP Location: Russian Federation - ENCORE-NET
IP 91.216.215.69
AS51274
Registrant/Registrant Email: Private Person/support@transjapan.ru

Code: [Select]

hxxp://transjapan.ru/7s9acfg/s8a3transjapandsd.jpgmd5sum ===> c5c543e1595f7ac4982a289b437d01b6

Code: [Select]

hxxp://transjapan.ru/japanexe/japaness.exemd5sum ===> 544edcd19cdab3795af440d68ba2dc98
http://www.virustotal.com/es/analisis/51a6fbc12125046303df92f8b71b5147794942eae855efbdbdc51fd5cfd9ae91-1280045482
VT 2/42 (4.77%)

Code: [Select]

hxxp://transjapan.ru/transfer/bits.php
IP Location: Russian Federation - Bank Moscowskiy Kapital Ltd.
AS42953

Code: [Select]

hxxp://91.194.0.160/admgustavo.bin md5sum ===> a311ea96bf53ffa36cf00ed94f72a682

Code: [Select]

hxxp://91.194.0.160/winrar_keyadmg.exemd5sum ===> 6bc1effde27f3b6b0f858d6136af180b
http://www.virustotal.com/es/analisis/bf602b74fea560985bacf665e98f4acc43f8fdc16cfc0059c2e90d19cb0d31ec-1280054411
VT 22/42 (52.39%)

IP Location: Russian Federation - Bank Moscowskiy Kapital Ltd. 
AS42953

Code: [Select]

hxxp://91.194.0.109/admopera.binmd5sum ===> f16e5e2a81714459b78bbd352ea23c4f

Code: [Select]

hxxp://91.194.0.109/admmozlilla.exemd5sum ===> 5279d22947c50d63102b008fe3015bd6
http://www.virustotal.com/es/analisis/51340a028e59b6293cf42cc7c37746b0efc5c1f19b54a4c175bbc8a2e6b57e52-1280054934
VT 23/42 (54.77%)

Code: [Select]

hxxp://91.194.0.109/fast_forest.php
IP Location: Russian Federation - Bank Moscowskiy Kapital Ltd. 
AS42953

Code: [Select]

hxxp://91.194.0.107/zmansonz.binmd5sum ===> cdbdeaa0954df28c1aa0f22b0e565f7a

IP Location: United States - HOSTMYSITE
IP  67.59.188.60
AS20021
Registrant/Registrant Email: Parker Film Co/catherine@parkerfilmcompany.com

Code: [Select]

hxxp://untitled-themovie.com/ban00.jpgmd5sum ===> 0a4aae547c9f8ce4197a15da079d4984
http://www.virustotal.com/es/analisis/f71f39b9d91c2afc7b449754ff66a595a6aaea76ccf390a4d15b52423a1af9c2-1280056150
VT 35/42 (83.34%)
related (already listed):

Code: [Select]

hxxp://visvrienden.nl/wp-includes/images/banner.gif
IP Location:  Kazakhstan  - ALFAHOSTNET
IP  193.105.207.103
AS50793
Registrant/Registrant Email: Private Person/gavrilov81@mail.ru

Code: [Select]

hxxp://massive-dynamic.ru/adm/mercedes.gifmd5sum ===> 5fa71005fbc9047c209e8b8b09c32bdc

Code: [Select]

hxxp://massive-dynamic.ru/adm/gate.php
IP Location:  Vietnam - QTSC-AS-VN
IP  202.78.227.112
AS24085
Registrant/Registrant Email: Cindy Williams/CindySWilliams@yahoo.com

Code: [Select]

hxxp://liswegwegwegu.com/gamer/ewggg.imgmd5sum ===> b8aae00f51aeec0d1fb3f92e4d34ee0d

Code: [Select]

hxxp://liswegwegwegu.com/gamer/ewggg2.imgmd5sum ===> e851e81f12676fea67810335a00ffd26

IP Location: China - CHINANET-BJ-METRO BeijingTelecom
IP 121.101.216.198
AS4847
Registrant/Registrant Email: Oleg Lojko/oleg.loyko@yahoo.com

Code: [Select]

hxxp://net.lovealiy.com/nagakeane/config.binmd5sum ===> db35a61776086082dc3820e63ebc5e78

[jackberri]

IP Location: Moldova - STARNET-AS
IP 195.5.161.228
AS31252
Registrant/Registrant Email: Private Person/mail2businessman@gmail.com

Code: [Select]

hxxp://dynamicnetwork.ru/staticdat/ess.cfgmd5sum ===> c404133102a6564945a9d1860c5723af

IP Location: United States - HOSTNOC-5BLK Block1 - BurstNet Technologies, Inc.
IP 64.120.161.73
[64-120-161-73.hostnoc.net]
AS21788
Registrant/Registrant Email: Evgeniya Kostikova/smut@fastermail.ru

Code: [Select]

hxxp://nfruhskhfts.com/bs/lusa.binmd5sum ===> 350dab17dc6550dc84989ba04249d951

Code: [Select]

hxxp://nfruhskhfts.com/bs/lv.php
IP Location: Kazakhstan - AlfaHost LLP. Route Object - ALFAHOSTNET
IP 193.105.207.103
AS50793
Registrant/Registrant Email: Private Person/gavrilov81@mail.ru

Code: [Select]

hxxp://bonokur.ru/eu/cf.binmd5sum ===> 78ef7d88c809db589a44d0c5484a4ca5

Code: [Select]

hxxp://bonokur.ru/eu/bt.exemd5sum ===> bdb4b848bdd563c03f7b703e1911e064
http://www.virustotal.com/es/analisis/43514339a82e73834eb76133af70f05390012ece647dfc07113c10bf3de056f4-1280075076
VT 2/42 (4.77%)

Code: [Select]

hxxp://bonokur.ru/eu/index.php
IP Location: Kazakhstan - AlfaHost LLP. Route Object - ALFAHOSTNET
IP 193.105.207.103
AS50793
Registrant/Registrant Email: Private Person/gavrilov81@mail.ru

Code: [Select]

hxxp://195.78.108.180/eu5.binmd5sum ===> 726e51fab51db96811269dd819ac7e8d

Code: [Select]

hxxp://195.78.108.180/eu5.exemd5sum ===> a498675a2747eadabf7bcdda86a0f26e
http://www.virustotal.com/es/analisis/7c6010278b0269ef876aeeade2efde812bd9ee9bab24b9d8cede61d0e25b7774-1280075940
VT 26/41 (63.42%)

[jackberri]

IP Location: Denmark - Tele Danmark - TDC Data Networks TDC A/S
IP 193.89.99.227
AS3292

Code: [Select]

hxxp://workway.dk/baner.jpgmd5sum ===> f0ca153099fb6ed852107de4122c9df0
http://www.virustotal.com/es/analisis/d490b1db2e3cad23caa4159120cc4889da479d6587fb54053352b1144fc3c5bf-1280145729
VT 18/42 (42.86%)
related (already listed):

Code: [Select]

hxxp://www.pifa.se/banner.gif

[jackberri]

IP Location: Ukraine - W-NET ISP - WNET W-NET
IP 92.60.177.252
[grusha-92-60-177-252.hostinghutor.com]
AS15772
Registrant/Registrant Email: max pet/maxpet1212@gmail.com

Code: [Select]

hxxp://x-cash-x.com/dll.somd5sum ===> 40cca083ff5cbe4aff572b7be2c39121

IP Location: Russian Federation - VLine Telecom Block Moscow - VLTELECOM-AS
IP 109.196.143.97
AS39150
Registrant/Registrant Email: Andrew Seminar/ad.dav@hotmail.com

Code: [Select]

hxxp://robertomilanomoreomglol.info/wild/cfg.binmd5sum ===> f11466b0127c088f45e44d5b61058c22

Code: [Select]

hxxp://robertomilanomoreomglol.info/wild/aol.exemd5sum ===> c3edeac972067bb4bed399c5df099fb0
http://www.virustotal.com/es/analisis/0d3765285eaf66c50229bdb27db00ade08cb81d1a0575aef379e5068a345dc66-1280231726
VT 4/42 (9.53%)

Code: [Select]

hxxp://robertomilanomoreomglol.info/wild/zzs/server.php
IP Location: Latvia - Latvenergo - LATVENERGO-AS Latvian national Energy
IP 85.15.231.77
AS29600
[mail.mm88.lv]

Code: [Select]

hxxp://akapulkoparmitana.ws/8ff1051d8d01253c0ec1532c0493ef45/75c5dfb564d0e90c6712206b886241bf.php

[jackberri]

IP Location: France - OVH ISP Paris - OVH Paris
IP 91.121.93.44
AS16276
[ttb-network.com]

Code: [Select]

hxxp://megusia.net:8080/images/bot.bin
hxxp://natalia.megastacja.net:8080/images/bot.bin
hxxp://ns28314.ovh.net:8080/images/bot.bin
hxxp:///ttb-network.com:8080/images/bot.binmd5sum ===> 262024ea727cda63911a4b5da0da796f

IP Location: Russian Federation - DTZ-MOS-NET DTZ Debenham Zadelhoff LLC
IP 193.109.246.34
AS43074
Registrant/Registrant Email: Private person/admin@bestcasinotop.ru

Code: [Select]

hxxp://boshbf.ru/2c.binmd5sum ===> 99bcbc93ff3318bce480afd48b0f23d3

Code: [Select]

hxxp://boshbf.ru/fua.php
IP Location: Russian Federation - Encore Ltd. Route Object - ENCORE-NET
IP 91.216.215.69
AS51274
Registrant/Registrant Email: Private Person/support@worksofast.ru

Code: [Select]

hxxp://worksofast.ru/s8acfg/022dworksofast.jpgmd5sum ===> 02217c89f1cc5cf199a1e977b0f8fc7e

Code: [Select]

hxxp://worksofast.ru/workexe/sofast.exemd5sum ===> bab6d03332ca515adbea6c595df00165
http://www.virustotal.com/es/analisis/18ec0317b1a2a83abcd8fb551bacce4036dbec63479fdb91d41e689ecbe9ec89-1280258034
VT 3/42 (7.15%)

Code: [Select]

hxxp://worksofast.ru/workadm/contact.php

[jackberri]

IP Location: peer-to-peer networking?
IP ?
ASN ?
Registrant/Registrant Email: Andrey Sokolovsky/vivian@freenetbox.ru

Code: [Select]

hxxp://instamfan.net/chan/cfg.binmd5sum ===> 4513513ab9d68f3cf8baaaf07fecad93

Code: [Select]

hxxp://instamfan.net/chan/aol.exemd5sum ===> 1b5bb2963c5f4d197a483cdd3474bf1c
http://www.virustotal.com/es/analisis/69374f88c6c0826c667c313e92105e2e5924e1969ba1f291e04d491b017e9020-1280272888
VT 0/42 (0%)

[jackberri]

IP Location: Moldova - STARNET-AS
IP 195.206.246.250
AS31252
Registrant/Registrant Email: Hilary Kneber/hilarykneber@yahoo.com

Code: [Select]

hxxp://update-java3.com/src/update2.setmd5sum ===> d17ccbd8db684a887ff7623ff6a29c88

Code: [Select]

hxxp://update-java3.com/src/ie82.chmmd5sum ===> d17ccbd8db684a887ff7623ff6a29c88

Code: [Select]

hxxp://update-java3.com/src/update1.exemd5sum ===> 018418fb056a9563378f1d4f4197c0ec
http://www.virustotal.com/es/analisis/2a70f1b72bbf31824cb75a9bb5972ab93312714a29c2c4478687a21822b2671f-1280297738
VT 11/42 (26.2%)

Code: [Select]

hxxp://update-java3.com/aaaa/11g.php

Code: [Select]

hxxp://update-java3.com/src/time.exemd5sum ===> 93e215db2982407425c311ccd0ab969e
http://www.virustotal.com/es/analisis/39552a5a1826cee9508271a11a015d0fc273ec86afc4eb2885cf1862cdd57b37-1280297892
VT 5/41 (12.20%)

new files:

Code: [Select]

hxxp://zouweengongohgaegeetiebi.com/bin/orahxa.binmd5sum ===> 0f3025edc1f9a57f900f5459c1ecf093

Code: [Select]

hxxp://zouweengongohgaegeetiebi.com/xman/xman.binmd5sum ===> afcf52d7f812c084816008ec0382a7cc

Code: [Select]

hxxp://zouweengongohgaegeetiebi.com/bin/orahxa.exemd5sum ===> d4a9a0f90082268ebe5b0ecb8c0d8844
http://www.virustotal.com/es/analisis/8f7074c17844d70b1da84771256367d3d088f0d039ee7758475d9bba09b461c5-1280296925
VT 4/41 (9.76%)

Code: [Select]

hxxp://zouweengongohgaegeetiebi.com/xman/xman.exemd5sum ===> 4bb5fb9ffe431a576d539ea50f927331
http://www.virustotal.com/es/analisis/ddbe98c4d3af92bd6446850665bf39df47edbf6f0c94666ed399e21e4cfd990b-1280298484
VT 8/42 (19.05%)

Code: [Select]

hxxp://zouweengongohgaegeetiebi.com/cp01/zen.php
hxxp://zouweengongohgaegeetiebi.com/xman/gogo.php

[jackberri]

IP 74.52.14.98
[zeus.facilwebzeus.com]
AS21844
Registrant/Registrant Email: Eduardo Gonzalo Lopez Carmona/drummermx311@hotmail.com

Code: [Select]

hxxp://ideoma.com.ve/images/bg4.jpgmd5sum ===> 014fd2317ec2f005e16ab63d1a683fd5

Code: [Select]

hxxp://ideoma.com.ve/images/img.exemd5sum ===> dd61152d91f8373d2ce2191fa0bd460d
http://www.virustotal.com/es/analisis/2e21b53d48c47bbd2679823aae1f555bc9ffa70aa588495223be388560d4fd7a-1280400257
VT 5/42 (11.91%)
related:

Code: [Select]

hxxp://keybussines.com/soft/default.exemd5sum ===> caf116d1dd8202f8395fe00ce9cae081
http://www.virustotal.com/es/analisis/61178bdea61f1cacdb2f1bee3d0ab75358fd77de6892b9269d33910d125e59d4-1280400874
VT 1/42 (2.39%)

IP 91.216.122.112
AS49544
Registrant Email: support@oliku.ru

Code: [Select]

hxxp://oliku.ru/images/1x1.gifmd5sum ===> 5d4947b067443ac26341096fad748184

IP 193.105.207.120
AS50793
Registrant/Registrant Email: Private Person/gavrilov81@mail.ru

Code: [Select]

hxxp://chudachok9.ru/botosinagoga/7-40.gifmd5sum ===> 2e9d7452513348300eb5a2679e8f7e59

Code: [Select]

hxxp://chudachok9.ru/botosinagoga/rapport.exemd5sum ===> fb072e35eae74de781a7e5a71e1d7932
http://www.virustotal.com/analisis/37bf653d0d99893376d1a6af16333231928a5ced0e169a0f10ff7a278cf39514-1280145239
VT 11/42 (26.2%)

other malware:

Code: [Select]

hxxp://virtstat.com/2.exemd5sum ===> 9209bcea94e4dc160587e64600a1297b
http://www.virustotal.com/es/analisis/607cca3df5f082e846227d8e4d6761ec8bc58b2bc046862892fb2f2bcf8399b7-1280390474
VT 7/42 (16.67%)

[jackberri]

IP Location: United States - Endurance International Group - BIZLAND-ASN
IP 66.96.130.16
[16.130.96.66.static.eigbox.net]
AS29873
Registrant/Registrant Email: Bill Lilly/blilly@californialivingenergy.com

Code: [Select]

hxxp://califliving.com/images/zoom1.gifmd5sum ===> b94fb1a32bb3c1a57dc5a365c97d1750
http://www.virustotal.com/es/analisis/aa914e6495e5c2a09c7631052f69e7434e2e673981def019fe48f0ae555859ff-1280409188
VT 21/42 (50.00%)
related (already listed):

Code: [Select]

hxxp://linkbuilding.nl/boom.jpg
IP Location: Vietnam - QTSC-AS-VN Quang Trung Software City Development Company
IP 202.78.227.112
AS24085
Registrant/Registrant Email: Bernardo Smith/BernardoJSmith@example.com

Code: [Select]

hxxp://fortunametrila.com/~user0101/2065/bt/config.binmd5sum ===> def02041851428bd06d785492038d927

Code: [Select]

hxxp://fortunametrila.com/~user0101/2065/bt/test2065.exemd5sum ===> 80f2ed5c2d025fdf6655105d6956fa54
http://www.virustotal.com/es/analisis/65caccb1435115a741d8c58d5145987256b28c943fa2ea3a331943c228a80312-1280422469
VT 18/42 (42.86%)

Code: [Select]

hxxp://fortunametrila.com/~user0101/2065/gate.php

[jackberri]

IP Location:  Kazakhstan  - AlfaHost LLP. Route Object - ALFAHOSTNET Alfa-Host LLP.
IP 193.105.207.120
AS50793
Registrant/Registrant Email: Private Person/gavrilov81@mail.ru

Code: [Select]

hxxp://ferdinandi.ru/localhost/nat.binmd5sum ===> 504776877383a44e4e31810b700b6daa

Code: [Select]

hxxp://ferdinandi.ru/localhost/nat.exemd5sum ===> a87b87aa302a57c373932a9c830125d0
http://www.virustotal.com/es/analisis/797b09d48f9120928f3da37f5503e054a705a3498ac8f09a83749e1fa82b08c1-1280477368
VT 9/42 (21.43%)

Code: [Select]

hxxp://ferdinandi.ru/localhost/rapport.exemd5sum ===> 32ea4b3c0162bd2044a2c6372f3250e0
http://www.virustotal.com/es/analisis/62a76f8fc576feadf9b0995725875ba8918cdf0a56751111f764b2fd8784a5c5-1280477175
VT 7/41 (17.08%)

IP Location:  China  - CHINA-TELECOM
IP 59.53.91.191
AS4134
Registrant/Registrant Email: Anna Veprinceva/nora@fastermail.ru

Code: [Select]

hxxp://pitorysoue.com/ptz/por.tumd5sum ===> cee4f27b02d32347c6ed6d396df8cfb1
dropzone:
IP Location:  India  - ERNET India - ERX-ERNET-AS Education and Research Network India.
IP 144.16.111.140
[grid.puhep.res.in]
AS2697
Registrant/Registrant Email: Oksana Gerasimova/link@5mx.ru

Code: [Select]

hxxp://whiteagngo.com/prt/jkkoz.php
IP Location: Ukraine -
IP 188.95.159.28
AS196814
Registrant/Registrant Email: Viktor F Samoilenko/sol71@list.ru

Code: [Select]

hxxp://sthgsnhythsghxywtrs.in/admin/setup/data.binmd5sum ===> 36eb1dffa297fa6fb3f9fd8f96f445e5

[jackberri]

IP Location: Ukraine - GlobalRouting-NL-NET - INTERACTIVE3D-AS Interactive3D
AS49544

Code: [Select]

hxxp://195.78.108.181/eu5.binmd5sum ===> 424166117c96e734f1a1cd018b8dfcf7

Code: [Select]

hxxp://195.78.108.181/eu5.exemd5sum ===> 28541237db684b9333604165669e0d14
http://www.virustotal.com/es/analisis/82367080c644ec0a4e1bc9076def5f16458c2febd33cd57908cdb379ff316fa7-1280488108
VT 5/42 (11.91%)

Code: [Select]

hxxp://195.78.108.181/forum/gate.php
IP Location: Moldova - Najada route - INTERACTIVE3D-AS Interactive3D
IP  91.216.122.33
AS49544

Code: [Select]

hxxp://tomorrrrow.cc/beta1/beta1.cfgmd5sum ===> 41b1a1ca8dcb4aa4a8ed37164c8ccc77

IP Location: Ukraine - GlobalRouting-NL-NET - INTERACTIVE3D-AS Interactive3D
IP  193.109.246.220
AS43074

Code: [Select]

hxxp://hqll.ru/picture/gif.gifmd5sum ===> b11a665970fa429a20a62f12718916c9

Code: [Select]

hxxp://hqll.ru/picture/gaterrz.php

[jackberri]

IP Location: Germany - ORG-nA8-RIPE - NETDIRECT AS
IP 212.95.32.248
AS28753
Registrant/Registrant Email: Derrick Grimes/ddgrimes@earthlink.net

Code: [Select]

hxxp://roideada.com/th.docmd5sum ===> 1b6b585d6e04a6c45fb7e38a7e21f526

Code: [Select]

hxxp://roideada.com/hotfoundfile.php
IP Location: Malaysia - Piradius route object - PIRADIUS-AS PIRADIUS NET
IP 111.90.138.152
[111-90-138-152.pegashosting.com]
AS45839
Registrant ID: DI_11655454
Registrant Email: dfgertertdfgdfg@myself.com

Code: [Select]

hxxp://gloubergs.biz/abc/abc.binmd5sum ===> bf322fea56f9d6e25f9b6c7926075eae

Code: [Select]

hxxp://gloubergs.biz/abc/abc.exemd5sum ===> d5dd0609cb8091d66c86d2029eab65f2
http://www.virustotal.com/es/analisis/01d66849d303a66936adff215d3c481e594db4ab4e372d7494c9ecb7e5561e02-1280593502
VT 8/42 (19.05%)

Backdoor Sheldor
IP Location: Russian Federation - Keyweb AG IP Network - KEYWEB-AS
IP 95.169.190.224
[ns.km35228.keymachine.de]
AS31103
Registrant ID:   DI_11520313
Registrant/Registrant Email: Alexander Tkachenko/snx777@mail.ru

Code: [Select]

hxxp://snxhost.in/tv777.exemd5sum ===> 7bd14aff590db1fc8a7b2c3e3ba7dac0
http://www.virustotal.com/es/analisis/b8162c451a1a77ed42f1730d5ef122c9dd866870c78784b9f9b52be6a569dfb7-1280568273
VT 31/42 (73.81%)
dropzone:
IP Location: Russian Federation - Keyweb AG IP Network - KEYWEB-AS
IP 95.169.190.224
[ns.km35228.keymachine.de]
AS31103
Registrant/Registrant Email: PrivacyProtect.org/contact@privacyprotect.org

Code: [Select]

hxxp://aptb.net/tx7/gtx32.php

[jackberri]

IP Location: Russian Federation - VHost route - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.6
AS29106
Registrant ID:CO718353-RT
Registrant/Registrant Email: max pet/maxpet1212@gmail.com

Code: [Select]

hxxp://ubuuntu.info/u2.somd5sum ===> 1889ac0b273c9bb0aeae31c106668cf1

Code: [Select]

hxxp://ubuuntu.info/uk.phprelated:
IP Location: Russian Federation - VHost route - VolgaHost-as PE Bondarenko Dmitriy Vladimirovich
IP 91.213.174.107
AS29106
Registrant ID: CO701755-RT
Registrant/Registrant Email: max pet/maxpet1212@gmail.com

Code: [Select]

hxxp://livetrust.info/_3sun/crypt_KillEXE.exemd5sum ===> fe892289e80c5a43008adeab12a44652
http://www.virustotal.com/es/analisis/1df52650d6c8448e3f07dc1c62d63e25f74a9e8c3cc0442fe06a8b2ed86774ba-1280671892
VT 20/42 (47.62%)