Hi Dim@rik & kalibri,
Here you can see where the rotten apples are hosted on 66.197.186.37:
http://www.malwaregroup.com/Ipaddresses/details/66.197.186.37
Attack script mainly for
/show.php
/directshow.php
/pdf.php
php vulnerabilities exploited for:
s7.localhost phishing
s7.iphoster.ru Fragus Exploit Kit / Trojan Swisy
Trojan Zbot registrant for Zbot domains = order AT iphoster dot ru
Ip also listed also here: http://securehomenetwork.blogspot.com/2010/07/rbn-hunting.html link source author: JAMES MCQUAIN
on the RBN network
polonus