89.163.181.135 (Citadel banking malware hosted by unitedcolo.de)

Server:  89.163.181.135
Gate file:  /.~/ineed/stats.php
Config file:  /.~/ineed/file.php

They forgot to remove the installation directory: hxxp://89.163.181.135/.~/ineed/install/
Found on the same betabot as the recently posted pony loader.

Hosting infos: http://whois.domaintools.com/89.163.181.135

Categories: Uncategorized

1 Comment

Anonymous - May 28, 2013 at 5:48 am

There's been a large jump in people using Citadel these days.

Comments are closed