eu.triplemining.com(Bitcoin Miner malware hosted in Belgium Ict Ventures Bvba/sprl)

This is the second belgian hoster found hosting malwares that’s not good lol
Again another great contribution from our anonymous friend wich i called malware because it uses infected machines to do what he does
the bitcoin miner is downloaded from here gwassnet.co.cc/NoTouch.exe
it connects to svchost2.exe -o http://eu.triplemining.com:8344 -u trap258_gwas -p himom 111 0

UPDATE:
looks like this is Yoshi the hecker from hf lol

svchost64.exe -t 6 -o http://eu.triplemining.com:8344 -u Yoshi_Yoshi1 -p yoshi123

hosting infos:
http://whois.domaintools.com/91.198.211.27
IT – Operations
address: ICT Ventures BVBA/SPRL
address: Dewandelaerstraat 12
address: 1930 Zaventem
address: Belgium
phone: +32 2 123 45 67
fax-no: +32 2 123 45 67

4 Comments

  • Anonymous says:

    Pretty sure that's a legit mining pool pig. I went on their irc channel and they were more than willing to remove the botnet user login. The bitcoin software just connects to the mining pool, it doesn't have a panel.
    They should probably check for botnet users, ie users with many different ips rather than waiting for reports though.

  • Jack says:

    I sent a report about this net , They forwarded the report to my ISP , My ISP thought it was them sending the report to them and sent a letter out to me with the report attached.

  • Pig says:

    nice i got files will post later if there is something funny inside