googlesafebrowsing-counter.org (Citadel banking malware hosted by Fastflux botnet)

Server: googlesafebrowsing-counter.org
Config dropper: /file.php

The server seems to be poorly configured and it never returns a config file.

Backup domain: googlesafebrowsing-cache.org

Example fastflux info

;; QUESTION SECTION:
;googlesafebrowsing-counter.org.    IN    A

;; ANSWER SECTION:
googlesafebrowsing-counter.org.    150 IN    A    94.158.73.89
googlesafebrowsing-counter.org.    150 IN    A    94.230.198.162
googlesafebrowsing-counter.org.    150 IN    A    99.231.159.61
googlesafebrowsing-counter.org.    150 IN    A    176.8.252.213
googlesafebrowsing-counter.org.    150 IN    A    194.150.86.172
googlesafebrowsing-counter.org.    150 IN    A    213.43.16.100
googlesafebrowsing-counter.org.    150 IN    A    69.14.27.13
googlesafebrowsing-counter.org.    150 IN    A    71.231.78.207
googlesafebrowsing-counter.org.    150 IN    A    78.137.54.50
googlesafebrowsing-counter.org.    150 IN    A    93.79.218.50
googlesafebrowsing-counter.org.    150 IN    A    93.177.210.57

;; AUTHORITY SECTION:
googlesafebrowsing-counter.org.    150 IN    NS    ns3.myextdns.pl.
googlesafebrowsing-counter.org.    150 IN    NS    ns1.myextdns.pl.
googlesafebrowsing-counter.org.    150 IN    NS    ns4.myextdns.pl.
googlesafebrowsing-counter.org.    150 IN    NS    ns2.myextdns.pl.

;; ADDITIONAL SECTION:
ns1.myextdns.pl.    149    IN    A    176.41.187.116
ns1.myextdns.pl.    149    IN    A    188.190.217.159
ns1.myextdns.pl.    149    IN    A    188.241.69.99
ns1.myextdns.pl.    149    IN    A    190.109.227.146
ns1.myextdns.pl.    149    IN    A    94.120.251.143
ns1.myextdns.pl.    149    IN    A    173.20.248.44
ns2.myextdns.pl.    149    IN    A    176.41.187.116
ns2.myextdns.pl.    149    IN    A    188.190.217.159
ns2.myextdns.pl.    149    IN    A    188.241.69.99
ns2.myextdns.pl.    149    IN    A    190.109.227.146
ns2.myextdns.pl.    149    IN    A    94.120.251.143
ns2.myextdns.pl.    149    IN    A    173.20.248.44

;; QUESTION SECTION:
;googlesafebrowsing-cache.org.    IN    A

;; ANSWER SECTION:
googlesafebrowsing-cache.org. 150 IN    A    194.150.86.172
googlesafebrowsing-cache.org. 150 IN    A    213.43.16.100
googlesafebrowsing-cache.org. 150 IN    A    69.14.27.13
googlesafebrowsing-cache.org. 150 IN    A    71.231.78.207
googlesafebrowsing-cache.org. 150 IN    A    78.137.54.50
googlesafebrowsing-cache.org. 150 IN    A    93.79.218.50
googlesafebrowsing-cache.org. 150 IN    A    93.177.210.57
googlesafebrowsing-cache.org. 150 IN    A    94.158.73.89
googlesafebrowsing-cache.org. 150 IN    A    94.230.198.162
googlesafebrowsing-cache.org. 150 IN    A    99.231.159.61
googlesafebrowsing-cache.org. 150 IN    A    176.8.252.213

;; AUTHORITY SECTION:
googlesafebrowsing-cache.org. 150 IN    NS    ns3.myextdns.pl.
googlesafebrowsing-cache.org. 150 IN    NS    ns1.myextdns.pl.
googlesafebrowsing-cache.org. 150 IN    NS    ns2.myextdns.pl.
googlesafebrowsing-cache.org. 150 IN    NS    ns4.myextdns.pl.

;; ADDITIONAL SECTION:
ns1.myextdns.pl.    149    IN    A    188.190.217.159
ns1.myextdns.pl.    149    IN    A    188.241.69.99
ns1.myextdns.pl.    149    IN    A    190.109.227.146
ns1.myextdns.pl.    149    IN    A    94.120.251.143
ns1.myextdns.pl.    149    IN    A    173.20.248.44
ns1.myextdns.pl.    149    IN    A    176.41.187.116
ns2.myextdns.pl.    149    IN    A    188.190.217.159
ns2.myextdns.pl.    149    IN    A    188.241.69.99
ns2.myextdns.pl.    149    IN    A    190.109.227.146
ns2.myextdns.pl.    149    IN    A    94.120.251.143
ns2.myextdns.pl.    149    IN    A    173.20.248.44
ns2.myextdns.pl.    149    IN    A    176.41.187.116

Sample link

nomoguz.su (Betabot http botnet hosted by fastflux)

top-glenyx.com (betabot http botnet hosted by Fastflux)

wandingoo.net (Citadel banking malware hosted by qhoster.net)