kankarmz.ru (betabot http botnet hosted by Alibabahost.com)

By I_Post_Ur_Info, August 13, 2013

Resolved kankarmz.ru to 37.221.170.35

Server: kankarmz.ru
Gate file: /Duf67/H8938_827.php

Alternate domains (both are currently unregistered):
u023sjasj.net
iodijsakj.net

This is one of only three or so betabots that I have seen rename the gate file from order.php to something less obvious. I guess that might be a bit too advanced for the average HF skid.

Hosting infos: http://whois.domaintools.com/37.221.170.35

Related md5s (search on malwr.com to download samples):
Betabot 397cd0b8c2738dcab9261aac0fc9554c

Categories: Uncategorized

Tags: alibabahost.combeta bot

Previous postxvident.pw (andromeda http botnet hosted by maxhosting.ru)

Next postallrounders.cc (Athena http botnet hosted by hostkey.com)

3 Comments

Anonymous - August 19, 2013 at 11:07 pm

Does everyone use Alibaba? God

I_Post_Ur_Info - August 22, 2013 at 12:32 am

Betamonkey is apparently recommending it as bulletproof hosting.

Anonymous - September 3, 2013 at 7:35 pm

beta defiantly dose not recommend any hosting solutions

sinsec.net (Betabot http botnet hosted by alibabahost.com)

api.wifi-update.biz (Betabot http botnet hosted by oneandone.net)

frizzcams.com (Betabot http botnet hosted by Balticservers.com)

3 Comments

Anonymous - August 19, 2013 at 11:07 pm

I_Post_Ur_Info - August 22, 2013 at 12:32 am

Anonymous - September 3, 2013 at 7:35 pm

Comments are closed