dreiansc.ws (Ice 9 banking malware hosted by vps.ua)

Resolved dreiansc.ws to 31.131.28.121

 Server: dreiansc.ws
Gate file:  /adm/gate.php
Config file:  /config/index.php

The owner forgot to remove the panel installation file. hxxp://dreiansc.ws/adm/install/index.php

Hosting infos: http://whois.domaintools.com/31.131.28.121

Related md5s (Search on malwr.com to download samples)
Ice9: edb77957d11c9add8d8bcc615ba3d392

Categories: Uncategorized

2 Comments

vps.ua - September 19, 2013 at 10:40 am

Hello.
We have shut down host under IP 31.131.28.121. It can be started again only in case of full system re-setup with wiping all the data from disk.
Please, feel free to contact us if you find any abusive activity performed from our network.

Pig - September 19, 2013 at 2:55 pm

nice to see your fast reaction here 🙂

Comments are closed