Server: 37.9.53.121 Gate file: //xSZ64Wiax/WiOzJe3G7u7ok3gOYqHdv2xk.php According to virustotal this is an affiliate program, with the pony file downloaded from the same site. Hosting infos: http://whois.domaintools.com/37.9.53.121 Related md5s (Search on malwr.com to download the sample) Pony: 37ae22ba2799ed146c47085268dd481b
fackestructur.be (Warbot http botnet hosted by firstvds.ru)
Resolved fackestructur.be to 82.146.42.62 Server: fackestructur.be Gate file: /bymedstar_01/index.php One of the files downloaded by this andromeda. I don’t know why anyone would waste their time setting up this old piece of crap, let alone spreading it. Hosting infos: http://whois.domaintools.com/82.146.42.62 Related md5s (search on Malwr.com to download samples) Warbot: a0ef373644caec98e666048a581a4cf0
towi4-place.com (Andromeda http botnet hosted by core-vps.lv)
Resolved towi4-place.com to 193.105.240.20 Server: towi4-place.com Gate file: /1800/image.php Downloads Cutwail as well as other malware. The owner has left a message on the index page. То, что мы называем злом, является всего лишь неизбежностью в нашем бесконечном развитии. Ф.Кафка >Вопросы и предожения сотрудничества (JID): ToWi4@cryptovpn.com Google translated: What we call evil is simply inevitableRead more...
bicycletrainers.info (betabot http botnet proxied by cloudflare to 100tb.com)
Server: bicycletrainers.info Gate file: /wheellock/order.php Alternate domains: dirtybagmcgee.com womenhealthbody.pw It’s been a while since I’ve seen someone trying to use cloudflare with malware. Lets see how long it takes them to block it this time. Related md5s (Search on malwr.com to download samples) Betabot: ddb28ce54c501be046400ddaa474f257 EDIT: It’s been blocked, and I got the hosting info:Read more...