towi4-place.com (Andromeda http botnet hosted by core-vps.lv)

By I_Post_Ur_Info, September 2, 2013

Resolved towi4-place.com to 193.105.240.20

Server: towi4-place.com
Gate file: /1800/image.php

Downloads Cutwail as well as other malware. The owner has left a message on the index page.

То, что мы называем злом, является всего лишь неизбежностью в нашем бесконечном развитии.

Ф.Кафка

>Вопросы и предожения сотрудничества (JID): ToWi4@cryptovpn.com

Google translated:

What we call evil is simply inevitable in our never-ending development.

Kafka

> Questions and cooperation being offered (JID): ToWi4@cryptovpn.com

Googling the jabber ID, it looks like he’s some scammer from antichat.ru

Hosting infos: http://whois.domaintools.com/193.105.240.20

Related md5s (Search on malwr.com to download samples)
Andromeda bot: 0a345b3518bbb4be3d34463b17007d30
Cutwail: da53b7983185de17e67579e2de0231be

Categories: Uncategorized

Tags: Andromeda Botcutwail

Previous postbicycletrainers.info (betabot http botnet proxied by cloudflare to 100tb.com)

Next postfackestructur.be (Warbot http botnet hosted by firstvds.ru)

shinyhosting.ws.gy(Andromeda Bot hosted in United States Amsterdam Hosting Servers)

xylox.su (Betabot and Andromeda http botnets hosted by Panamaserver.com)

scum1904life.com (Andromeda http botnet hosted by 2×4.ru)