tommyslav.name (Ginemo winlocker hosted by justhost.in.ua)

By I_Post_Ur_Info, February 21, 2013

Resolved tommyslav.name to 91.213.8.52

I saw Malekal tweet that someone was using an exploit kit on adf.ly to distribute andromeda.
I had already posted the andromeda, and had suspected that it was the cracked version. I just entered the gate info into the builder, ran the build and watched it download this.

Server: tommyslav.name
Gate file: /panell/landing/gate.php
Ransom page tds: /panell/landing/redirme.php

Nice of the owner to leave info pages on the server.

Hosting infos: http://whois.domaintools.com/91.213.8.52

EDIT: an additional winlocker panel is hosted in the same ip

Server: oppnetter.biz.ua
Gate file: /panel/landing/gate.php
Ransom page tds: /panel/landing/redirme.php

Categories: Uncategorized

Tags: winlocker

Previous post5.199.167.219 (Citadel banking malware hosted by balticservers.com)

Next post616design.info (Pony loader and Zeus banking malware hosted by fastit.net)

188.190.126.79 (Silence 5 Winlocker hosted by infiumhost.com)

fbicomputerservices.com (Multilocker 3 winlocker hosted by altushost.com)

monstercvv.cc (Multilocker 3 winlocker hosted by altushost.com)