liveinsurance.org (Betabot http botnet hosted by worldstream.nl)

Resolved liveinsurance.org to 109.236.84.150

Server:  liveinsurance.org
Gate file:  /loverboy/order.php

freegamebox.us, a domain from a previous betabot is hosted on the same IP, so both are probably owned by the same person.

Hosting infos: http://whois.domaintools.com/109.236.84.150

Related md5s (search on malwr.com to download samples)
Betabot: 655b1833bfe7dc80391287ae6d568318

Categories: Uncategorized

4 Comments

Anonymous - September 4, 2013 at 8:02 pm

http://winblowservice.hopto.org/service/login.php
h4xinc.com/matrix/login.php
seattleschools.co/beta/login.php
jkdef8.ws/papka/login.php
strike-file-hosting.us/b/login.php

and some random soft which I do not know:
http://wewwwwera.mcdir.ru/eba/

Anonymous - September 4, 2013 at 11:11 pm

Heres some more:
darknode.net/beta/login.php
gamingplanet.us/codeserver/login.php
http://navega.pw/b7891/b986/bnav123/mar/360/vid5852/login.php <-He tried to hide it lmfao. It did not let me get on the the sub folders so I had to go to one sub folder then it direct me to another then another
gamerslaunch.no-ip.org/services/login.php
freegamerbox.us/codeserver/login.php

I_Post_Ur_Info - September 4, 2013 at 11:46 pm

Nice finds. I'll look through them and post them up.

Pig - September 5, 2013 at 3:42 pm

very nice work again 🙂
if u can replace http with hxxt will be fine
thank you for posting these panels here

Comments are closed