smokelessbooter.tk (Betabot http botnet hosted by ecatel.net)

Resolved smokelessbooter.tk to 94.102.51.123

Server:  smokelessbooter.tk
Gate file:  /bronk/order.php

Alternate domains:
watchonlinecams.com
ssh-products.com
fudfiles.com
theprofitnet.com
1337hackers.com
cash-networks.com

We have a real HF hecker here folks. I can see a Java “driveby” site, shitty crypter site, shitty CPA network site and a shitty hackforums clone site just from the domain names.
Looks like he’s running a shitty hosting company as well:
NS1.SSH-HOSTING.COM
NS2.SSH-HOSTING.COM

Related md5s (search on malwr.com to download the samples):
Betabot: 2fec17d0b8f0e0893b8ee97e39a5767c

Hosting infos: http://whois.domaintools.com/94.102.51.123

Categories: Uncategorized