⭐ Merited by theymos_away (2)
Note that no URL has ever been captured for help-tools.org
Looking a bit further into it, this domain does not seem hacked. It seems to have been deliberately registered for this purpose:
Domain Name: HELP-TOOLS.ORG
Registry Domain ID: D402200000008508823-LROR
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: www.namesilo.com
Updated Date: 2018-12-06T08:04:10Z
Creation Date: 2018-12-02T06:52:52Z
The domain was registered last Sunday and was already hardcoded into the malware's source. No way it could've been hacked in this period - it's deliberate.
As expected the specific whois is anonymized:
Registrant Email: pw-1064a16b3dfb69e838295e2eefdabc6f@privacyguardian.org
Registry Admin ID:
Admin Name: Domain Administrator
Admin Organization: See PrivacyGuardian.org
Admin Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Emails sent to pw-1064a16b3dfb69e838295e2eefdabc6f@privacyguardian.org should reach the malware author though.
Looking a bit further into it, this domain does not seem hacked. It seems to have been deliberately registered for this purpose:
Domain Name: HELP-TOOLS.ORG
Registry Domain ID: D402200000008508823-LROR
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: www.namesilo.com
Updated Date: 2018-12-06T08:04:10Z
Creation Date: 2018-12-02T06:52:52Z
The domain was registered last Sunday and was already hardcoded into the malware's source. No way it could've been hacked in this period - it's deliberate.
As expected the specific whois is anonymized:
Registrant Email: pw-1064a16b3dfb69e838295e2eefdabc6f@privacyguardian.org
Registry Admin ID:
Admin Name: Domain Administrator
Admin Organization: See PrivacyGuardian.org
Admin Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Emails sent to pw-1064a16b3dfb69e838295e2eefdabc6f@privacyguardian.org should reach the malware author though.