xogogo.org (Paradise ddos botnet hosted by adman.com)

Resolved xogogo.org to 93.170.131.114

Server:  xogogo.org
Gate file:  /par/bfg.php

Hosting infos: http://whois.domaintools.com/93.170.131.114

Related md5s (search on malwr.com to download the samples):
Paradise bot: 5724c61a33708b5fdefa3125ea32b2d0

EDIT: The botnet is currently attacking a site

POST /par/bfg.php HTTP/1.1
Host: xogogo.org
User-Agent: PARADISE
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 10
status=get


HTTP/1.1 200 OK
Date: Tue, 28 May 2013 13:31:16 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 131
Connection: close
Content-Type: text/html; charset=UTF-8



paradise=http://www.justanswer.com/fraud-examiner/7rc0r-yamaguchipartners-offers-buy-shares-scalada-holdings.html<!10!>|$50$0$0$1$|

Someone must be pretty mad about their scam being exposed.

Categories: Uncategorized