area.myarena.ru(Destination Darkness Outcast System & Optima)

By Pig, July 10, 2011

HTTP Malware from Russia used to ddos

Admin Panel:
http://area.myarena.ru/ex/adm/auth.php

– DNS Queries:

area.myarena.ru DNS_TYPE_A 62.122.213.10
http://palmary73.net DNS_TYPE_A

– HTTP Conversations:

62.122.213.10:80 – [area.myarena.ru]
Request: GET /ex/?uid=035409&ver=9aXPA
Response: 200 “OK”
Request: GET /ex/adm/?uid=035409&ver=9aXPA
Response: 302 “Found”
Request: GET /ex/adm/auth.php
Response: 200 “OK”
Request: GET /ex/adm/index.php?uid=035409&ver=9aXPA
Response: 302 “Found”
Request: GET /ex/adm/auth.php
Response: 200 “OK”

Exe File:
http://adf.ly/23XhF

hosting infos:
http://whois.domaintools.com/62.122.213.10

Categories: Uncategorized

Previous post178.211.58.11(irc botnet hosted in Turkey Radore Hosting Telekomunikasyon Hizmetleri San. Ve Tic. Ltd. Sti)

Next postssh.mytijn.org(irc botnet hosted in India Bangalore O/o Dgm Bb Noc Bsnl Bangalore)