xogogo.org (Paradise ddos botnet hosted by adman.com)

By I_Post_Ur_Info, May 28, 2013

Resolved xogogo.org to 93.170.131.114

Server: xogogo.org
Gate file: /par/bfg.php

Hosting infos: http://whois.domaintools.com/93.170.131.114

Related md5s (search on malwr.com to download the samples):
Paradise bot: 5724c61a33708b5fdefa3125ea32b2d0

EDIT: The botnet is currently attacking a site

POST /par/bfg.php HTTP/1.1
Host: xogogo.org
User-Agent: PARADISE
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 10
status=get


HTTP/1.1 200 OK
Date: Tue, 28 May 2013 13:31:16 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 131
Connection: close
Content-Type: text/html; charset=UTF-8



paradise=http://www.justanswer.com/fraud-examiner/7rc0r-yamaguchipartners-offers-buy-shares-scalada-holdings.html<!10!>|$50$0$0$1$|

Someone must be pretty mad about their scam being exposed.

Categories: Uncategorized

Tags: paradise bot

Previous postsweet1sfl.com (Paradise ddos botnet hosted by intermedia.md)

Next posthost0r.net (Andromeda http botnet hosted by instantdedicated.com)

milfsdeasing.com (paradise ddos bot hosted by zevshost.net)

sweet1sfl.com (Paradise ddos botnet hosted by intermedia.md)

olikdfg12.net (Paradise ddos botnet hosted by webtropia.com)