Resolved milfsdeasing.com to 192.102.6.130 Server: milfsdeasing.com Gate file: /par/bfg.php The bot is currently attacking a few websites related to stock and financial regulation. POST /par/bfg.php HTTP/1.1 Host: milfsdeasing.com User-Agent: PARADISE Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10 status=get HTTP/1.1 200 OK Date: Thu, 12 Sep 2013 00:25:55 GMT Server: Apache/2.2.16 (Debian) X-Powered-By: PHP/5.3.3-7+squeeze14 Vary: Accept-Encoding Content-Length:Read more...
xogogo.org (Paradise ddos botnet hosted by adman.com)
Resolved xogogo.org to 93.170.131.114 Server: xogogo.org Gate file: /par/bfg.php Hosting infos: http://whois.domaintools.com/93.170.131.114 Related md5s (search on malwr.com to download the samples): Paradise bot: 5724c61a33708b5fdefa3125ea32b2d0 EDIT: The botnet is currently attacking a site POST /par/bfg.php HTTP/1.1 Host: xogogo.org User-Agent: PARADISE Content-Type: application/x-www-form-urlencoded Connection: close Content-Length: 10 status=get HTTP/1.1 200 OK Date: Tue, 28 May 2013 13:31:16Read more...
sweet1sfl.com (Paradise ddos botnet hosted by intermedia.md)
Resolved sweet1sfl.com to 89.45.14.99 Server: sweet1sfl.com Gate file: /par/bfg.php Altnerate domain: meetinets.com Hosting infos: http://whois.domaintools.com/89.45.14.99
olikdfg12.net (Paradise ddos botnet hosted by webtropia.com)
Resolved olikdfg12.net to 5.104.106.181 Server: olikdfg12.net Gate file: /poloki/bfg.php This is another ddos bot that has been attacking from the virustotal sandbox. Hosting infos: http://whois.domaintools.com/5.104.106.181
paradisetest.ru (Paradise ddos botnet hosted by hostnoc.net)
Resolved paradisetest.ru to 184.22.118.71 Server: paradisetest.ru Gate file: /par/bfg.php The installation directory is still up and includes an EULA. Someone should ask iserdo how well using a EULA worked out for him Hosting infos: http://whois.domaintools.com/184.22.118.71