xogogo.org (Paradise ddos botnet hosted by adman.com)

Resolved xogogo.org to

Server:  xogogo.org
Gate file:  /par/bfg.php

Hosting infos: http://whois.domaintools.com/

Related md5s (search on malwr.com to download the samples):
Paradise bot: 5724c61a33708b5fdefa3125ea32b2d0

EDIT: The botnet is currently attacking a site

POST /par/bfg.php HTTP/1.1
Host: xogogo.org
User-Agent: PARADISE
Content-Type: application/x-www-form-urlencoded
Connection: close
Content-Length: 10

HTTP/1.1 200 OK
Date: Tue, 28 May 2013 13:31:16 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 131
Connection: close
Content-Type: text/html; charset=UTF-8


Someone must be pretty mad about their scam being exposed.

Categories: Uncategorized