mirror.serverhalflife.com (Pandora http bot hosted by Netherlands Haarlem Leaseweb B.v.)

Resolved  mirror.serverhalflife.com to 95.211.209.178

Pandora ddos bot
Server: mirror.serverhalflife.com
Gate file:  /pando/?u=17b6n82405v5ycal3ks4bb7i655e088m

Other crap on the server
Microworm panel: mirror.serverhalflife.com/micro/
The password is “root”

Files are located at hxxp://mirror.serverhalflife.com/files/
blackdra.exe is blackshades
Connects to own3d-private.no-ip.org:4010

Blackshades downloads more of the files

x0x0.294.24.10.10.0.2.15.0.0.0.Federal-Agent.FBI-PC.1.Microsoft Windows XP
.522.0.5.0.58802054.0.new.November 4, 2012.Hide My Ass Vpn FBI access panel (Welcome Agent Hogue) [Google Chrome]
x74.64.e4e497e1ec0a03c3e5e49ab8868bdc755b520583cbf4e31605a016d82147ec63x25x1.8.1.1..0.0x49.49.
hxxp://mirror.servehalflife.com/files/micro.exe.2x49.49.hxxp://mirror.servehalflife.com/files/steal.exe.2x49.52.
hxxp://mirror.servehalflife.com/files/blackdra.exe.2x105x74.7.UNKNOWNx53.1.0x114.1.0x53

Hosting infos: http://whois.domaintools.com/95.211.209.178