qwer.be (YZF ddos botnet hosted by metrabyte.co.th)

Resolved qwer.be to 119.59.99.200

Server:  qwer.be
Gate file:  /1234567/cmd.php

Information for building http requests is stored in /1234567/sys/ as text files renamed to pngs.
http://qwer.be/1234567/sys/UserAgent.png

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MyIE2; Deepnet Explorer)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FREE; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Win 9x 4.90)
Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 5.0; Windows NT; DigExt)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0; T312461)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 4.0; .NET CLR 1.0.2914)
Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)
Mozilla/4.0 (compatible; MSIE 5.5; Windows 95)
Mozilla/4.0 (compatible; MSIE 5.5; Windows 95; BCD2000)
Mozilla/2.0 (compatible; MSIE 3.02; Windows CE; 240x320)
Mozilla/1.22 (compatible; MSIE 2.0; Windows 95)
Mozilla/1.22 (compatible; MSIE 2.0d; Windows NT)
Mozilla/4.0 (compatible; MSIE 5.0; Windows 3.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322) NS8/0.9.6
Mozilla/4.79 [en] (Windows NT 5.0; U)
Mozilla/4.76 [en] (Windows NT 5.0; U)
Mozilla/0.91 Beta (Windows)
Mozilla/0.6 Beta (Windows)
Mozilla/4.7 (compatible; OffByOne; Windows 2000) Webster Pro V3.4
Opera/9.00 (Windows NT 4.0; U; en)
Opera/9.00 (Windows NT 5.1; U; en)
Opera/9.0 (Windows NT 5.1; U; en)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 9.0
Opera/8.01 (Windows NT 5.1)
Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.01
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Mozilla/5.0 (Windows NT 5.1; U; en) Opera 8.00
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.00
Opera/8.00 (Windows NT 5.1; U; en)
Opera/7.60 (Windows NT 5.2; U) [en] (IBM EVV/3.0/EAK01AG9/LE)
Opera/7.54 (Windows NT 5.1; U) [pl]
Opera/7.11 (Windows NT 5.1; U) [en]
Mozilla/4.0 (compatible; MSIE 6.0; Windows ME) Opera 7.11 [en]
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 5.0) Opera 7.02 Bork-edition [en]
Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows NT 4.0) Opera 7.0 [en]
Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.0 [en]
Mozilla/4.0 (compatible; MSIE 5.0; Windows 95) Opera 6.01 [en]
Mozilla/3.0 (compatible; WebCapture 2.0; Auto; Windows)
Mozilla/4.0 (compatible; Powermarks/3.5; Windows 95/98/2000/NT)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; FREE; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; KTXN)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.0.3705; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.50
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; FunWebProducts)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
Opera/9.01 (Windows NT 5.1; U; en)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1) Opera 7.54 [en]
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; MRA 4.6 (build 01425))
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01
Opera/9.00 (Windows NT 5.1; U; ru)
Opera/9.0 (Windows NT 5.1; U; en)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; ru) Opera 8.01
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; InfoPath.1
Mozilla/4.0 (compatible; MSIE 6.0; AOL 9.0; Windows NT 5.1)

http://qwer.be/1234567/sys/Referer.png

http://www.wannabrowser.ru/
http://www.opera.com/
http://www.1tv.ru/
http://upyachka.ru/
http://www.youtube.com/
http://www.f-1.ru/
http://www.fc-zenit.ru/
http://www.rambler.ru/
http://2ip.ru/
http://www.lenta.ru/
http://www.nigma.ru/
http://wikipedia.org/
http://pentagon.afis.osd.mil/
http://www.mail.ru/
http://www.vkontakte.ru/
http://www.google.com/
http://www.yahoo.com/
http://www.hardcoreporn.com/
http://www.sexymama.com/
http://www.live.com/
http://vkontakte.ru/
http://www.mozilla-europe.org/
http://www.webmoney.ru/
http://whois.domaintools.com/
http://www.nysite.com/
http://www.westwestsidemusic.com/
http://www.westside-barbell.com/
http://www.mywestside.com/
http://www.westsidestory.com/
http://www.2012-konec-sveta.ru/
http://news.rambler.ru/9971848/
http://www.kp.ru/
http://www.westsiderentals.com/
http://www.pravda.ru/news/science/16-05-2011/1077026-apokalipsis-0/
http://2012god.net/

http://qwer.be/1234567/sys/Accept.png

text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/webp, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1
text/x-dvi; q=.8; mxb=100000; mxt=5.0, text/x-c
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
application/x-ms-application, image/jpeg, application/xaml+xml, image/gif, image/pjpeg, application/x-ms-xbap, */*
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
image/png,*/*
text/x-dvi, text/x-c, application/xml, text/html
application/xml, image/png, text/html
text/html, */*
application/xml, */*

http://qwer.be/1234567/sys/AcceptEncoding.png

x-compress ,deflate, gzip, x-gzip, identity, *;q=0
gzip,deflate,sdch
compress, gzip
gzip, x-gzip
x-compress; x-zip
x-gzip, identity
deflate, gzip, x-gzip
compress ,deflate, gzip
gzip, x-gzip, identity
gzip, compress, deflate

http://qwer.be/1234567/sys/AcceptLanguage.png

ru-RU,ru;q=0.9,en;q=0.8
ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
zh, en-us; q=0.8, en; q=0.6
en-en,en;q=0.8,en-us;q=0.5,en;q=0.3
en-us,en;q=0.5
en-us
kz-ua
az-ua
us-en
az-us

Hosting infos: http://whois.domaintools.com/119.59.99.200

Categories: Uncategorized