Malware Domain List

Malware Related => Malicious Domains => Topic started by: MysteryFCM on May 31, 2009, 02:27:38 am

Title: hott-rodd.cn (botnet C+C)
Post by: MysteryFCM on May 31, 2009, 02:27:38 am
Ref:
http://forum.hosts-file.net/viewtopic.php?p=11567#p11567

Domains involved (in order):

Code: [Select]
http://www.defstu.com/computers_and_internet/mobile_computing/ (IP: 216.14.80.49)
http://traffic-searches.cn/webstats/in.cgi?2 (IP: 213.182.197.249)
http://brommercon.com/gr1/t.php (IP: 221.5.74.52)
 - http://brommercon.com/gr1/ii.swf
 - http://brommercon.com/gr1/ii.pdf
 - http://brommercon.com/gr1/ll.php?1235465465463456&b=1&456546&456&s=pdf
http://hott-rodd.cn/garret/controller.php?action=bot&entity_list=&uid=1&first=1&guid=13441600&rnd=946862 (IP: 212.117.185.18)

Headers from hott-rodd.cn;

Code: [Select]
HTTP/1.1 200 OK
Date: Sun, 31 May 2009 02:19:16 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Version: 1
Content-Length: 52224
Entity-Info: 1242984482:36864:2;1243262967:15360:2;
Rnd: 947390
Magic-Number: 256|1|92:55:19:17:147:157:8:23:137:50:94:210:72:117:242:50:97:73:168:9:164:229:183:141:47:109:57:158:30:230:215:122:30:235:139:177:137:148:200:18:198:39:228:15:156:215:65:254:32:234:7:196:207:191:82:254:44:140:157:74:114:117:197:145:96:81:66:233:229:11:251:172:50:224:187:207:184:253:205:217:231:213:158:183:148:240:182:192:124:83:11:239:201:209:128:41:34:195:19:7:206:15:179:1:240:111:208:169:108:157:130:83:115:32:11:7:17:193:200:142:20:211:125:221:165:254:7:199:194:27:206:144:43:130:146:28:241:98:197:93:0:72:177:115:105:188:123:122:126:67:8:146:23:134:112:188:133:120:131:71:148:81:216:191:212:106:220:197:205:161:35:206:233:213:65:82:145:188:205:16:0:213:162:23:92:19:211:225:139:86:40:32:168:0:223:124:106:187:66:56:93:101:6:71:58:72:154:204:5:103:220:5:61:127:28:153:146:239:122:30:70:162:62:238:163:30:107:13:218:173:70:55:18:76:127:76:149:25:25:154:128:245:159:189:117:188:86:7:171:209:38:242:115:101:224:22:
Content-Encoding: gzip
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8