ms.allnewdots.com(buterfly bot hosted in United States Woodstock Fdcservers.net)

yes again this hoster and again buterfly boter hosted in USA
they prob dont know that the buterfly botnet creator was arrested by FBI

IP Location: United States Woodstock Fdcservers.net
Resolve Host: sys-047.leeware.com
IP Address: 208.53.131.135

exe file hosted with fdcservers.net:
http://74.63.78.13/bdnu.exe
IP Location: United States Woodstock Fdcservers.net
Resolve Host: roa.ecuaideas3.net
IP Address: 74.63.78.13

Resolved : [ms.allnewdots.com] To [208.53.131.135]
Resolved : [ms.allnewdots.com] To [208.53.131.47]
Resolved : [ms.allnewdots.com] To [208.53.131.50]

DNS Lookup
Host Name IP Address
ms.allnewdots.com 208.53.131.135
dell-d3e62f7e26 10.1.14.2
208.53.183.4 208.53.183.4
ff.fjpark.com 174.139.13.58
208.53.183.252 208.53.183.252
208.53.183.46 208.53.183.46
UDP Connections
Remote IP Address: 208.53.131.135 Port: 1863
Send Datagram: packet(s) of size 7
Send Datagram: 3 packet(s) of size 3
Send Datagram: packet(s) of size 60
Recv Datagram: 4707 packet(s) of size 0
Recv Datagram: 2 packet(s) of size 8
Recv Datagram: packet(s) of size 3
Recv Datagram: packet(s) of size 44
Remote IP Address: 174.139.13.58 Port: 9955
Send Datagram: packet(s) of size 21
Send Datagram: 4 packet(s) of size 10
Send Datagram: packet(s) of size 20
Send Datagram: 2 packet(s) of size 2
Send Datagram: 3 packet(s) of size 1
Recv Datagram: 7976 packet(s) of size 0
Recv Datagram: packet(s) of size 21
Recv Datagram: packet(s) of size 10
Recv Datagram: packet(s) of size 537
Recv Datagram: packet(s) of size 88
Recv Datagram: packet(s) of size 81
Download URLs
http://208.53.183.4/serialnumber.data (208.53.183.4)
http://208.53.183.252/89salaries.data (208.53.183.252)
http://208.53.183.46/mypic.jpg (208.53.183.46)

Outgoing connection to remote server: 208.53.183.4 TCP port 80
Outgoing connection to remote server: 208.53.183.252 TCP port 80
Outgoing connection to remote server: 208.53.183.46 TCP port 80DNS Lookup
Host Name IP Address
dell-d3e62f7e26 10.1.14.2
mydrivers.babypin.net 98.126.214.82
www.nippon.to
www.nippon.to 112.78.112.208
www.cooleasy.com
www.cooleasy.com 218.85.133.201
obsoletegod.com
Download URLs
http://112.78.112.208/cgi-bin/prxjdg.cgi (www.nippon.to)
http://218.85.133.201/cgi-bin/prxjdg.cgi (www.cooleasy.com)
http://218.85.133.201/cgi-bin/prxjdg.cgi (www.cooleasy.com)
http://218.85.133.201/cgi-bin/prxjdg.cgi (www.cooleasy.com)
http://112.78.112.208/cgi-bin/prxjdg.cgi (www.nippon.to)
http://112.78.112.208/cgi-bin/prxjdg.cgi (www.nippon.to)

Outgoing connection to remote server: mydrivers.babypin.net port 6682
Outgoing connection to remote server: www.nippon.to TCP port 80
Outgoing connection to remote server: www.cooleasy.com TCP port 80
Outgoing connection to remote server: www.nippon.to TCP port 80
Outgoing connection to remote server: www.nippon.to TCP port 80DNS Lookup
Host Name IP Address
update2.helohmar.com 91.200.242.230
mx4.hotmail.com 65.55.37.88
UDP Connections
Remote IP Address: 10.1.1.1 Port: 53
Send Datagram: packet(s) of size 29
Recv Datagram: packet(s) of size 399

SMTP: 65.55.37.88:25

Categories: Uncategorized
Previous post