Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

22 February 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:20:00 Win2K-f 74.63.252.84 (-):
. n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

00:47:00 Win2K-f 116.54.88.131 (CN.NET):
CHINANET YUNNAN PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:39:00 Win2K-f 62.120.86.242 (-):
EUNET,
FR. n/a :iilem.net
US:jumevwjs.info
US:jscexekqes.info
US:fsrqcwdxrt.org
:sbypkjkg.com
:rpogmpvmyw.com
:wflvrahw.com
:cifscqarabj.info
US:hiogklsg.info
NL:foqwnfy.org
:njmfkhlhn.com
:jirfr.info
NL:mlyevzwanu.info
:nztpms.com
:rwoizjiic.net
US:hbiiwiycqok.info
:dnolkfwq.info
US:hzthvtgj.biz
US:ylcfqljxzhb.info
US:quszll.org
US:199.2.137.252:80
US:205.188.161.4:80 445 pcap raw alerts
ruleset http
23 lines Argh : 0.3
profile none summary
tarball none none none none none none none

01:51:00 Win2K-f 186.9.37.6 (-):
. n/a US:www.maxmind.com
US:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 4 of 37 8ce32ded17
NEW none[3] none:none
Armadillo| none trace

T:02:16:00 Win2K-f 62.120.80.21 (-):
EUNET,
FR. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
FR:62.120.80.21:3080 445 pcap raw alerts
ruleset http
9 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:02:35:00 Win2K-f 62.120.69.146 (-):
EUNET,
FR. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
FR:62.120.69.146:1289 445 pcap raw alerts
ruleset http
9 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

02:38:00 Win2K-f 60.191.115.53 (-):
ZHEJIANG PUBLIC COMMUNICATION SYSTEM CO. LTD,
ZHEJIANG, ZHEJIANG, CN. n/a US:www.maxmind.com
US:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

03:28:00 Win2K-f 74.5.206.5 (EMBARQHSD.NET):
EMBARQ CORPORATION,
WINTER PARK, FLORIDA, US. n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

03:53:00 Win2K-f 118.232.58.98 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
118.232.58.98:5620
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:04:01:00 Win2K-f 62.120.202.17 (-):
EUNET,
FR. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org 445 pcap raw alerts
ruleset http
9 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

04:11:00 Win2K-f 122.118.210.174 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

04:33:00 Win2K-f 222.216.203.142 (163DATA.COM.CN):
CHINANET GUANGXI PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:04:43:00 Win2K-f 62.120.40.117 (-):
EUNET,
FR. n/a :trafficconverter.biz
US:www.ask.com
:quwqpxop.net
:hxoaf.com
:isuucddt.net
US:mxsjpc.info
US:qrkldro.org
NL:azdpbsafx.info
US:ftgdstopwdu.info
:rysvjry.com
US:ozrqisuu.org
US:nuodt.org
US:abfmkkjf.info
:knxes.com
:cbcjtxmwjx.com
US:ptlig.biz
US:pznlzsgn.biz
NL:zdcgpoek.biz
US:acxrpk.info
:qghjqiiy.info
:iyfpjv.biz
US:quagaynlkzm.org
:rwoizjiic.net
:zxxyaki.net
US:snrxgxaitk.info
US:miqsckbi.biz
:dbslldkk.com
:umsiqh.com
:wgnodettz.net
US:kgbrd.info
US:frglv.info
US:fkbjpbyg.info
US:wpmlgdhy.info
US:joivckyz.org
:rpqkf.com
:dorlpso.com
US:ktwupw.biz
:tgtznayy.com
US:sdxyxjum.biz
US:bmyfemlwkz.org
US:vbpoyidvh.org
US:usmjtqqn.biz
US:skoix.org
US:nbuvunlays.biz
:ddqjjlbz.com
US:jxarazxlrrg.org
:ospxut.net
:kofaqfdf.com
:traeghyhwm.net
US:gfydftkw.biz
US:foqwnfy.org
US:xycbai.info
US:eglvlbdn.info
:kxfcigdhws.com
:twfvoyg.com
US:xqvcsvi.org
:mtbpbudz.org
US:bfselof.biz
:shjgdhfofi.biz
US:knblsyouvc.info
US:viasu.com
:jblttpd.com
:nexwdqdtdx.info
:ubzslizfp.net
US:csowvzr.info
:zxkkfyziby.net
NL:ovgfdin.biz
US:mwlrobomkux.info
NL:pqworveq.biz
:elplcyxyai.com
US:mlyevzwanu.info
:xdwtseglmj.com
US:205.188.161.4:80 445 pcap raw alerts
ruleset http
18 lines Argh : 0.3
profile none summary
tarball none none none none none none none

04:55:00 Win2K-f 119.126.95.97 (-):
. n/a 139 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

05:00:00 Win2K-f 61.47.61.220 (ICSPACE.NET):
PACIFIC INTERNET THAILAND,
TH. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:05:03:00 Win2K-f 198.68.206.101 (TSTAR.NET):
T-STAR INTERNET,
BLANCO, TEXAS, US. n/a 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

05:13:00 Win2K-f 189.20.81.184 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

T:06:16:00 Win2K-f 62.120.206.57 (-):
EUNET,
FR. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
FR:62.120.206.57:6419 445 pcap raw alerts
ruleset http
8 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

06:36:00 Win2K-f 61.59.185.58 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

06:58:00 Win2K-f 122.118.163.8 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

07:15:00 Win2K-f 190.128.78.21 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

07:58:00 Win2K-f 24.83.200.240 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:www.maxmind.com
US:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

08:51:00 Win2K-f 87.52.88.21 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
COPENHAGEN, COPENHAGEN, DK. (DSL) n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:08:54:00 Win2K-f 62.120.200.10 (-):
EUNET,
FR. n/a US:www.maxmind.com
:checkip.dyndns.org 445 pcap raw alerts
ruleset http
8 lines Yeah : 0.8
profile none summary
tarball 2 of 37 216ec67841
NEW none[3] none:none
StarForce| none trace

09:32:00 Win2K-f 190.136.144.189 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

10:21:00 Win2K-f 87.121.3.194 (-):
NETERRA-TELECABLENET-NET,
BG. n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 4 of 37 8ce32ded17
NEW none[3] none:none
Armadillo| none trace

11:23:00 Win2K-f 209.101.190.44 (EPOCH.NET):
EPOCH NETWORKS,
COSTA MESA, CALIFORNIA, US. (100Mbps) n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

12:06:00 Win2K-f 58.54.83.20 (163DATA.COM.CN):
CHINANET HUBEI PROVINCE NETWORK,
HUBEI, HUBEI, CN. n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

12:34:00 Win2K-f 66.90.103.119 (ON-DEMAND-TECH.COM):
FDC SERVERS.NET LLC,
CHICAGO, ILLINOIS, US. n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 4 of 37 4e6c4dd8b1
NEW none[3] none:none
StarForce| none trace

T:12:44:00 Win2K-f 62.120.152.224 (-):
EUNET,
FR. n/a US:www.maxmind.com
:checkip.dyndns.org 445 pcap raw alerts
ruleset http
8 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

13:04:00 Win2K-f 71.101.158.74 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
BARTOW, FLORIDA, US. (DSL) n/a US:www.maxmind.com
US:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 216ec67841
NEW none[3] none:none
StarForce| none trace

13:29:00 Win2K-f 190.50.29.29 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

13:33:00 Win2K-f 173.45.81.72 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 409ef22885
NEW none[3] none:none
UPX| none trace

T:14:10:00 WinXP 151.59.242.212 (38-151.NET24.IT):
IUNET-BNET,
IT. n/a US:www.altavista.com
US:www.yahoo.com
:jbeegvia.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 32 of 32 bb7681eca8
NEW none[none] none:none
none|none none none

14:27:00 Win2K-f 190.55.181.161 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

14:36:00 Win2K-f 84.126.56.4 (ONO.COM):
PROVIDER LOCAL REGISTRY,
ES. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

14:47:00 Win2K-f 88.70.124.253 (ARCOR-IP.NET):
ARCOR-DSL-NET,
DE. (DSL) n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:15:20:00 Win2K-f 62.120.90.234 (-):
EUNET,
FR. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org 445 pcap raw alerts
ruleset http
9 lines Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

T:15:22:00 Win2K-f 62.120.30.9 (-):
EUNET,
FR. n/a US:www.maxmind.com
US:checkip.dyndns.org
FR:62.120.30.9:1282 445 pcap raw alerts
ruleset http
8 lines Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

15:32:00 Win2K-f 82.208.83.232 (MTS-NN.RU):
NETWORK FOR DIALUP POOL IN DZERJINSK CITY,
NIZHNIY NOVGOROD, NIZHEGORODSKAYA OBLAST', RU. (DIAL) n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

15:34:00 WinXP 219.89.75.189 (XTRA.CO.NZ):
TELECOM INTERNET SERVICES,
AUCKLAND, AUCKLAND, NZ. (DSL) n/a 135 pcap raw alerts
ruleset shell
ftp
shell
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

15:35:00 Win2K-f 190.6.108.55 (-):
WILSON CONSTRUCCIONES S.A,
AR. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:15:38:00 Win2K-f 62.120.196.35 (-):
EUNET,
FR. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org 445 pcap raw alerts
ruleset http
9 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

16:04:00 Win2K-f 80.38.191.82 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
BILBAO, PAIS VASCO, ES. n/a 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

16:23:00 Win2K-f 196.2.194.78 (MENANET.NET):
AFRINIC,
CAIRO, AL QAHIRAH, EG. n/a US:www.maxmind.com
EU:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:16:29:00 Win2K-f 62.120.205.211 (-):
EUNET,
FR. n/a US:www.maxmind.com
:checkip.dyndns.org 445 pcap raw alerts
ruleset http
8 lines Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

16:33:00 Win2K-f 201.24.8.57 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a US:www.maxmind.com
US:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

16:39:00 Win2K-f 124.10.85.215 (TFN.NET.TW):
TAIWAN FIXED NETWORK CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

17:21:00 Win2K-f 119.103.77.69 (-):
. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

17:37:00 Win2K-f 221.10.221.44 (SHUZG.COM):
CNC GROUP SICHUAN PROVINCE NETWORK,
CHENGDU, SICHUAN, CN. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

17:40:00 Win2K-f 80.4.35.213 (NTL.COM):
HERSHAM,
GRIMSBY, ENGLAND, UK. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
EU:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:18:10:00 Win2K-f 62.120.195.185 (-):
EUNET,
FR. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org 445 pcap raw alerts
ruleset http
10 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

18:12:00 Win2K-f 216.30.241.98 (-):
BRIER NET,
LEWISBURG, WEST VIRGINIA, US. n/a 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

18:28:00 Win2K-f 222.170.93.156 (163DATA.COM.CN):
CHINANET HEILONGJIANG PROVINCE NETWORK,
HEILONGJIANG, HEILONGJIANG, CN. n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

18:45:00 Win2K-f 59.125.241.241 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

18:50:00 Win2K-f 190.50.211.187 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
US:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

19:00:00 Win2K-f 219.86.160.36 (TFN.NET.TW):
TAIWAN FIXED NETWORK CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

19:17:00 Win2K-f 190.246.198.200 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

T:19:18:00 Win2K-f 62.120.92.239 (-):
EUNET,
FR. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org 445 pcap raw alerts
ruleset http
11 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

19:41:00 Win2K-f 61.47.61.213 (ICSPACE.NET):
PACIFIC INTERNET THAILAND,
TH. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

19:58:00 Win2K-f 123.195.68.120 (ETHOME.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

20:55:00 Win2K-f 66.90.103.23 (ON-DEMAND-TECH.COM):
FDC SERVERS.NET LLC,
CHICAGO, ILLINOIS, US. n/a US:www.maxmind.com
US:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

21:15:00 Win2K-f 211.187.189.81 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 61.235.117.80:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
CN:thaexp.cn
CN:goasi.cn
:lorentil.cn
CN:www.upononjob.cn
:alt1.gmail-smtp-in.l.google.com
US:ns1.msft.net
US:alt2.gmail-smtp-in.l.google.com
US:alt3.gmail-smtp-in.l.google.com
US:alt4.gmail-smtp-in.l.google.com
67.215.1.10:9823
67.215.1.18:1294 135 pcap raw alerts
ruleset irc
http
379 lines Yeah : 1.8
profile none summary
tarball 11 of 39
23 of 39
31 of 33
31 of 33
12 of 39
34 of 39 3ce7642697
NEW
6398a162ac
NEW
776985f561
NEW
8ec6129efe
NEW
a22513fdc7
NEW
dc9f67ae1d
NEW none[none]
none [none]
none [0]
d3b0e700c7[0]
none [none]
none [none] none:none
none:none
none:none
ASM:Graph
none:none
none:none
none|none
none|none
Armadillo|
tElock|
none|none
none|none none
none
lines=91
lines=120
embedded dns
none
none none
none
trace
trace
none
none

21:27:00 Win2K-f 210.94.50.100 (KRLINE.NET):
KRNIC,
KR. (100Mbps) 61.235.117.80:65520 CN:proxima.ircgalaxy.pl
CN:thaexp.cn
CN:goasi.cn
:lorentil.cn
US:66.45.246.146:3120
67.215.1.10:9823
67.215.11.114:4569 445 pcap raw alerts
ruleset http
irc
322 lines Yeah : 0.8
profile none summary
tarball 9 of 39
12 of 39
34 of 39 84f734dfc7
NEW
a22513fdc7
NEW
dc9f67ae1d
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

21:42:00 Win2K-f 123.0.210.185 (LSC.NET.TW):
TBCOM-NET,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
EU:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

22:01:00 Win2K-f 118.232.75.137 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

22:13:00 Win2K-f 122.116.132.31 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
TW:122.116.132.31:9476
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

22:27:00 Win2K-f 89.44.14.141 (BLUEINTEL.RO):
SC CCC BLUE TELECOM SA - SUCURSALA GALATI,
GALATI, GALATI, RO. n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

22:37:00 Win2K-f 24.105.182.57 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ALBANY, NEW YORK, US. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:22:59:00 Win2K-f 62.120.40.53 (-):
EUNET,
FR. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
US:checkip.dyndns.org 445 pcap raw alerts
ruleset http
9 lines Yeah : 0.8
profile none summary
tarball 4 of 37 4e6c4dd8b1
NEW none[3] none:none
StarForce| none trace

T:23:14:00 Win2K-f 62.120.73.239 (-):
EUNET,
FR. n/a US:lvmuljmfbx.info
:xsbjuxhsnac.com
:yimjfzzdoz.net
:swqhnjvln.net
US:jxklnw.biz
US:usjbphcz.info
US:lolalmby.info
:ftfygsuuxn.net
:atcgsuunef.info
US:hqyfubk.org
:hegxfpnujj.info
US:ggxaogg.info
:nrfauwcpwy.com
US:umhjxmro.info
US:uoaanhgpne.info
US:drfskfy.info
US:bqvvfuque.org
NL:cuilrp.biz
:xvjruocgdm.com
:fnpwd.com
:trafficconverter.biz
NL:gwyljqdwp.info
:aggihi.net
:hrmvvxj.net
:oiiwtdi.net
:dcbfm.net
US:bzyxoi.info
US:pcxczapi.biz
:ubiknksr.com
:tcpthmhk.com
US:kebfidjv.info
US:sduntept.org
:calbwlcy.net
:xslegvc.biz
US:cmaga.org
US:innmidjl.biz
US:xezraqbp.info
US:oxsmourhfhu.info
US:ryrlctz.info
US:polhllxzxw.info
:epdvukg.net
:rrsspwak.net
US:zgcscnumoc.info
US:qkyggvfhw.biz
US:tqbbybl.info
:egifake.net
:bvdoiwkb.com
US:aeemunhtax.biz
:jtuvnvilrud.com
:kemzk.com
US:fwnnrzog.biz
:bagafyh.net
US:fzcldxekk.org
US:xtalxwu.biz
:zmwdmu.com
US:kptanpma.biz
US:etwlxctdd.biz
:ijhviyylg.com
NL:bowseu.org
:mfnvdzziso.net
US:lghvnqqeda.org
US:205.188.161.4:80
72.167.202.5:80 445 pcap raw alerts
ruleset http
17 lines Argh : 0.3
profile none summary
tarball none none none none none none none

23:31:00 Win2K-f 82.90.134.12 (BUSINESS.TELECOMITALIA.IT):
TELECOM ITALIA WIRELINE SERVICES,
MILANO, LOMBARDIA, IT. n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80
IT:82.90.134.12:5995 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:23:32:00 Win2K-f 62.120.77.97 (-):
EUNET,
FR. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:204.13.249.70:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
7 lines Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace