Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

16 April 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:24:00 Win2K-f 196.2.194.17 (MENANET.NET):
AFRINIC,
CAIRO, AL QAHIRAH, EG. n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:00:28:00 Win2K-f 186.18.18.243 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:00:58:00 Win2K-f 113.254.196.251 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:05:00 Win2K-f 207.42.179.22 (FICOHSA.HN):
SPLK/BH/HONDUTEL,
TEGUCIGALPA, FRANCISCO MORAZAN, HN. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

T:01:14:00 Win2K-f 94.102.9.13 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

01:20:00 Win2K-f 124.113.0.169 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:46:00 Win2K-f 114.143.4.133 (-):
. n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 4 of 37 8ce32ded17
NEW none[3] none:none
Armadillo| none trace

01:54:00 Win2K-f 121.58.193.14 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
US:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 4 of 37 8ce32ded17
NEW none[3] none:none
Armadillo| none trace

02:01:00 Win2K-f 114.143.4.133 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 4 of 37 8ce32ded17
NEW none[3] none:none
Armadillo| none trace

T:03:06:00 Win2K-f 211.20.204.168 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
EU:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

03:28:00 Win2K-f 81.9.154.116 (CM-85-152-59-10.TELECABLE.ES):
TELECABLE,
AVILES, ASTURIAS, ES. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
EU:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:03:57:00 Win2K-f 121.52.146.92 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
US:64.14.81.30:1429
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

04:10:00 Win2K-f 123.195.65.69 (ETHOME.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
116.29.210.15:2753
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:04:13:00 Win2K-f 189.109.26.139 (-):
. n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 917c085aca
NEW none[3] none:none
Armadillo| none trace

T:04:32:00 Win2K-f 140.113.65.150 (NTU.EDU.TW):
TAIWAN ACADEMIC NETWORK,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
TW:140.113.65.150:8955
208.78.68.70:80
US:64.246.48.99:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

04:37:00 Win2K-f 211.20.204.168 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80
Abort(coredumped) 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:04:48:00 Win2K-f 140.126.177.1 (TYC.EDU.TW):
MOEC,
TW. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:05:11:00 Win2K-f 190.208.108.210 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

05:22:00 Win2K-f 118.167.47.187 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
TW:220.130.228.60:9957
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:05:40:00 Win2K-f 124.112.199.240 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
118.160.198.169:5913
208.78.69.70:80
US:64.246.48.99:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:06:27:00 Win2K-f 190.220.110.200 (-):
. n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

06:30:00 Win2K-f 200.80.181.145 (TECHTELNET.NET):
TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A,
MAR DEL PLATA, BUENOS AIRES, AR. n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:07:41:00 Win2K-f 118.160.218.239 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

07:58:00 Win2K-f 190.208.108.210 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:64.246.48.99:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:08:14:00 Win2K-f 189.123.239.57 (-):
. n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:09:03:00 Win2K-f 59.104.152.93 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

09:03:00 Win2K-f 113.19.8.189 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
CN:218.89.146.242:7646
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

09:29:00 Win2K-f 87.101.50.7 (THEWEB.GR):
THESSALONIKI,
THESSALONIKI, THESSALONIKI, GR. n/a US:www.maxmind.com
US:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:09:41:00 Win2K-f 87.101.50.7 (THEWEB.GR):
THESSALONIKI,
THESSALONIKI, THESSALONIKI, GR. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

10:05:00 Win2K-f 118.160.218.239 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

10:33:00 Win2K-f 91.93.131.35 (TELETEKTELEKOM.COM):
TELETEK TELEKOMUNIKASYON HIZMETLERI A.S,
TR. n/a US:www.maxmind.com
EU:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:10:58:00 Win2K-f 173.45.81.68 (-):
. n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
Abort(coredumped) 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 409ef22885
NEW none[3] none:none
UPX| none trace

11:31:00 Win2K-f 190.0.77.26 (ASTER.COM.DO):
ASTER,
SANTO DOMINGO, DISTRITO NACIONAL, DO. n/a
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

12:09:00 Win2K-f 200.71.99.215 (TELESAT.COM.CO):
COLDECON,
CALI, VALLE DEL CAUCA, CO. n/a US:www.maxmind.com
US:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

12:37:00 Win2K-f 186.9.196.76 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
208.78.69.70:80
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

12:44:00 Win2K-f 189.21.3.47 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
208.78.69.70:80
US:67.15.94.80:80
US:74.222.2.114:5361
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:12:51:00 Win2K-f 186.9.196.76 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
:getmyip.co.uk
186.9.196.76:6865
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

13:14:00 Win2K-f 190.81.111.136 (TELMEX.COM.PE):
TELMEX PERU S.A,
PE. n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
CO:200.71.107.182:2424
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

13:26:00 Win2K-f 190.105.15.227 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:13:37:00 Win2K-f 209.17.170.86 (GROUPTELECOM.NET):
BELL CANADA,
VANCOUVER, BRITISH COLUMBIA, CA. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 409ef22885
NEW none[3] none:none
UPX| none trace

13:53:00 Win2K-f 212.95.47.232 (-):
DEUTSCHES INTERNET-ZENTRUM AG,
DE. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

14:12:00 Win2K-f 209.17.170.86 (GROUPTELECOM.NET):
BELL CANADA,
VANCOUVER, BRITISH COLUMBIA, CA. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 409ef22885
NEW none[3] none:none
UPX| none trace

T:14:15:00 Win2K-f 212.95.47.232 (-):
DEUTSCHES INTERNET-ZENTRUM AG,
DE. n/a US:www.maxmind.com
US:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:14:21:00 Win2K-f 190.67.84.30 (TELECOM.COM.CO):
COLOMBIA TELECOMUNICACIONES S.A. ESP,
CO. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

14:56:00 Win2K-f 201.255.94.154 (COM.AR):
TELEFONICA DE ARGENTINA,
MAR DEL PLATA, BUENOS AIRES, AR. n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 917c085aca
NEW none[3] none:none
Armadillo| none trace

T:15:18:00 Win2K-f 24.109.246.15 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
THUNDER BAY, ONTARIO, CA. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

15:26:00 Win2K-f 125.121.84.1 (163DATA.COM.CN):
CHINANET-ZJ HANGZHOU NODE NETWORK,
HANGZHOU, ZHEJIANG, CN. n/a US:www.maxmind.com
US:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.69.70:80
US:64.246.48.99:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 40 2aa9c9578b
NEW none[none] none:none
none|none none none

T:15:33:00 Win2K-f 125.121.84.1 (163DATA.COM.CN):
CHINANET-ZJ HANGZHOU NODE NETWORK,
HANGZHOU, ZHEJIANG, CN. n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 40 2aa9c9578b
NEW none[none] none:none
none|none none none

15:47:00 Win2K-f 200.46.105.226 (PSINETPA.NET):
NET2NET CORP,
PANAMA CITY, PANAMA, PA. n/a US:www.maxmind.com
US:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:15:47:00 Win2K-f 201.255.94.154 (COM.AR):
TELEFONICA DE ARGENTINA,
MAR DEL PLATA, BUENOS AIRES, AR. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 917c085aca
NEW none[3] none:none
Armadillo| none trace

16:24:00 Win2K-f 77.124.232.48 (INTER.NET.IL):
SMILE INTERNET GOLD,
IL. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
11 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:16:35:00 Win2K-f 203.223.173.245 (WOL.NET.PK):
CYBERSOFT TECHNOLOGIES PLC,
PK. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 917c085aca
NEW none[3] none:none
Armadillo| none trace

17:00:00 Win2K-f 190.6.155.140 (TRICOM.NET):
TRICOM,
DO. n/a
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

17:52:00 Win2K-f 219.81.198.175 (TFN.NET.TW):
TAIWAN FIXED NETWORK CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

18:22:00 Win2K-f 203.223.173.245 (WOL.NET.PK):
CYBERSOFT TECHNOLOGIES PLC,
PK. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 917c085aca
NEW none[3] none:none
Armadillo| none trace

18:30:00 Win2K-f 217.171.181.153 (-):
SKYWAY.NET GMBH CUSTOMER CARE,
DE. (100Mbps) n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
US:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:18:40:00 Win2K-f 61.61.237.150 (UBBN.NET):
UNION CABLE TV CO. LTD,
TW. n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:19:03:00 Win2K-f 212.68.42.186 (-):
NETWING,
AT. n/a US:www.maxmind.com
US:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
AT:212.68.42.186:9313
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 216ec67841
NEW none[3] none:none
StarForce| none trace

19:13:00 Win2K-f 186.81.25.133 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 8 of 38 4f6b51ea3b
NEW none[3] none:none
MEW| none trace

19:17:00 Win2K-f 201.235.42.156 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:19:23:00 Win2K-f 190.6.155.140 (TRICOM.NET):
TRICOM,
DO. n/a US:www.maxmind.com
US:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

T:19:35:00 Win2K-f 113.27.150.154 (-):
. n/a US:www.maxmind.com
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:19:39:00 Win2K-f 217.171.181.153 (-):
SKYWAY.NET GMBH CUSTOMER CARE,
DE. (100Mbps) n/a US:www.maxmind.com
EU:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80
Abort(coredumped) 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

19:42:00 Win2K-f 190.188.241.228 (NET.AR):
PRIMA S.A,
AR. n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

19:44:00 Win2K-f 61.61.237.150 (UBBN.NET):
UNION CABLE TV CO. LTD,
TW. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
208.78.68.70:80
US:64.246.48.99:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:19:46:00 Win2K-f 220.130.228.60 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:19:54:00 Win2K-f 201.235.42.156 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:20:10:00 Win2K-f 190.55.209.140 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

20:32:00 Win2K-f 190.55.209.140 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:20:39:00 WinXP 190.208.80.207 (-):
. n/a RU:citi-bank.ru
RU:89.208.35.28:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 39 of 40 0440138fb7
NEW none[none] none:none
none|none none none

21:13:00 Win2K-f 64.105.145.118 (COVAD.NET):
COVAD COMMUNICATIONS CO,
NEWARK, NEW JERSEY, US. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:21:27:00 Win2K-f 186.81.25.133 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
EU:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 8 of 38 4f6b51ea3b
NEW none[3] none:none
MEW| none trace

21:34:00 Win2K-f 220.128.128.86 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:21:57:00 Win2K-f 220.128.128.86 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:23:00:00 Win2K-f 209.85.57.91 (EV1SERVERS.NET):
EVERYONES INTERNET,
HOUSTON, TEXAS, US. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

23:27:00 Win2K-f 190.0.65.153 (ASTER.COM.DO):
ASTER,
SANTO DOMINGO, DISTRITO NACIONAL, DO. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.69.70:80
US:64.246.48.99:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:23:28:00 Win2K-f 190.108.29.170 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace