Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

18 April 2009
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
00:10:00 Win2K-f 119.85.120.9 (-):
. 		n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:00:13:00 Win2K-f 118.232.53.189 (-):
. 		n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
00:20:00 Win2K-f 173.45.79.94 (-):
. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
00:28:00 Win2K-f 66.117.7.11 (IMPLUX.NET):
IMPLUX LLC,
SAN DIEGO, CALIFORNIA, US. (100Mbps) 		n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:00:33:00 Win2K-f 116.29.210.15 (163DATA.COM.CN):
CHINANET GUANGDONG PROVINCE NETWORK,
BEIJING, BEIJING, CN. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:00:36:00 Win2K-f 173.45.79.94 (-):
. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
00:37:00 Win2K-f 116.29.210.15 (163DATA.COM.CN):
CHINANET GUANGDONG PROVINCE NETWORK,
BEIJING, BEIJING, CN. 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:00:40:00 Win2K-f 200.71.103.63 (TELESAT.COM.CO):
COLDECON,
CALI, VALLE DEL CAUCA, CO. 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
00:51:00 Win2K-f 117.67.135.55 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. 		n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
01:18:00 Win2K-f 118.232.57.211 (-):
. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
US:checkip.dyndns.org
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:01:50:00 Win2K-f 218.89.146.242 (-):
CHINANET-SC-GA-NETBAR,
CN. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
208.78.69.70:80
US:64.246.48.99:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:02:30:00 Win2K-f 210.21.94.65 (-):
GUANGZHOU-WENXIN-CORP,
GUANGZHOU, GUANGDONG, CN. 		n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org 		445 pcap raw alerts
ruleset 		http
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:02:56:00 Win2K-f 200.87.35.179 (ORION.PNUD.BO):
ENTEL S.A. - ENTELNET,
LA PAZ, LA PAZ, BO. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
EU:checkip.dyndns.org
174.142.28.217:2146
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		7 of 37 7587773eea
NEW 		none[3] none:none
 StarForce| none trace
03:05:00 Win2K-f 194.170.32.137 (AC.AE):
HIGHER COLLEGES OF TECHNOLOGY,
ABU DHABI, ABU DHABI, AE. 		n/a  
US:67.15.94.80:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
12 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
03:55:00 Win2K-f 87.118.174.211 (ASENOVGRAD.NET):
ASENOVGRAD.NET BULGARIA,
BG. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		7 of 37 7587773eea
NEW 		none[3] none:none
 StarForce| none trace
T:04:05:00 Win2K-f 218.89.146.242 (-):
CHINANET-SC-GA-NETBAR,
CN. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
CN:218.89.146.242:7646
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
04:09:00 Win2K-f 200.87.35.179 (ORION.PNUD.BO):
ENTEL S.A. - ENTELNET,
LA PAZ, LA PAZ, BO. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		7 of 37 7587773eea
NEW 		none[3] none:none
 StarForce| none trace
04:15:00 Win2K-f 124.115.85.83 (163DATA.COM.CN):
CHINANET SHANXI(SN) PROVINCE NETWORK,
BEIJING, BEIJING, CN. 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:64.246.48.99:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:04:16:00 Win2K-f 207.199.203.1 (MTCNET.NET):
MTCNET,
SIOUX CENTER, IOWA, US. 		n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		2 of 37 d60e538e72
NEW 		none[3] none:none
 UPX| none trace
05:00:00 Win2K-f 207.199.203.1 (MTCNET.NET):
MTCNET,
SIOUX CENTER, IOWA, US. 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		2 of 37 d60e538e72
NEW 		none[3] none:none
 UPX| none trace
05:21:00 Win2K-f 190.188.249.206 (NET.AR):
PRIMA S.A,
AR. 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
T:05:25:00 Win2K-f 87.121.8.89 (-):
NETERRA-TELECABLENET-NET,
SOFIA, SOFIYA, BG. 		n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		4 of 37 8ce32ded17
NEW 		none[3] none:none
 Armadillo| none trace
T:06:16:00 Win2K-f 62.97.80.119 (IP-ZONE.COM):
OPCIONA-ES-NET,
SANTA CRUZ DE TENERIFE, CANARY ISLANDS, ES. 		n/a US:www.maxmind.com
US:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.68.70:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
7 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
06:17:00 Win2K-f 218.82.249.250 (163DATA.COM.CN):
CHINANET SHANGHAI PROVINCE NETWORK,
SHANGHAI, SHANDONG, CN. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
06:33:00 Win2K-f 87.121.8.89 (-):
NETERRA-TELECABLENET-NET,
SOFIA, SOFIYA, BG. 		n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
Abort(coredumped) 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		4 of 37 8ce32ded17
NEW 		none[3] none:none
 Armadillo| none trace
07:07:00 Win2K-f 123.204.148.231 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:www.maxmind.com
US:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:07:10:00 Win2K-f 123.204.148.231 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:07:19:00 Win2K-f 190.188.220.203 (NET.AR):
PRIMA S.A,
AR. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
07:48:00 Win2K-f 113.254.200.144 (-):
. 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
08:26:00 Win2K-f 195.5.216.12 (NERIM.NET):
INTERNEXT,
FR. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:74.222.2.114:5361
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
08:48:00 Win2K-f 80.93.216.171 (TEKLAN.COM.TR):
TEKLAN INTERNET ERISIM HIZMETLERI KOMUNIKASYON ELEKTRONIK SAN A.S,
ISTANBUL, ISTANBUL, TR. 		n/a US:www.maxmind.com
US:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
08:59:00 Win2K-f 64.46.41.103 (TEST.COM):
RACKFORCE HOSTING INC,
KELOWNA, BRITISH COLUMBIA, CA. (100Mbps) 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:204.13.249.70:80
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		4 of 37 8ce32ded17
NEW 		none[3] none:none
 Armadillo| none trace
T:09:56:00 Win2K-f 200.71.107.182 (TELESAT.COM.CO):
COLDECON,
CALI, VALLE DEL CAUCA, CO. 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.69.70:80
US:64.246.48.99:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
09:59:00 Win2K-f 200.71.107.182 (TELESAT.COM.CO):
COLDECON,
CALI, VALLE DEL CAUCA, CO. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
11:40:00 Win2K-f 115.81.227.6 (-):
. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:11:42:00 Win2K-f 78.111.133.253 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
12:10:00 Win2K-f 92.114.222.80 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
13:21:00 Win2K-f 61.20.138.59 (-):
FAR EASTONE TELECOMMUNICATION CO. LTD,
TW. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
EU:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
13:28:00 Win2K-f 94.102.9.12 (-):
. 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:13:35:00 Win2K-f 201.172.20.213 (MULTIMEDIOS.NET):
TELEVISION INTERNACIONAL S.A. DE C.V,
MX. 		n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		7 of 37 7587773eea
NEW 		none[3] none:none
 StarForce| none trace
15:08:00 Win2K-f 189.123.162.247 (-):
. 		n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
T:15:21:00 Win2K-f 189.123.162.247 (-):
. 		n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
15:35:00 Win2K-f 201.172.20.213 (MULTIMEDIOS.NET):
TELEVISION INTERNACIONAL S.A. DE C.V,
MX. 		n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		7 of 37 7587773eea
NEW 		none[3] none:none
 StarForce| none trace
15:46:00 Win2K-f 59.105.92.92 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:15:48:00 Win2K-f 193.30.110.108 (POWERED-BY.WILLUX.BE):
WILLUX BVBA,
BE. 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
15:51:00 Win2K-f 190.208.76.215 (-):
. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
T:16:25:00 Win2K-f 59.105.92.92 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
17:10:00 Win2K-f 190.16.37.100 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
T:17:10:00 Win2K-f 201.19.125.198 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:17:32:00 Win2K-f 190.16.37.100 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
T:18:07:00 Win2K-f 59.113.156.78 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:18:10:00 Win2K-f 59.121.199.243 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.68.70:80
US:64.246.48.99:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
18:12:00 Win2K-f 200.82.77.171 (-):
TELECOM-CEB,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80
Abort(coredumped) 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		7 of 37 7587773eea
NEW 		none[3] none:none
 StarForce| none trace
T:18:17:00 Win2K-f 190.191.107.182 (-):
. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		20 of 40 ba958000c6
NEW 		none[none] none:none
 none|none none none
T:18:26:00 Win2K-f 201.254.69.66 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:18:35:00 Win2K-f 190.128.23.145 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
CO:190.128.23.145:5235
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		8 of 37 4f88618d4f
NEW 		none[3] none:none
 UPX| none trace
T:18:48:00 Win2K-f 200.82.77.171 (-):
TELECOM-CEB,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		7 of 37 7587773eea
NEW 		none[3] none:none
 StarForce| none trace
18:52:00 Win2K-f 201.254.69.66 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
18:56:00 Win2K-f 59.121.199.243 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:64.246.48.99:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
19:22:00 Win2K-f 190.128.23.145 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
MANIZALES, CALDAS, CO. 		n/a US:www.maxmind.com
:checkip.dyndns.org 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		8 of 37 4f88618d4f
NEW 		none[3] none:none
 UPX| none trace
19:28:00 Win2K-f 125.110.1.43 (163DATA.COM.CN):
CHINANET-ZJ WENZHOU NODE NETWORK,
WENZHOU, ZHEJIANG, CN. 		n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:19:33:00 Win2K-f 125.110.1.43 (163DATA.COM.CN):
CHINANET-ZJ WENZHOU NODE NETWORK,
WENZHOU, ZHEJIANG, CN. 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
19:53:00 Win2K-f 201.19.125.198 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:19:54:00 Win2K-f 200.119.56.89 (ETB.NET.CO):
ETB - COLOMBIA,
SANTAFé DE BOGOTá, DISTRITO CAPITAL, CO. (DSL) 		n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
T:20:08:00 Win2K-f 88.28.62.3 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
ES. 		n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		2 of 37 223d8089f8
NEW 		none[3] none:none
 StarForce| none trace
20:14:00 Win2K-f 88.28.62.3 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
ES. 		n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		2 of 37 223d8089f8
NEW 		none[3] none:none
 StarForce| none trace
20:31:00 Win2K-f 201.220.225.97 (E-CORPNET.ORG):
TELEFONICA MOVIL DE CHILE S.A,
SANTIAGO, REGION METROPOLITANA, CL. 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:20:32:00 Win2K-f 59.114.38.179 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:20:35:00 Win2K-f 78.39.46.197 (-):
INFORMATION TECHNOLOGY COMPANY (ITC),
IR. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
20:48:00 Win2K-f 118.83.157.60 (-):
. 		n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
EU:checkip.dyndns.org
US:204.13.249.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:21:00:00 Win2K-f 118.83.157.60 (-):
. 		n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:21:19:00 Win2K-f 61.56.212.71 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:21:26:00 Win2K-f 114.37.192.99 (-):
. 		n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		2 of 37 d60e538e72
NEW 		none[3] none:none
 UPX| none trace
21:30:00 Win2K-f 61.56.212.71 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
21:48:00 Win2K-f 190.31.104.172 (NET.AR):
APOLO -GOLD-TELECOM-PER,
AR. 		n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
22:54:00 Win2K-f 59.104.221.247 (SEED.NET.TW):
DIGITAL UNITED I,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:23:09:00 Win2K-f 59.104.221.247 (SEED.NET.TW):
DIGITAL UNITED I,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a US:www.maxmind.com
US:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
23:33:00 Win2K-f 190.220.108.35 (-):
. 		n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace