Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

26 February 2010
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
02:27:00 Win2K-f 60.170.82.50 (CNDATA.COM):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:02:35:00 Win2K-f 60.170.82.50 (CNDATA.COM):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
DE:131.220.6.26:80
208.78.70.70:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
03:55:00 Win2K-f 200.181.30.34 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
DE:131.220.6.26:80
208.78.70.70:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:04:04:00 Win2K-f 200.181.30.34 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a US:www.maxmind.com
:checkip.dyndns.org
EU:getmyip.co.uk
GB:www.vouchercodez.com
US:www.getmyip.org
DE:131.220.6.26:80
208.78.70.70:80
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:04:19:00 Win2K-f 208.82.42.99 (ENERGIZE.NET):
PULASKI ELECTRIC SYSTEM,
PULASKI, TENNESSEE, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:04:21:00 Win2K-f 99.147.65.139 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
HOUSTON, TEXAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
NEW
b7082104e4
NEW 		1473091351 [0]
c5b49e7b82[0] 		ASM:Graph
ASM:Graph
 tElock|
tElock| 		lines=75
embedded dns
lines=41 		trace
trace
T:05:59:00 Win2K-f 70.73.10.190 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 39
40 of 41		 19f9cb1f21
NEW
a9d40bc96b
NEW 		8b1482be5d [0]
b07fa6d434[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:08:40:00 Win2K-f 110.8.14.99 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		60.190.222.139:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
:pozemle.cn
CN:122.224.6.48:88 		135 pcap raw alerts
ruleset 		irc
http
140 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
28 of 33
29 of 42
7 of 41		 533d15b5ce
NEW
58c343a8d8
NEW
862f11764f
NEW
dd3a45a19c
NEW 		c67adf46e2 [0]
none [0]
none [none]
none [none] 		ASM:Graph
none:none
none:none
none:none
 tElock|
Armadillo|
none|none
none|none 		lines=126
embedded dns
lines=91
none
none 		trace
trace
none
none
T:09:17:00 WinXP 186.9.216.126 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:09:54:00 Win2K-f 117.104.53.164 (T-COM.NE.JP):
TOKAI CORPORATION,
SHIZUOKA, SHIZUOKA, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
39 of 41		 6b315f5dbc
NEW
7938865f8c
NEW 		7604b94520 [0]
a9b9e4904b[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:10:33:00 Win2K-f 110.13.218.183 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
5 of 41		 14f47ffd1e
NEW
50437008d9
NEW 		90bf4b99ff [0]
c1b09ac5d7[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:11:51:00 Win2K-f 71.111.237.242 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
DURHAM, NORTH CAROLINA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:12:08:00 Win2K-f 72.184.206.181 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SPRING HILL, FLORIDA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:14:03:00 WinXP 70.60.198.57 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MONROE, NORTH CAROLINA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:15:53:00 Win2K-f 67.148.162.33 (CITESCAPE.COM):
CITESCAPE INTERNET,
LA GRANGE, TEXAS, US. (DSL) 		83.2.139.1:3305 JP:cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
24 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 41 cc88f4f016
NEW 		3d17903825 [0] none:none
 StarForce| none trace
15:53:00 Win2K-f 64.181.32.82 (SBCGLOBAL.NET):
COMBINED INSURANCE,
HURRICANE, WEST VIRGINIA, US. (100Mbps) 		210.166.223.51:3305 KR:cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		22 of 41 5069160ffe
NEW 		65a33ca939 [0] none:none
 StarForce| none trace
T:15:58:00 Win2K-f 24.224.123.61 (MI-CONNECTION.COM):
MI-CONNECTION COMMUNICATIONS SYSTEM,
MOORESVILLE, NORTH CAROLINA, US. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 40 7eeef4c033
NEW 		none[none] none:none
 none|none none none
T:15:58:00 Win2K-f 70.64.143.161 (GASOC.COM):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) 		83.2.139.1:3305 :cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
24 lines 		Yeah : 1.8
profile 		none summary
tarball 		36 of 40 0661b1a257
NEW 		none[none] none:none
 none|none none none
T:15:58:00 Win2K-f 92.230.209.176 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 		210.166.223.51:3305 PL:cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
28 lines 		Yeah : 1.8
profile 		none summary
tarball 		42 of 42 1201c6ab14
NEW 		none[none] none:none
 none|none none none
T:16:03:00 WinXP 24.190.83.27 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
CUTCHOGUE, NEW YORK, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 40 0661b1a257
NEW 		none[none] none:none
 none|none none none
T:16:03:00 Win2K-f 82.76.35.70 (RDSNET.RO):
ROMANIA DATA SYSTEMS,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a   135 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 40 7eeef4c033
NEW 		none[none] none:none
 none|none none none
T:16:06:00 WinXP 96.245.87.38 (VERIZON.NET):
ASSEMBLY TECHNOLOGY INC,
HUNTINGDON VALLEY, PENNSYLVANIA, US. (100Mbps) 		83.2.139.1:3305 JP:cx10man.weedns.com
:adsl-99-102-251-202.dsl.ksc2mo.sbcglobal.net 		135 pcap raw alerts
ruleset 		shell
ftp
irc
51 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 41 b8076e37ae
NEW 		52953fed05 [0] none:none
 StarForce| none trace
T:16:14:00 Win2K-f 85.185.75.149 (-):
AB & FAZELAB SISTAN & BALOUCHESTAN,
IR. (100Mbps) 		n/a KR:cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 42 5d94ac965c
NEW 		none[none] none:none
 none|none none none
T:16:19:00 Win2K-f 125.193.54.25 (MESH.AD.JP):
NEC CORPORATION,
TOKYO, TOKYO, JP. (DSL) 		210.166.223.51:3305 :cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
39 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 41 cc88f4f016
NEW 		3d17903825 [0] none:none
 StarForce| none trace
T:16:29:00 Win2K-f 60.51.25.64 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
SHAH ALAM, SELANGOR, MY. (DSL) 		83.2.139.1:3305 PL:cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
32 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 39 bf3e95a24e
NEW 		9ad25eb0be [0] none:none
 StarForce| none trace
T:16:47:00 Win2K-f 24.89.179.197 (OPTONLINE.NET):
BOLT FAST,
SOUTH HACKENSACK, NEW JERSEY, US. (100Mbps) 		83.2.139.1:3305 JP:cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
24 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 42 3da4f49b12
NEW 		none[none] none:none
 none|none none none
T:16:48:00 Win2K-f 190.254.17.30 (TELEFONICA.NET.CO):
COLOMBIA TELECOMUNICACIONES S.A. ESP,
BUCARAMANGA, SANTANDER, CO. (DSL) 		210.166.223.51:3305 KR:cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		39 of 40 70ec5c4b3f
NEW 		f697adabdd [0] none:none
 StarForce| none trace
T:16:48:00 WinXP 88.26.203.233 (RIMA-TDE.NET):
TELEFONICA DE ESPANA (NCC#2008052974),
MADRID, MADRID, ES. (DSL) 		210.127.253.90:3305 :cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
32 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 40 ca62c00817
NEW 		d0897af6fc [0] none:none
 StarForce| none trace
T:17:03:00 Win2K-f 82.137.33.223 (RDSNET.RO):
RCS-RDS-FIBERLINK,
BUCHAREST, BUCURESTI, RO. (DSL) 		83.2.139.1:3305 PL:cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
24 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 41 cc88f4f016
NEW 		3d17903825 [0] none:none
 StarForce| none trace
17:04:00 Win2K-f 119.59.82.34 (-):
AWCC AFGHANISTAN. LIVE IN FUTURE,
KABUL, KABOL, AF. (DSL) 		210.166.223.51:3305 JP:cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
shell
irc
25 lines 		Yeah : 1.8
profile 		none summary
tarball 		38 of 41 3e30dc90de
NEW 		d5e7d16040 [0] none:none
 StarForce| none trace
T:17:10:00 Win2K-f 70.76.3.18 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SWIFT CURRENT, SASKATCHEWAN, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 40 7eeef4c033
NEW 		none[none] none:none
 none|none none none
T:17:15:00 Win2K-f 82.212.181.156 (82-212-176-10.TELEDISNET.BE):
TELEDISNET ISP,
BRUSSELS, BRUSSELS HOOFDSTEDELIJK GEWEST, BE. (DSL) 		n/a   135 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 40 7eeef4c033
NEW 		none[none] none:none
 none|none none none
T:17:24:00 Win2K-f 219.133.27.176 (163DATA.COM.CN):
CHINANET GUANGDONG PROVINCE NETWORK,
SHENZHEN, GUANGDONG, CN. (DSL) 		83.2.139.1:3305 KR:cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
30 lines 		Yeah : 1.8
profile 		none summary
tarball 		22 of 41 75af48afe4
NEW 		7a25f9e3cf [0] none:none
 StarForce| none trace
T:17:45:00 Win2K-f 77.208.48.70 (AIRTEL.NET):
GLOBAL MOBILE OPERATOR,
MADRID, MADRID, ES. (DIAL) 		83.2.139.1:3305 :cx10man.weedns.com 135 pcap raw alerts
ruleset 		shell
ftp
irc
23 lines 		Yeah : 1.8
profile 		none summary
tarball 		39 of 40 70ec5c4b3f
NEW 		f697adabdd [0] none:none
 StarForce| none trace
T:17:58:00 Win2K-f 115.64.93.64 (TPGI.COM.AU):
TPG INTERNET PTY LTD,
SYDNEY, NEW SOUTH WALES, AU. (DSL) 		n/a   135 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
18:19:00 Win2K-f 60.51.113.20 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
DE:131.220.6.26:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:18:32:00 Win2K-f 60.51.113.20 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
EU:getmyip.co.uk
GB:www.vouchercodez.com
DE:131.220.6.26:80
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
GB:80.82.121.239:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:18:48:00 Win2K-f 116.254.39.214 (T-COM.NE.JP):
TOKAI CORPORATION,
TOKYO, TOKYO, JP. (DSL) 		67.228.26.154:3305 PL:cx10man.weedns.com
:fx010413.whyI.org
PL:83.2.139.1:3305 		135 pcap raw alerts
ruleset 		shell
ftp
irc
26 lines 		Yeah : 1.8
profile 		none summary
tarball 		38 of 41 3e30dc90de
NEW 		d5e7d16040 [0] none:none
 StarForce| none trace
T:19:08:00 WinXP 85.64.166.234 (BARAK-ONLINE.NET):
BARAK I.T.C,
TEL AVIV, TEL AVIV, IL. (DSL) 		n/a   135 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 40 7eeef4c033
NEW 		none[none] none:none
 none|none none none
T:19:12:00 Win2K-f 124.42.50.245 (GOLFBOX.CN):
LANGFANG DEVELOPMENT AREA HUARUI XINTONG NETWORK TECHNOLOGY CO. LTD,
BEIJING, BEIJING, CN. (DSL) 		67.228.26.154:3305 JP:cx10man.weedns.com
JP:fx010413.whyI.org
PL:83.2.139.1:3305 		135 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.8
profile 		none summary
tarball 		22 of 42 f6b857b8a0
NEW 		none[none] none:none
 none|none none none
T:19:18:00 Win2K-f 69.176.12.116 (PRTCNET.ORG):
MIKROTEC INTERNET SERVICES INC,
BOONEVILLE, KENTUCKY, US. (DSL) 		67.228.26.154:3305 KR:cx10man.weedns.com
KR:fx010413.whyI.org
PL:83.2.139.1:3305 		135 pcap raw alerts
ruleset 		shell
ftp
irc
25 lines 		Yeah : 1.8
profile 		none summary
tarball 		42 of 42 993936f544
NEW 		none[none] none:none
 none|none none none
T:19:27:00 Win2K-f 95.82.106.30 (-):
KARAAMIN,
IR. (DSL) 		67.228.26.154:3305 :cx10man.weedns.com
:fx010413.whyI.org
PL:83.2.139.1:3305 		135 pcap raw alerts
ruleset 		shell
ftp
irc
26 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 41 1bb4b25c0e
NEW 		9293a2c3db [0] none:none
 StarForce| none trace
19:38:00 Win2K-f 60.249.91.191 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
GB:www.vouchercodez.com
:checkip.dyndns.org
US:67.15.94.80:80
GB:80.82.121.239:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:19:47:00 Win2K-f 60.249.91.191 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
GB:www.vouchercodez.com
:checkip.dyndns.org
TW:60.249.91.191:8802
US:67.15.94.80:80
GB:80.82.121.239:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:21:28:00 WinXP 118.101.215.175 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
MALACCA, MELAKA, MY. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 d8040f84d4
NEW 		d683995e84 [0] none:none
 PolyEnE| none trace
T:21:34:00 WinXP 123.238.19.204 (PHOTONINFOTECH.COM):
RELIANCE COMMUNICATIONS LTD,
NEW DELHI, DELHI, IN. (DSL) 		n/a PL:cx10man.weedns.com
PL:fx010413.whyI.org
PL:83.2.139.1:3305 		135 pcap raw alerts
ruleset 		shell
ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 41 1bb4b25c0e
NEW 		9293a2c3db [0] none:none
 StarForce| none trace
T:21:34:00 WinXP 216.66.135.183 (LOOK.CA):
LOOK COMMUNICATIONS INC,
MILTON, ONTARIO, CA. (DSL) 		n/a JP:cx10man.weedns.com
:fx010413.whyI.org
KR:gynoman.weedns.com
US:g.0x20.biz
JP:c010x1.co.cc
:commgr.co.cc
PL:telephone.dd.blueline.be
:phonewire.dd.blueline.be
:phonelogin.dd.blueline.be
JP:ufospace.etowns.net
KR:theforums.bbsindex.com 		135 pcap raw alerts
ruleset 		shell
ftp
irc
29 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 41 88c7adbc7c
NEW 		none[none] none:none
 none|none none none
T:22:03:00 WinXP 93.126.7.96 (-):
ASMANFARAZ SEPAHAN ISDP,
UK. (DSL) 		n/a   135 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:22:18:00 WinXP 120.75.212.116 (SO-NET.NE.JP):
SO-NET ENTERTAINMENT CORPORATION,
FUKUOKA, FUKUOKA, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 5285741560
NEW 		60590b8b67 [0] ASM:Graph
 none|none lines=59 trace
T:22:27:00 Win2K-f 71.115.82.156 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
ELKHART, INDIANA, US. (DSL) 		92.240.234.164:3305 KR:cx10man.weedns.com
JP:fx010413.whyI.org
:gynoman.weedns.com
AR:g.0x20.biz
67.228.26.154:3305
PL:83.2.139.1:3305 		135 pcap raw alerts
ruleset 		irc
611 lines 		Yeah : 1.8
profile 		none summary
tarball 		38 of 40 3d004f8b75
NEW 		none[none] none:none
 none|none none none
T:23:36:00 WinXP 24.87.139.227 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SURREY, BRITISH COLUMBIA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
1018 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 41 43b8f21924
NEW 		none[3] none:none
 none|none none trace
T:23:47:00 WinXP 119.235.86.95 (CONNECT.COM.FJ):
CONNECT INTERNET SERVICES LIMITED,
FJ. (DSL) 		n/a :cx10man.weedns.com
KR:fx010413.whyI.org
PL:gynoman.weedns.com
TH:c010x1.co.cc
RU:commgr.co.cc
:g.0x20.biz
67.228.26.154:3305
PL:83.2.139.1:3305
RU:89.208.33.88:3305 		135 pcap raw alerts
ruleset 		shell
ftp
irc
27 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40 70ec5c4b3f
NEW 		f697adabdd [0] none:none
 StarForce| none trace