Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

PUBLIC PAGE

<Click here: to download BotHunter>

25 September 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:14:00 Win2K-f 202.107.247.8 (CNINFO.NET):
CHINANET-ZJ QUZHOU NODE NETWORK,
QUZHOU, ZHEJIANG, CN. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:00:14:00 Win2K-f 212.36.230.32 (RDTC.RU):
REGIONAL DIGITAL TELECOMMUNICATION COMPANY,
MOSCOW, MOSCOW CITY, RU. (DSL) 66.252.13.212:16667 US:bbs.moiservice.com
US:66.252.13.212:16667 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 38 of 40 93dcd8587f
NEW e7124c9b61 [0] none:none
Stranik| none trace

T:00:30:00 WinXP 114.46.96.37 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 41 de37f2fc47
NEW bac4cc6eec [0] none:none
Armadillo| none trace

T:00:34:00 WinXP 61.94.146.140 (TELKOM.NET.ID):
PT TELKOM INDONESIA,
JAKARTA, JAKARTA RAYA, ID. (DSL) n/a 445 pcap raw alerts
ruleset ftp
17 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:00:44:00 WinXP 95.91.55.35 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 6eca023085
NEW 6dbddbd567 [0] none:none
Armadillo| none trace

T:00:44:00 Win2K-f 88.156.45.81 (VECTRANET.PL):
VECTRA S.A,
OLSZTYN, WARMINSKO-MAZURSKIE, PL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 41 7fad2f03e7
NEW b8d05e02eb [0] none:none
Armadillo| none trace

T:01:01:00 Win2K-f 68.146.136.164 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 92.240.234.164:3305 TH:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
607 lines Yeah : 1.8
profile none summary
tarball 39 of 41 9ce56f9f19
NEW 261c9da48f [0] none:none
StarForce| none trace

T:01:04:00 WinXP 118.171.239.89 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.212:16667 US:bbs.moiservice.com
US:66.252.13.212:16667 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 38 of 41 abbb0e3bad
NEW e7124c9b61 [0] none:none
Stranik| none trace

T:01:09:00 Win2K-f 114.183.77.36 (PLALA.OR.JP):
NTT PLALA INC,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 fb1247468a
NEW 7df8c478db [0] none:none
Armadillo| none trace

T:01:25:00 Win2K-f 89.232.254.132 (PERMONLINE.RU):
DYNAMIC DISTRIBUTION IP'S FOR BROADBAND SERVICES,
RU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 41 de37f2fc47
NEW bac4cc6eec [0] none:none
Armadillo| none trace

T:01:30:00 WinXP 92.20.110.245 (AS43234.NET):
CARPHONE WAREHOUSE BROADBAND SERVICES,
ELGIN, SCOTLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 f38a8f15d5
NEW e19283ab5b [0] none:none
Armadillo| none trace

T:01:37:00 WinXP 94.245.212.66 (ORANGE.AT):
NETWORK OF ORANGE AUSTRIA TELECOMMUNICATION GMBH,
VIENNA, WIEN, AT. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 27a4701383
NEW 74b7948215 [0] none:none
Armadillo| none trace

T:01:53:00 WinXP 87.122.166.224 (VERSANET.DE):
VERSATEL DEUTSCHLAND,
KIEL, SCHLESWIG-HOLSTEIN, DE. (100Mbps) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 44364e5fd9
NEW 4743d8cdba [0] none:none
Armadillo| none trace

T:01:53:00 WinXP 90.189.165.9 (SINOR.RU):
XDSL NETWORK FOR NSO REGION,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 41 de37f2fc47
NEW bac4cc6eec [0] none:none
Armadillo| none trace

T:01:54:00 Win2K-f 125.229.165.246 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 41 de37f2fc47
NEW bac4cc6eec [0] none:none
Armadillo| none trace

T:02:06:00 Win2K-f 112.202.226.9 (PLDT.NET):
IPG,
PH. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 40 9f5b49bb41
NEW e7124c9b61 [0] none:none
Stranik| none trace

02:11:00 WinXP 203.96.10.7 (GLOBAL-GATEWAY.NET.NZ):
NZGATE AGGREGATE NETWORKS,
AUCKLAND, AUCKLAND, NZ. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 0f00f88a4c
NEW a4764f38a7 [0] none:none
PolyEnE| none trace

T:02:20:00 WinXP 89.244.242.204 (VERSANET.DE):
VERSATEL DEUTSCHLAND,
MARL, NORDRHEIN-WESTFALEN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 41 3df9273f90
NEW 2cf71b3383 [0] none:none
StarForce| none trace

T:02:41:00 Win2K-f 83.135.66.187 (VERSANET.DE):
VERSATEL DEUTSCHLAND,
BOCHUM, NORDRHEIN-WESTFALEN, DE. (DSL) 66.252.13.212:16667 US:bbs.moiservice.com 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.3
profile none summary
tarball 40 of 41 7c153bb816
NEW 3e38bd1d25 [0] none:none
Stranik| none trace

T:03:05:00 WinXP 114.47.223.217 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 36 of 41 08011872f2
NEW 41edb4b960 [0] none:none
Armadillo| none trace

T:03:16:00 WinXP 202.150.123.10 (-):
KOL-DIAL,
AUCKLAND, AUCKLAND, NZ. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 10ffd3dfd1
NEW f64fdf148f [0] none:none
PolyEnE| none trace

T:03:25:00 Win2K-f 188.193.59.153 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 ad01e4744b
NEW 9513e08835 [0] none:none
Armadillo| none trace

T:03:38:00 WinXP 87.97.214.29 (PL.EKK.BG):
EKK CATV PLOVDIV,
PLOVDIV, PLOVDIV, BG. (DSL) n/a :teek.ihshsd8.com
:dong.nagitiriheiwu.net
:japan.youngpeyatech.info
:fuck.urpal43sourpalhuh.com
CN:italian.swiifatecihno.com
DE:89.149.227.51:80 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 38 of 40 fcab6c9d17
NEW none [4] none:none
Xtreme-Pr| none trace

T:03:41:00 WinXP 61.229.155.97 (PRESTONAUTO.COM):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 41 de37f2fc47
NEW bac4cc6eec [0] none:none
Armadillo| none trace

T:03:59:00 Win2K-f 77.21.42.46 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BAYREUTH, BAYERN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 a4a5d13de5
NEW 79e07808d1 [0] none:none
Stranik| none trace

T:04:10:00 WinXP 71.98.200.142 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
PALM HARBOR, FLORIDA, US. (DSL) n/a :gg.arrancar.org 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 40 of 41 459d2bddeb
NEW 10fac04dd2 [0] none:none
none|none none trace

T:04:10:00 WinXP 95.24.168.149 (CORBINA.RU):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 00f78fac3a
NEW 4b95c7088a [0] none:none
PENinja S| none trace

T:04:41:00 Win2K-f 92.80.12.204, 66.252.13.212 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 66.252.13.212:16667 US:bbs.moiservice.com
US:66.252.13.212:16667 445 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 1.3
profile none summary
tarball 40 of 41 5ec9484592
NEW 0978210109 [0] none:none
Stranik| none trace

T:04:48:00 WinXP 114.137.94.131 (HINET.NET):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none [0] none:none
PolyEnE| lines=93
embedded dns trace

T:05:04:00 Win2K-f 208.125.40.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ROCHESTER, NEW YORK, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:05:28:00 WinXP 78.250.73.241 (PROXAD.NET):
PROXAD INTERNET SERVICE PROVIDER IN FRANCE,
FR. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 38 of 41 a639a866cf
NEW c7bf122964 [0] none:none
PolyEnE| none trace

T:06:09:00 WinXP 95.106.26.39 (RYAZAN.RU):
RYAZAN BRANCH OF JSC CENTERTELECOM,
RU. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 2c31e3c966
NEW dca1fa0c85 [0] none:none
PolyEnE| none trace

T:07:08:00 WinXP 89.247.164.198 (VERSANET.DE):
VERSATEL DEUTSCHLAND,
DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none [0] none:none
none|none lines=61 trace

T:07:32:00 Win2K-f 60.249.0.25 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:07:54:00 WinXP 65.183.139.177 (BURLINGTONTELECOM.NET):
BURLINGTON TELECOM,
CLOQUET, MINNESOTA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
90 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 3ed16ae12d
NEW
79c01ec060
NEW none[0]
1bfd34056c[0]
1bfd34056c[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=64
embedded dns trace
trace

T:09:23:00 Win2K-f 58.71.45.90 (PLDT.NET):
IPG,
MANILA, MANILA, PH. (DSL) n/a :xx.nadnadzz.info
NL:xx.sqlteam.info
CA:xx.ka3ek.com
:idfc.info
NL:83.68.16.6:5190 135 pcap raw alerts
ruleset irc
http
333 lines Yeah : 1.3
profile none summary
tarball 41 of 41
29 of 41
32 of 38 1a55e9201c
NEW
39336e51eb
NEW
524bc0f75c
NEW 224d2a144d [0]
3f5ab71d39[0]
d3e9510bb3[0]
d3e9510bb3[0] none:none
none:none
none:none
PolyEnE|
Neolite|
PENinja S| none
none
none trace
trace
trace

T:09:26:00 WinXP 61.221.250.18 (HINET.NET):
CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:01:00 Win2K-f 118.231.25.86 (FETNET.NET):
FAR EASTONE TELECOMMUNICATION CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 37 of 41 0de139e319
NEW 4bb217a841 [0] none:none
none|none none trace

T:10:03:00 WinXP 114.48.27.55 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:10:00 Win2K-f 109.87.116.96 (JWS.COM):
EU-ZZ,
UK. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:10:22:00 Win2K-f 83.188.230.136 (TELE2.SE):
TELE2 INTERNET PROVIDER,
STOCKHOLM, STOCKHOLMS LAN, SE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 38 of 40 93dcd8587f
NEW e7124c9b61 [0] none:none
Stranik| none trace

T:10:23:00 Win2K-f 114.46.107.124 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 37 of 41 f6216c857c
NEW 9546f422db [0] none:none
none|none none trace

T:10:33:00 WinXP 189.120.122.157 (VIRTUA.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:10:34:00 WinXP 86.63.111.233 (COM.PL):
ASTA-NET CUSTOMERS,
WARSAW, WARSZAWA, PL. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:52:00 Win2K-f 95.90.227.137 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:10:53:00 WinXP 95.90.63.168 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 41 6d82d4f4e6
NEW 74e97a707d [0] none:none
Armadillo| none trace

T:11:02:00 Win2K-f 77.37.174.44 (NATIONALCABLENETWORKS.RU):
NKS BROADBAND CUSTOMERS,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:12:00 WinXP 78.59.44.97 (ZEBRA.LT):
LIETUVOS,
VILNIUS, VILNIAUS APSKRITIS, LT. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 39 of 41 2f64188858
NEW 274adb9564 [0] none:none
none|none none trace

T:11:16:00 Win2K-f 94.241.243.25 (KIROV.RU):
ADSL POOL KIROV,
RU. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:11:31:00 Win2K-f 88.134.198.18 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
TRIER, RHEINLAND-PFALZ, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 33 of 41 c3de5970ac
NEW d49804c883 [0] none:none
none|none none trace

T:11:40:00 WinXP 94.251.207.152 (-):
SERVERS STREAM COMMUNICATIONS,
PL. (DSL) n/a RU:m.DRD3H.COM 135 pcap raw alerts
ruleset irc
278 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:45:00 WinXP 95.135.58.157 (UKRTEL.NET):
UKRTELECOM,
KIEV, KYYIV, UA. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 36 of 41 cc04277ea8
NEW bac4cc6eec [0] none:none
Armadillo| none trace

T:11:48:00 Win2K-f 88.156.37.233 (VECTRANET.PL):
VECTRA S.A,
OLSZTYN, WARMINSKO-MAZURSKIE, PL. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:05:00 Win2K-f 85.180.1.82 (ALICEDSL.DE):
HANSENET-ADSL,
STUTTGART, BADEN-WÜRTTEMBERG, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:06:00 WinXP 4.177.18.73 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN DIEGO, CALIFORNIA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 37 of 41
36 of 40 47d3548e36
NEW
d8722af110
NEW ab13346633 [0]
ab30a55931[0]
ab30a55931[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:12:13:00 Win2K-f 61.218.193.250 (HINET.NET):
CHUNGHWA TELECOM CO. LTD. DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
80 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:12:18:00 WinXP 85.139.108.69 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PT. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 a48acac5f1
NEW 1d29e407ed [0] none:none
Armadillo| none trace

T:12:47:00 Win2K-f 91.64.199.100 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 9df38b39b5
NEW 41dad39abd [0] none:none
Armadillo| none trace

T:12:57:00 WinXP 77.23.116.192 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 6ef8b58d3a
NEW 829216a8e8 [0] none:none
Armadillo| none trace

T:13:05:00 Win2K-f 151.33.132.17 (33-151.IOL.IT):
ITALIA ONLINE S.P.A,
MILANO, LOMBARDIA, IT. (DIAL) 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 38 of 41 2ee45e8ca3
NEW 13948a04cd [0] none:none
none|none none trace

T:13:05:00 WinXP 24.167.175.193 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WINSTON SALEM, NORTH CAROLINA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:13:10:00 Win2K-f 89.109.39.188 (MTS-NN.RU):
NETWORK FOR OJSC VOLGATELECOM,
NIZHNIY NOVGOROD, NIZHEGOROD, RU. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:13:16:00 WinXP 24.109.202.78 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
THUNDER BAY, ONTARIO, CA. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 38 of 41 7f876aa59f
NEW beb0ec87db [0] none:none
Armadillo| none trace

T:13:19:00 WinXP 62.162.165.244 (-):
MOBI IP SUBNET,
SKOPJE, KARPOS, MK. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 4ceccaec21
NEW 6ffedb8be7 [0] none:none
PolyEnE| none trace

T:13:39:00 Win2K-f 77.22.93.126 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 39 of 41 d319897103
NEW 602d2a14de [0] none:none
none|none none trace

T:13:39:00 Win2K-f 78.231.140.188 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 d3db2a09c9
NEW a1c6976e2e [0] none:none
Armadillo| none trace

T:13:57:00 WinXP 94.21.51.44 (DIGIKABEL.HU):
EGYESULT MAGYAR KABELTELEVIZIO LTD,
BUDAPEST, BUDAPEST, HU. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:17:00 Win2K-f 95.89.242.123 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. (DSL) 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 39 of 41 2f738d197c
NEW ad852b9102 [0] none:none
none|none none trace

T:14:18:00 Win2K-f 118.171.127.233 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
23 lines Yeah : 0.8
profile none summary
tarball 33 of 41 de37f2fc47
NEW bac4cc6eec [0] none:none
Armadillo| none trace

T:14:19:00 WinXP 78.226.242.164 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 39 of 41 6f495c833b
NEW ffd498f313 [0] none:none
none|none none trace

T:14:27:00 WinXP 78.8.93.133 (NET.PL):
DYNAMIC BROADBAND SERVICES,
WARSAW, WARSZAWA, PL. (DIAL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:46:00 Win2K-f 173.22.146.125 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
SPRINGFIELD, MISSOURI, US. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 38 of 41 6a82948d13
NEW 52173cbdf0 [0] none:none
none|none none trace

T:14:49:00 WinXP 118.231.83.2 (FETNET.NET):
FAR EASTONE TELECOMMUNICATION CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 40 74b3d149e8
NEW cef0fa2981 [0] none:none
PolyEnE| none trace

T:14:50:00 Win2K-f 91.66.20.66 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
CUXHAVEN, NIEDERSACHSEN, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 39 of 41 74d54b3e54
NEW 5920ae3ab5 [0] none:none
none|none none trace

T:14:57:00 WinXP 85.178.155.90 (ALICEDSL.DE):
HANSENET-ADSL,
BERLIN, BERLIN, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
51 lines Yeah : 1.3
profile none summary
tarball 39 of 41 e8fb3d3f27
NEW 6a50a661d6 [0] none:none
none|none none trace

T:15:17:00 WinXP 89.244.242.100 (VERSANET.DE):
VERSATEL DEUTSCHLAND,
MARL, NORDRHEIN-WESTFALEN, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:15:17:00 WinXP 95.91.55.13 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 40 of 41 e3e1b1d23a
NEW 79454c708c [0] none:none
none|none none trace

T:15:20:00 Win2K-f 94.21.116.174 (DIGIKABEL.HU):
EGYESULT MAGYAR KABELTELEVIZIO LTD,
BUDAPEST, BUDAPEST, HU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 40 of 41 b3e6830587
NEW b077d5e361 [0] none:none
none|none none trace

T:15:31:00 WinXP 91.67.66.120 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BAYREUTH, BAYERN, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 39 of 41 bd2ec6b8c1
NEW 17c0af6497 [0] none:none
none|none none trace

T:15:35:00 WinXP 94.219.15.226 (ARCOR-IP.NET):
ARCOR-DSL-NET,
DORTMUND, NORDRHEIN-WESTFALEN, DE. (DSL) n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:40:00 WinXP 62.169.116.196 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
LISBON, LISBOA, PT. (DSL) n/a US:www.altavista.com
US:www.yahoo.com
:jbeegvia.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
NEW none [3] none:none
tElock| none trace

T:15:41:00 WinXP 81.84.221.81 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
BRAGA, BRAGA, PT. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:54:00 Win2K-f 114.48.47.63 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 39 of 41 9712801d52
NEW eef52d5849 [0] none:none
none|none none trace

T:16:04:00 Win2K-f 189.46.242.207 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:37:00 WinXP 189.75.239.67 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
PORTO ALEGRE, RIO GRANDE DO SUL, BR. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 1.3
profile none summary
tarball 38 of 41 3cdb79c3bd
NEW 39a2313285 [0] none:none
none|none none trace

T:16:47:00 Win2K-f 77.22.98.102 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 39 of 41 ff0524f0f7
NEW dfa3c19d32 [0] none:none
none|none none trace

T:16:59:00 Win2K-f 78.227.84.234 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. (DSL) 66.252.13.214:2081 CN:irc.zief.pl
US:s.unicat.org
CN:dl.guarddog2009.com
CN:www.brans.pl
CN:gidromash.cn
CN:ottopay.cn
CN:218.93.205.30:80 445 pcap raw alerts
ruleset ftp
irc
http
197 lines Yeah : 1.3
profile none summary
tarball 7 of 41
23 of 41
35 of 41
7 of 41
15 of 41 18dfbbc85b
NEW
5d721a4dee
NEW
a09a3cb82f
NEW
c7830331fc
NEW
deca0a71d7
NEW 4f6fcecea3 [0]
6afc8cafab[0]
c7fb6cde5f[0]
7953649664[0]
6e7c1a39e4[0]
6e7c1a39e4[0] none:none
none:none
none:none
none:none
none:none
UPX|
UPX|
tElock|
tElock|
tElock| none
none
none
none
none trace
trace
trace
trace
trace

T:17:00:00 WinXP 122.118.166.239 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:17:15:00 Win2K-f 114.36.214.143 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 35 of 41 aab88c1c51
NEW cf93cc0212 [0] none:none
none|none none trace

T:17:38:00 WinXP 98.134.63.245 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - ATLANTA,
VALDOSTA, GEORGIA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
1005 lines Yeah : 1.3
profile none summary
tarball 29 of 41 f57c15d770
NEW 7583fe4738 [0] none:none
Armadillo| none trace

T:17:47:00 WinXP 59.116.195.183 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
57 lines Yeah : 1.3
profile none summary
tarball 39 of 41 7bdda5ea98
NEW 123bc54df7 [0] none:none
none|none none trace

T:17:53:00 Win2K-f 220.131.68.36 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 34 of 39 f4b8e2c149
NEW 42a8943248 [0] none:none
none|none none trace

T:17:56:00 Win2K-f 119.234.148.72 (-):
SINGTEL MOBILE,
SINGAPORE, SINGAPORE, SG. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 38 of 41 bfbd0e65c4
NEW 69821b8c4d [0] none:none
none|none none trace

T:18:04:00 WinXP 173.19.210.223 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
IOWA CITY, IOWA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
39 of 41 10759405e0
NEW
d08e00dfaf
NEW 292d343248 [0]
854c49d8c4[0]
854c49d8c4[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:18:17:00 WinXP 190.50.151.120 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:18:18:00 WinXP 114.46.160.214 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
51 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:18:31:00 WinXP 124.106.241.105 (-):
MGOC7300I05_CONSUMER,
MANILA, MANILA, PH. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:32:00 Win2K-f 220.141.128.253 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:18:50:00 Win2K-f 220.136.40.121 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 1.3
profile none summary
tarball 37 of 41 c9f65ef422
NEW 7c95df9a67 [0] none:none
none|none none trace

T:18:52:00 Win2K-f 114.47.47.155 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 1.3
profile none summary
tarball 37 of 41 ab31b15184
NEW 9b0ca71492 [0] none:none
none|none none trace

T:19:08:00 WinXP 122.127.112.253 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:19:22:00 WinXP 85.178.91.201 (ALICEDSL.DE):
HANSENET-ADSL,
BERLIN, BERLIN, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.3
profile none summary
tarball 39 of 41 660e56b04a
NEW 64d4770123 [0] none:none
none|none none trace

T:19:30:00 WinXP 119.234.138.160 (-):
SINGTEL MOBILE,
SINGAPORE, SINGAPORE, SG. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.3
profile none summary
tarball 38 of 41 8b78975d2e
NEW 8b58345106 [0] none:none
none|none none trace

T:19:40:00 WinXP 115.165.82.15 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
KAWASAKI, KANAGAWA, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none [0] none:none
none|none lines=61 trace

T:19:55:00 Win2K-f 114.43.124.250 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:20:12:00 Win2K-f 122.120.218.59 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 1.3
profile none summary
tarball 39 of 41 d51095c06b
NEW 3efbcd2f0c [0] none:none
none|none none trace

T:20:18:00 WinXP 4.87.100.162 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
TAVARES, FLORIDA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:20:58:00 WinXP 114.36.214.143 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.3
profile none summary
tarball 35 of 41 aab88c1c51
NEW cf93cc0212 [0] none:none
none|none none trace

T:21:07:00 Win2K-f 114.27.213.133 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:22:34:00 WinXP 71.102.147.35 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LOMPOC, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 39
35 of 39 4cbbc9cdc3
NEW
86d4950962
NEW 9b1bced683 [0]
c78e30261c[0]
c78e30261c[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:22:42:00 WinXP 91.67.98.166 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
LANDAU, RHEINLAND-PFALZ, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org
US:www.1440wrok.com
DE:www.mar-y-sol.com
US:xposeegypt.com
:www.exposeegypt.com
:booksfolder.net
US:yucelcavdar.com
US:mailin-04.mx.aol.com
US:66.252.13.214:2081
US:72.232.11.26:80 445 pcap raw alerts
ruleset ftp
irc
http
55 lines Yeah : 1.3
profile none summary
tarball 34 of 41 ccf304416b
NEW 9b5a631087 [0] none:none
none|none none trace

T:22:51:00 WinXP 114.41.196.28 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
36 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:23:12:00 Win2K-f 218.219.159.10 (EDIT.NE.JP):
STUDIO ARKS CO LTD,
TOKYO, TOKYO, JP. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
NEW
53bfe15e91
NEW none[0]
1473091351[0]
1473091351[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=75
embedded dns trace
trace

T:23:38:00 WinXP 87.205.76.251 (INETIA.PL):
INTERNETIA,
BYDGOSZCZ, KUJAWSKO-POMORSKIE, PL. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 41 ed96c03ca8
NEW c0028e9e98 [0] none:none
PolyEnE| none trace

23:44:00 WinXP 87.205.76.251 (INETIA.PL):
INTERNETIA,
BYDGOSZCZ, KUJAWSKO-POMORSKIE, PL. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 41 ed96c03ca8
NEW c0028e9e98 [0] none:none
PolyEnE| none trace