Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

PUBLIC PAGE

<Click here: to download BotHunter>

29 September 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:01:53:00 WinXP 89.204.194.108 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
DUBLIN, DUBLIN, IE. (DSL) 213.219.245.212:80 218.93.205.30:65520 CN:proxim.ircgalaxy.pl
RU:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a0012f058f
NEW 45322bf0ee [0] none:none
PolyEnE| none trace

T:01:54:00 WinXP 91.58.207.49 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DORTMUND, NORDRHEIN-WESTFALEN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 36 25bc0db7e3
NEW d172b5e90c [0] none:none
FASM| none trace

T:03:12:00 Win2K-f 61.98.95.163 (SONICANT.CO.KR):
THRUNET CO. LTD,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 218.93.205.30:65520 US:microsoft.com
EU:proxima.ircgalaxy.pl
:www.petdoso.com
CN:dl.guarddog2009.com
:nenastiya.cn
174.36.176.242:81
CN:218.93.205.30:65520
EU:91.212.220.75:65520 135 pcap raw alerts
ruleset irc
http
http
http
http
418 lines Yeah : 1.8
profile none summary
tarball 31 of 33
2 of 41
23 of 41
31 of 33
8 of 40 168aab35a3
NEW
428d526489
NEW
5d721a4dee
NEW
667f0c59f3
NEW
8a1e8a7516
NEW 60b730b97e [0]
none [4]
6afc8cafab[0]
8fe2be2095[0]
8d4d653047[0]
8d4d653047[0] ASM:Graph
none:none
none:none
ASM:Graph
none:none
tElock|
PEQuake|
UPX|
Armadillo|
pex| lines=120
embedded dns
none
none
lines=91
none trace
trace
trace
trace
trace

T:03:33:00 Win2K-f 95.28.186.113 (CORBINA.RU):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (100Mbps) 91.212.220.75:65520 EU:proxima.ircgalaxy.pl
CN:dl.guarddog2009.com 445 pcap raw alerts
ruleset irc
http
13 lines Yeah : 0.8
profile none summary
tarball 23 of 41 5d721a4dee
NEW 6afc8cafab [0] none:none
UPX| none trace

T:03:46:00 Win2K-f 66.66.248.184 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WATERLOO, NEW YORK, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

T:04:24:00 Win2K-f 24.48.140.118 (USA2NET.NET):
FLORIDA CABLE INC,
US. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:05:31:00 Win2K-f 113.252.241.214 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:05:48:00 Win2K-f 4.179.46.142 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ARLINGTON, WASHINGTON, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

06:39:00 WinXP 98.101.106.156 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none [0] none:none
PolyEnE| lines=68 trace

T:08:13:00 Win2K-f 190.51.18.59 (COM.AR):
TELEFONICA DE ARGENTINA,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:08:13:00 WinXP 186.9.95.60 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
32 lines Yeah : 1.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:08:15:00 WinXP 186.83.61.208 (CABLE.NET.CO):
TV CABLE S.A,
SANTAFé DE BOGOTá, DISTRITO ESPECIAL, CO. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:08:16:00 Win2K-f 190.220.90.92 (NET.AR):
TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A,
LA PLATA, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:08:17:00 WinXP 201.231.42.71 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:08:25:00 WinXP 190.228.122.24 (NET.AR):
TELECOM-CEB,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
38 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:08:33:00 WinXP 213.182.227.172 (KUFSTEIN.AT):
ADRRESS POOL HEADEND CUSTOMERS,
WöRGL, TIROL, AT. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net
:www.hotlinkfiles.com 445 pcap raw alerts
ruleset ftp
irc
45 lines Yeah : 1.3
profile none summary
tarball 8 of 40 b9c3f7747b
NEW 804cff045b [0] none:none
StarForce| none trace

T:08:34:00 Win2K-f 190.97.157.208 (-):
INGELCOM LTDA,
CO. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

08:36:00 WinXP 186.137.71.40 (COM.AR):
CABLEVISION S.A,
AR. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:08:45:00 WinXP 190.0.85.245 (ASTER.COM.DO):
ASTER,
SANTO DOMINGO, DISTRITO NACIONAL, DO. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net
:www.hotlinkfiles.com 445 pcap raw alerts
ruleset ftp
irc
52 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:08:50:00 Win2K-f 190.12.111.134 (COM.AR):
CPS,
AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:08:50:00 WinXP 190.18.107.34 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net
:www.hotlinkfiles.com 445 pcap raw alerts
ruleset ftp
irc
39 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:08:51:00 WinXP 190.105.11.193 (NET.AR):
VER TV S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net
:www.hotlinkfiles.com 445 pcap raw alerts
ruleset ftp
irc
http
936 lines Yeah : 1.3
profile none summary
tarball 14 of 41
11 of 41 42138c1ffe
NEW
e6ac88b320
NEW 7aff15c709 [0]
804cff045b[0]
804cff045b[0] none:none
none:none
FSG|
StarForce| none
none trace
trace

T:08:58:00 Win2K-f 190.17.11.212 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:09:00:00 WinXP 89.179.42.152 (CORBINA.RU):
BROADBAND CUSTOMERS IN YAROSLAVL,
MOSCOW, MOSCOW CITY, RU. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:09:06:00 WinXP 190.18.105.94 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:10:05:00 Win2K-f 69.193.76.134 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:24:00 Win2K-f 190.246.172.162 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 34 of 40 e1640acd3c
NEW c8cea28d36 [0] none:none
Free| none trace

T:10:40:00 WinXP 216.19.43.153 (COMMSPEED.NET):
COMMSPEED ARIZONA LLC,
CAMP VERDE, ARIZONA, US. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
NEW 473c6454ce [0] ASM:Graph
PolyEnE| lines=68 trace

T:11:17:00 WinXP 71.189.119.92 (-):
LINDA LIU,
ONTARIO, CALIFORNIA, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:11:42:00 WinXP 114.48.183.84 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 218.93.205.30:65520 CN:proxim.ircgalaxy.pl
US:mx1.hotmail.com
US:mailin-02.mx.aol.com
SE:ftp.icq.com
US:yutunrz.1dumb.com
US:mailin-03.mx.aol.com
US:http.icq.com.edgesuite.net
:www.petdoso.com
:moscow-advokat.ru
174.36.176.242:81 445 pcap raw alerts
ruleset http
irc
http
31 lines Yeah : 1.3
profile none summary
tarball 40 of 41
2 of 41 123536adc4
NEW
428d526489
NEW 99c602e1a5 [0]
none [4] none:none
none:none
none|none
PEQuake| none
none trace
trace

T:13:16:00 WinXP 213.191.229.96 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
DUBLIN, DUBLIN, IE. (DSL) 213.219.245.212:80 91.212.220.75:65520 CN:proxim.ircgalaxy.pl
RU:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9bb68450cd
NEW c2d5ac2315 [0] ASM:Graph
PolyEnE| lines=73
embedded dns trace

T:13:21:00 Win2K-f 24.234.225.254 (COX.NET):
COX COMMUNICATIONS INC,
LAS VEGAS, NEVADA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 40 0f9c3a11c8
NEW
5716a0c0c7
NEW bac81c8c80 [0]
3942ab990f[0]
3942ab990f[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:15:26:00 Win2K-f 190.245.158.237 (COM.AR):
CABLEVISION S.A,
NEUQUEN, NEUQUEN, AR. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:15:26:00 WinXP 190.137.140.187 (NET.AR):
COOP. DE PROVISIN DE SERVICIOS DE GOB. CASTRO,
AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:28:00 WinXP 190.220.236.36 (TECHTELNET.NET):
TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A,
AR. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:15:29:00 WinXP 119.154.44.23 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 40 b9c3f7747b
NEW 804cff045b [0] none:none
StarForce| none trace

T:15:41:00 Win2K-f 190.19.16.18 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:15:42:00 WinXP 77.37.176.60 (NATIONALCABLENETWORKS.RU):
NKS BROADBAND CUSTOMERS,
MOSCOW, MOSCOW CITY, RU. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:15:43:00 Win2K-f 190.19.96.31 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

15:51:00 Win2K-f 200.127.222.76 (NET.AR):
PRIMA S.A,
AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:15:53:00 WinXP 201.235.205.62 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:15:54:00 WinXP 201.236.224.196 (-):
EMPRESA DE TELECOMUNICACIONES DE PEREIRA S.A. E.S.P,
CO. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:15:58:00 WinXP 186.87.255.209 (HOODPACKAGING.COM):
TV CABLE S.A,
CO. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:16:03:00 Win2K-f 190.105.15.104 (NET.AR):
VER TV S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 40 d458ab9882
NEW fe51b8774a [0] none:none
StarForce| none trace

T:16:08:00 Win2K-f 190.245.152.101 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:16:18:00 WinXP 85.136.182.24 (ONO.COM):
CABLEMODEM-AUNA-ZONA-SUR,
SEVILLA, ANDALUCIA, ES. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:16:23:00 WinXP 190.97.150.185 (-):
INGELCOM LTDA,
CO. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:16:28:00 Win2K-f 190.246.46.49 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:16:38:00 WinXP 190.55.157.198 (200.IN-ADDR.ARPA):
TELECENTRO S.A. - CLIENTES RESIDENCIALES,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:16:40:00 WinXP 190.208.99.126 (-):
TELMEX CHILE S.A HFC,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:16:43:00 Win2K-f 87.217.13.81 (DYNAMIC.JAZZTEL.ES):
JAZZTEL TRIPLE PLAY SERVICES,
MADRID, MADRID, ES. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:16:48:00 WinXP 190.189.43.142 (NET.AR):
PRIMA S.A,
LA PLATA, BUENOS AIRES, AR. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:16:51:00 Win2K-f 186.58.143.25 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 8 of 40 b9c3f7747b
NEW 804cff045b [0] none:none
StarForce| none trace

T:16:53:00 WinXP 190.255.73.66 (TELEFONICA.NET.CO):
COLOMBIA TELECOMUNICACIONES S.A. ESP,
SANTAFé DE BOGOTá, DISTRITO ESPECIAL, CO. (DSL) 78.155.216.238:6900 EU:dood.l1qu1d.net 445 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 1.3
profile none summary
tarball 11 of 40 8b9b0a8973
NEW fe51b8774a [0] none:none
StarForce| none trace

T:17:13:00 WinXP 24.232.80.211 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (100Mbps) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:17:21:00 Win2K-f 201.235.64.241 (COM.AR):
CABLEVISION S.A,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:17:23:00 WinXP 82.239.134.28 (PROXAD.NET):
PROXAD / FREE SAS,
MARSEILLE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 41 6c04dae8a3
NEW 1238a6cdd8 [0] none:none
StarForce| none trace

T:17:45:00 Win2K-f 190.103.194.103 (COM.AR):
COOPERATIVA ELECTRICA DE TORNQUIST LTDA,
AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:18:25:00 Win2K-f 118.219.33.127 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 91.212.220.75:65520 US:microsoft.com
CN:proxima.ircgalaxy.pl 135 pcap raw alerts
ruleset irc
99 lines Yeah : 1.8
profile none summary
tarball 31 of 33
31 of 33 168aab35a3
NEW
667f0c59f3
NEW 60b730b97e [0]
8fe2be2095[0]
8fe2be2095[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=120
embedded dns
lines=91 trace
trace

18:27:00 Win2K-f 218.63.82.9 (163DATA.COM.CN):
CHINANET YUNNAN PROVINCE NETWORK,
BEIJING, BEIJING, CN. (DIAL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

19:05:00 WinXP 186.18.18.202 (186.IN-ADDR.ARPA):
TELECENTRO S.A. - CLIENTES RESIDENCIALES,
BUENOS AIRES, BUENOS AIRES, AR. (DSL) n/a EU:dood.l1qu1d.net
EU:78.155.216.238:6900 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 40 8b9b0a8973
NEW fe51b8774a [0] none:none
StarForce| none trace

20:14:00 Win2K-f 190.220.108.99 (NET.AR):
TECHTEL LMDS COMUNICACIONES INTERACTIVAS S.A,
AR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 11 of 41 e6ac88b320
NEW 804cff045b [0] none:none
StarForce| none trace

T:20:16:00 Win2K-f 211.200.19.249 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 91.212.220.75:65520 US:microsoft.com
CN:proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset irc
235 lines Yeah : 1.8
profile none summary
tarball 40 of 41
38 of 40 378128c750
NEW
a9f03d27e7
NEW 27178aede3 [0]
26be789cd1[0]
26be789cd1[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:21:46:00 WinXP 4.240.36.107 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PRESCOTT VALLEY, ARIZONA, US. (DIAL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 3b8b96d0db
NEW 066792f4a4 [0] none:none
PolyEnE| none trace