Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

12 June 2008
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
01:19:00 Win2K-f 68.146.1.19 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a  
FI:194.215.38.3:80
EE:62.65.192.24:80 		135 pcap raw alerts
ruleset 		other
9 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
01:19:00 WinXP 81.152.18.104 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:409 hits: 12-31 to 06-10] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
T:01:52:00 Win2K-f 69.232.233.112 (PACBELL.NET):
PPPOX POOL - BRAS12 PLTN,
OAKLAND, CALIFORNIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:02:02:00 WinXP 41.214.131.163 (-):
. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
[Firefox:288 hits: 05-01 to 06-11] 		af9ca5bed1 [0] ASM:Graph
 PolyEnE| lines=54 trace
T:02:12:00 Win2K-f 68.146.137.85 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a :proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset 		other
277 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 32 f876e5082a
NEW 		none[4] none:none
 PolyEnE| none trace
02:28:00 WinXP 210.199.90.189 (FLETS-I-AS-EAST-1-10.DSN.JP):
DS NETWORKS CO,
JP. 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
02:38:00 Win2K-f 69.109.153.49 (PACBELL.NET):
AT&T INTERNET SERVICES,
SAN DIEGO, CALIFORNIA, US. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
02:44:00 WinXP 221.139.177.101 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
03:01:00 WinXP 123.254.1.23 (PIKARA.NE.JP):
STNET INCORPORATED,
TAKAMATSU, KAGAWA, JP. 		n/a US:mx1.hotmail.com
US:mailin-01.mx.aol.com
BE:ftp.scarlet.be
US:yutunrz.1dumb.com
US:mailin-02.mx.aol.com
SE:ftp.icq.com
:http.icq.com.edgesuite.net
US:ftp.newaol.com
:wpad
BE:193.74.22.160:80 		445 pcap raw alerts
ruleset 		shell
ftp
http
http
http
http
175 lines 		Yeah : 0.8
profile 		none summary
tarball 		1 of 32
30 of 32
1 of 32		 a704816aaa
NEW
b7b3903437
NEW
c2b860f940
NEW 		a704816aaa [1]
none [4]
c2b860f940[1] 		ASM:Graph
none:none
ASM:Graph
 Free|
none|none
Free| 		lines=280
none
lines=280 		trace
trace
trace
T:03:49:00 WinXP 75.33.114.78 (-):
DHCP STLSMO RBACK,
ST. LOUIS, MISSOURI, US. 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:03:50:00 WinXP 222.235.228.85 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a   135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:29:00 Win2K-f 24.108.147.154 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:05:19:00 WinXP 203.134.35.7 (IPRIMUS.NET.AU):
PRIMUS TELECOMMUNICATIONS,
SYDNEY, NEW SOUTH WALES, AU. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1327 hits: 12-31 to 06-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
05:19:00 WinXP 203.134.35.7 (IPRIMUS.NET.AU):
PRIMUS TELECOMMUNICATIONS,
SYDNEY, NEW SOUTH WALES, AU. 		n/a RU:moscow-advokat.ru
:lulea.se.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:qis.md.us.dal.net
RU:194.6.222.11:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1327 hits: 12-31 to 06-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
05:31:00 WinXP 79.130.233.66 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:633 hits: 07-11 to 06-11] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
06:32:00 WinXP 119.94.26.252 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:06:54:00 Win2K-f 198.108.200.109 (MICH.NET):
UNIVERSITY OF MICHIGAN BIOLOGICAL RESEARCH STATION,
PELLSTON, MICHIGAN, US. 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:06:57:00 WinXP 125.101.83.144 (UCOM.NE.JP):
G-KG0008N,
JP. (100Mbps) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 32 161e73cdfc
[Firefox: 2 hits: 05-13 to 06-01] 		none[4] none:none
 none|none none trace
T:08:00:00 Win2K-f 4.158.183.94 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
08:01:00 Win2K-f 4.158.183.94 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
08:18:00 Win2K-f 122.53.202.164 (PLDT.NET):
IPG,
PH. 		n/a  
FI:194.215.38.3:80
EE:62.65.192.24:80 		135 pcap raw alerts
ruleset 		other
99 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
08:58:00 Win2K-f 41.248.244.17 (IAM.NET.MA):
AFRINIC,
MA. 		84.244.5.183:2345 66.29.25.194:80 US:wow.blackirc.us
SE:tap.radioprishtina.net 		445 pcap raw alerts
ruleset 		http
irc
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		4 of 32
2 of 33		 7c11ae757a
NEW
e319e121f0
NEW 		none[4]
e319e121f0[1] 		none:none
ASM:Graph
 none|none
none|none 		none
lines=21 		trace
trace
T:09:21:00 Win2K-f 61.221.128.181 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:09:40:00 WinXP 118.1.237.252 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:29 hits: 09-28 to 06-11] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
10:24:00 WinXP 211.59.72.105 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:11:02:00 Win2K-f 202.88.238.21 (ASIANET.CO.IN):
ASIANET IS A ISP PROVIDING ACCESS THROUGH CABLE,
TRIVANDRUM, KERALA, IN. 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:11:18:00 Win2K-f 71.160.153.141 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:25:00 WinXP 75.177.18.138 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GREENSBORO, NORTH CAROLINA, US. 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1327 hits: 12-31 to 06-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
11:25:00 WinXP 85.228.203.210 (BREDBANDSBOLAGET.SE):
BB-BISP-DSL10-SBB10-MLM,
SE. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		30 of 32 a8aa255ece
[Firefox: 2 hits: 05-29 to 06-10] 		none[4] none:none
 PolyEnE| none trace
T:11:31:00 Win2K-f 24.67.86.5 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:35:00 Win2K-f 69.132.28.82 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
11:42:00 WinXP 86.143.118.226 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 cce9566ceb
NEW 		none[4] none:none
 PolyEnE| none trace
11:49:00 WinXP 79.138.243.130 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a DE:siliconfireware.ru
RU:www.bbin.ru
RU:www.binbank.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
21 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1045 hits: 05-01 to 06-11] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
12:00:00 Win2K-f 70.136.20.76 (SBCGLOBAL.NET):
PPPOX POOL RBACK4.BUMTTX,
BEAUMONT, TEXAS, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
12:03:00 WinXP 202.87.103.5 (FASCOM.COM):
FASCOM NETWORK SERVICES LIMITED,
KARACHI, SINDH, PK. 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:12:05:00 WinXP 4.228.114.242 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LITTLETON, COLORADO, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
4 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:12:07:00 WinXP 206.169.142.11 (-):
TIME WARNER TELECOM INC,
ZIHUATANEJO, GUERRERO, MX. 		n/a   135 pcap raw alerts
ruleset 		other
276 lines 		Yeah : 0.8
profile 		none summary
tarball 		28 of 32 2821d565fd
NEW 		none[4] none:none
 PolyEnE| none trace
T:13:06:00 WinXP 88.167.138.18 (PROXAD.NET):
PROXAD / FREE SAS,
FR. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 741e3b03b3
[Firefox:29 hits: 09-28 to 06-11] 		e0197e8a64 [0] ASM:Graph
 none|none lines=62 trace
13:26:00 WinXP 82.24.38.48 (NTL.COM):
NTL INFRASTRUCTURE - BAGULEY,
LONDON, ENGLAND, UK. (DSL) 		n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
[Firefox:1327 hits: 12-31 to 06-11] 		1aad8e4632 [0] ASM:Graph
 PolyEnE| lines=93
embedded dns 		trace
T:13:29:00 Win2K-f 92.40.45.161 (IKBCC.COM):
EU-ZZ,
UK. 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
14:16:00 Win2K-f 66.124.172.157 (PACBELL.NET):
LIFE CARE PHARMACY,
SAN FRANCISCO, CALIFORNIA, US. (DSL) 		n/a DE:d.vncsvr.net 135 pcap raw alerts
ruleset 		irc
250 lines 		Yeah : 1.3
profile 		none summary
tarball 		27 of 32 ad8c469d62
NEW 		ad8c469d62 [1] ASM:Graph
 StarForce| lines=2 trace
T:14:32:00 Win2K-f 203.91.164.14 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
15:03:00 WinXP 4.225.211.147 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LOVELAND, COLORADO, US. (DIAL) 		n/a DE:siliconfireware.ru
GB:new.egg.com
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
25 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
15:16:00 WinXP 204.111.193.168 (SHENTEL.NET):
SHENTEL SERVICE COMPANY,
US. 		n/a UA:citi-bank.ru
EU:kidos-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 af35b68f1e
[Firefox:68 hits: 06-10 to 04-05] 		710024fee8 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:15:17:00 WinXP 204.111.193.168 (SHENTEL.NET):
SHENTEL SERVICE COMPANY,
US. 		n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 af35b68f1e
[Firefox:68 hits: 06-10 to 04-05] 		710024fee8 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:30:00 Win2K-f 71.148.35.37 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
15:45:00 WinXP 118.240.116.67 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 831f4ee0a7
[Firefox:633 hits: 07-11 to 06-11] 		eb7546c600 [0] ASM:Graph
 none|none lines=61 trace
T:15:46:00 Win2K-f 218.30.119.245 (HICHINA.COM):
CHINANET IDC CENTER,
BEIJING, BEIJING, CN. 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:15:50:00 WinXP 99.129.103.254 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 1a2c0e6130
[Firefox:409 hits: 12-31 to 06-10] 		048df78048 [0] ASM:Graph
 none|none lines=61 trace
15:52:00 WinXP 70.182.164.83 (COX.NET):
COX COMMUNICATIONS,
FT. SMITH, ARKANSAS, US. 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
[Firefox:3045 hits: 12-31 to 06-11] 		7a70e1b592 [0] ASM:Graph
 PolyEnE| lines=68 trace
15:56:00 WinXP 77.241.142.254 (DATA.3.DK):
3 CUSTOMER DYNAMIC ADDRESS POOL,
DK. 		n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
SE:viking.dal.net
:lulea.se.eu.undernet.org
:caen.fr.eu.undernet.org
NL:diemen.nl.eu.undernet.org
SE:ced.dal.net
SE:vancouver.dal.net 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		30 of 32 d23978004f
NEW 		none[4] none:none
 PolyEnE| none trace
T:16:08:00 Win2K-f 67.76.247.16 (EMBARQHSD.NET):
EMBARQ CORPORATION,
US. 		n/a   135 pcap raw alerts
ruleset 		other
1004 lines 		Yeah : 0.8
profile 		none summary
tarball 		12 of 32 f60713d183
NEW 		none[3] none:none
 none|none none trace
16:16:00 Win2K-f 4.159.254.237 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CLEVELAND, OHIO, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:16:36:00 Win2K-f 61.37.147.200 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
16:42:00 WinXP 72.184.12.99 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HUDSON, FLORIDA, US. 		n/a EU:siliconfireware.ru
RU:www.bbin.ru
:wpad
US:searchportal.information.com
US:sprw.information.com
US:spi.domainsponsor.com
RU:195.200.213.52:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
8 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1045 hits: 05-01 to 06-11] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
16:53:00 WinXP 64.192.64.16 (WCG.NET):
LIGHTCORE A CENTURYTELCOMPANY,
NASHUA, NEW HAMPSHIRE, US. 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
17:04:00 WinXP 75.136.136.72 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
17:09:00 Win2K-f 70.183.235.227 (COX.NET):
COX COMMUNICATIONS,
PENSACOLA, FLORIDA, US. 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:17:18:00 Win2K-f 220.229.77.247 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:18:23:00 Win2K-f 61.222.240.150 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. 		n/a   135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:18:29:00 Win2K-f 4.139.126.236 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PITTSBURGH, PENNSYLVANIA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:19:41:00 WinXP 81.215.216.141 (TTNET.NET.TR):
ADSL-MET-GAYRETTEPE-STATIC POOL,
ISTANBUL, ISTANBUL, TR. (DSL) 		n/a UA:citi-bank.ru
UA:194.54.90.246:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 1e5df7ba74
[Firefox:22 hits: 03-24 to 06-09] 		a5331b711f [0] ASM:Graph
 PolyEnE| lines=68 trace
T:20:58:00 Win2K-f 67.122.145.69 (PACBELL.NET):
MEXICAN CONSULATE GENL,
PLANO, TEXAS, US. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:21:41:00 WinXP 72.184.12.99 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HUDSON, FLORIDA, US. 		n/a DE:siliconfireware.ru
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
[Firefox:1045 hits: 05-01 to 06-11] 		40f7f463c4 [0] ASM:Graph
 ASPack| lines=281
embedded dns 		trace
T:21:54:00 Win2K-f 64.80.40.175 (FLARE.NET):
FLARE NET INC,
ROCHESTER, NEW YORK, US. 		n/a   135 pcap raw alerts
ruleset 		other
107 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:23:03:00 WinXP 62.121.122.189 (WAW.PL):
OTN GOCLAW IP ASSIGNMENT,
WARSAW, MAZOWIECKIE, PL. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:284 hits: 03-31 to 06-06] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:23:03:00 Win2K-f 89.169.147.105 (-):
MOSINFOLINE,
MOSCOW, MOSKVA, RU. 		69.42.216.90:9890 :f.unicat.org
US:www.powow.com 		445 pcap raw alerts
ruleset 		ftp
irc
http
39 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31
23 of 32		 e8d4d8cde1
[Firefox:284 hits: 03-31 to 06-06]
e9347478d6
NEW 		fda109a6fd [0]
e9347478d6[1] 		ASM:Graph
ASM:Graph
 ASProtect|
ASPack| 		lines=583
embedded dns
lines=3 		trace
trace
T:23:04:00 WinXP 91.67.182.165 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:23:06:00 Win2K-f 92.49.138.157 (IKBCC.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:23:07:00 Win2K-f 78.96.110.44 (ASTRAL.RO):
ASTRAL TELECOM SA,
RO. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:284 hits: 03-31 to 06-06] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:23:13:00 WinXP 203.217.123.6 (TCOL.COM.TW):
MONAD DIGITNAMIC CORP,
BEIJING, BEIJING, CN. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:284 hits: 03-31 to 06-06] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:23:23:00 WinXP 89.218.25.47 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:23:24:00 Win2K-f 62.248.24.71 (KABLONET.COM.TR):
CABLE OPERATOR NETWORK OF TURK TELEKOM,
GAZIANTEP, GAZIANTEP, TR. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:23:25:00 Win2K-f 86.106.49.159 (UPCNET.RO):
SC UPC ROMANIA SA,
CLUJ-NAPOCA, CLUJ, RO. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:23:29:00 Win2K-f 125.91.193.183 (163DATA.COM.CN):
CHINANET GUANGDONG PROVINCE NETWORK,
GUANGZHOU, GUANGDONG, CN. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:23:31:00 Win2K-f 86.107.32.133 (SMANET.RO):
JUMP NETWORK SERVICES S.R.L,
RO. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:284 hits: 03-31 to 06-06] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace
T:23:58:00 Win2K-f 41.220.16.114 (TELONE.CO.ZW):
AFRINIC,
ZW. 		69.42.216.90:9890 :f.unicat.org
69.42.216.90:9890 		445 pcap raw alerts
ruleset 		ftp
19 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 31 e8d4d8cde1
[Firefox:284 hits: 03-31 to 06-06] 		fda109a6fd [0] ASM:Graph
 ASProtect| lines=583
embedded dns 		trace