Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

20 June 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:32:00 Win2K-f 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
57ce4acac2
[Firefox:12 hits: 06-17 to 06-19]
b5919931fe
NEW none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

01:31:00 Win2K-f 218.210.225.206 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:64.62.216.10:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

01:39:00 WinXP 68.146.169.119 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1039 lines Yeah : 1.3
profile none summary
tarball none dd3f647f74
NEW none[3] none:none
PolyEnE| none trace

T:02:46:00 Win2K-f 4.232.69.16 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
FONTANA, CALIFORNIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

02:50:00 WinXP 219.116.255.155 (INFOWEB.NE.JP):
INFOWEB-CIDR-BLK,
TOKYO, TOKYO, JP. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:199.93.41.124:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball none
none 33575aa644
NEW
c7001e5413
NEW 33575aa644 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

02:56:00 Win2K-f 61.229.38.244 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2658 hits: 12-31 to 06-19] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

03:10:00 WinXP 93.156.48.58 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3066 hits: 12-31 to 06-19] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

03:11:00 WinXP 118.237.46.42 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball none 27b945de66
NEW none[4] none:none
none|none none trace

T:03:48:00 Win2K-f 125.225.17.52 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2658 hits: 12-31 to 06-19] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

03:56:00 Win2K-f 122.50.160.62 (EXATT.NET):
INTERNET SERVICE PROVIDER,
BHUBANESHWAR, ORISSA, IN. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

04:00:00 Win2K-f 211.58.220.94 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:199.93.44.124:80
US:206.33.45.125:80 135 pcap raw alerts
ruleset other
102 lines Yeah : 1.3
profile none summary
tarball 31 of 33
none 168aab35a3
[Firefox: 3 hits: 06-17 to 06-19]
61426996c3
NEW none[4]
61426996c3[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:04:54:00 Win2K-f 75.14.253.81 (-):
REFAT M HIJAZ DBA,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19]
b5919931fe
NEW none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:05:09:00 Win2K-f 118.169.201.210 (-):
. 217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
29 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2658 hits: 12-31 to 06-19] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

05:17:00 WinXP 125.203.124.163 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. (DSL) n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none e09933a21a
NEW none[4] none:none
PolyEnE| none trace

T:05:21:00 Win2K-f 118.161.191.38 (-):
. 217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2658 hits: 12-31 to 06-19] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

05:23:00 WinXP 217.245.100.62 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
BERLIN, BERLIN, DE. (DIAL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 32 of 32 03f912899b
[Firefox:14 hits: 12-14 to 06-19] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

05:29:00 WinXP 83.132.107.51 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 f2668b51f1
[Firefox: 8 hits: 08-10 to 06-15] none[4] none:none
PolyEnE| none trace

05:58:00 Win2K-f 222.239.34.179 (-):
INCHON CABLE TV NAMDONG BROADCAST,
INCHON, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com
US:64.62.216.10:80
US:64.62.216.56:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox: 8 hits: 06-17 to 06-19]
53bfe15e91
[Firefox:73 hits: 06-17 to 06-19] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

06:09:00 WinXP 58.190.31.158 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:40 hits: 09-28 to 06-19] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

06:29:00 WinXP 221.170.142.240 (MESH.AD.JP):
BIGLOBE-CIDR-BLK,
TOKYO, TOKYO, JP. n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball none e09933a21a
NEW none[4] none:none
PolyEnE| none trace

06:58:00 WinXP 80.191.115.189 (-):
REGIONAL LIBRARAY OF SCIENCE AND TECHNOLOGY,
SHIRAZ, FARS, IR. n/a DE:siliconfireware.ru
GB:new.egg.com
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
GB:217.145.225.22:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
[Firefox:1060 hits: 05-01 to 06-19] 40f7f463c4 [0] ASM:Graph
ASPack| lines=281
embedded dns trace

T:07:15:00 WinXP 155.239.182.162 (TELKOM-IPNET.CO.ZA):
AFRINIC,
JOHANNESBURG, GAUTENG, ZA. n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 32 of 32 03f912899b
[Firefox:14 hits: 12-14 to 06-19] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

07:43:00 Win2K-f 219.115.204.202 (ZAQ.NE.JP):
TOYONAKA IKEDA CABLENET CO. LTD,
TOYONAKA, OSAKA, JP. 72.10.172.211:8080 67.43.236.66:8080 CA:xx.ka3ek.com
CA:xx.nadnadzz.info
CA:xx.enterhere.biz
CA:67.43.226.242:8080
CA:67.43.236.66:8080
CA:67.43.236.98:10324
CA:67.43.236.98:1863
CA:67.43.236.99:10324
CA:67.43.236.99:1863
CA:72.10.172.211:8080 135 pcap raw alerts
ruleset other
390 lines Yeah : 1.8
profile none summary
tarball none 830faa6678
NEW none[4] none:none
EXECrypto| none trace

07:52:00 WinXP 210.79.131.81 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:647 hits: 07-11 to 06-19] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

07:56:00 WinXP 125.4.12.65 (ZAQ.NE.JP):
HIGASHI-OSAKA CABLE TELEVISION CO. LTD,
OSAKA, OSAKA, JP. n/a CA:xx.enterhere.biz
CA:xx.sqlteam.info
CA:67.43.236.98:1863
CA:67.43.236.98:5190
CA:67.43.236.99:1863
CA:67.43.236.99:5190 135 pcap raw alerts
ruleset other
341 lines Yeah : 1.3
profile none summary
tarball none 0f8f00b9bb
NEW none[4] none:none
StarForce| none trace

T:08:01:00 Win2K-f 41.249.252.178 (IAM.NET.MA):
AFRINIC,
MA. 69.65.40.234:2345 66.29.25.194:80 US:game.doiluc.com
US:play.evodui.com 139 pcap raw alerts
ruleset http
irc
62 lines Yeah : 1.3
profile none summary
tarball none
none 56265328e3
NEW
f24b618b0e
NEW 56265328e3 [1]
none [4] ASM:Graph
none:none
none|none
none|none lines=7
none trace
trace

08:07:00 WinXP 70.62.193.159 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MENTOR, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.46.124:80
US:207.123.46.125:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

08:18:00 WinXP 122.53.199.23 (PLDT.NET):
IPG,
PH. n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl
US:64.62.216.10:80
US:64.62.216.56:80 135 pcap raw alerts
ruleset other
144 lines Yeah : 1.3
profile none summary
tarball 29 of 33
33 of 33 16874933ea
[Firefox: 3 hits: 06-18 to 06-19]
76ee340669
[Firefox: 3 hits: 06-18 to 06-19] 16874933ea [1]
none [4] ASM:Graph
none:none
Armadillo|
PolyEnE| lines=82
none trace
trace

08:22:00 WinXP 222.144.238.72 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none 21e5edb96d
NEW none[4] none:none
none|none none trace

T:09:23:00 WinXP 80.27.53.148 (-):
TELEFONICA MOVILES ESPANA (NCC#2002069993),
ES. n/a 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

09:29:00 Win2K-f 217.202.113.199 (-):
TELECOM ITALIA MOBILE,
IT. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2658 hits: 12-31 to 06-19] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

09:43:00 WinXP 76.77.225.153 (MADISONTELCO.COM):
MADISON TELEPHONE COMPANY,
HAMEL, ILLINOIS, US. n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 135 pcap raw alerts
ruleset other
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
b7082104e4
[Firefox: 4 hits: 06-18 to 06-18] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

T:09:54:00 Win2K-f 41.248.244.17 (IAM.NET.MA):
AFRINIC,
MA. 69.65.40.234:2345 66.29.25.194:80 US:game.doiluc.com
US:play.evodui.com 445 pcap raw alerts
ruleset http
irc
65 lines Yeah : 1.3
profile none summary
tarball none
none 67e72b246f
NEW
f24b618b0e
NEW 67e72b246f [1]
none [4] ASM:Graph
none:none
none|none
none|none lines=7
none trace
trace

T:09:58:00 WinXP 79.138.140.102 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:439 hits: 05-02 to 06-03] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

T:10:02:00 WinXP 24.243.120.210 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CORPUS CHRISTI, TEXAS, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
SE:kavkazcenter.com
SE:kavkazcenter.net
FI:kavkazchat.com
US:chechenpress.info
GB:chechenpress.co.uk
US:shaheeds.org
:daymohk.info
:chripress.org
:marsho.dk
US:www.jamaatshariat.com
FI:imgs2.kavkazcenter.com
:www.google.com
GB:www.chechenpress.co.uk
FI:static.kavkazchat.com
US:www.islamicfinder.org
US:www.youtube.com
US:www.vimeo.com
RU:grani-tv.ru
RU:video.rutube.ru
:www.google-analytics.com
US:video.google.com
US:blip.tv 445 pcap raw alerts
ruleset http
http
332 lines Yeah : 0.8
profile none summary
tarball 29 of 29 ab5e47bf8d
[Firefox:48 hits: 05-10 to 06-14] none[3] none:none
ASPack| none trace

10:05:00 Win2K-f 92.40.202.147 (IKBCC.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

10:21:00 WinXP 64.38.79.123 (SPEAKEASY.NET):
US. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2658 hits: 12-31 to 06-19] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:10:26:00 WinXP 202.39.210.91 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP,
TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19]
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:10:46:00 WinXP 79.31.87.246 (SRC.ORG):
TELECOM ITALIA NET,
ROME, LAZIO, IT. 217.170.244.2:443 :proxim.ircgalaxy.pl
CZ:217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
19 lines Yeah : 1.8
profile none summary
tarball none 862c0a7fa5
NEW none[4] none:none
FSG| none trace

11:08:00 Win2K-f 218.237.185.57 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 30 of 32
31 of 33 8390780c27
NEW
af88ae89f8
NEW none[4]
af88ae89f8[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

11:22:00 Win2K-f 80.225.119.243 (TISCALI.COM):
TELINCO-DIALPOOL,
UK. (DIAL) n/a :proxima.ircgalaxy.pl
US:microsoft.com
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
22 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2658 hits: 12-31 to 06-19] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

11:23:00 WinXP 166.165.249.84 (MYVZW.COM):
SERVICE PROVIDER CORPORATION,
BEDMINSTER, NEW JERSEY, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

11:39:00 WinXP 92.40.241.80 (IKBCC.COM):
EU-ZZ,
UK. n/a :proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none e5d5ee5587
NEW none[4] none:none
FSG| none trace

11:53:00 WinXP 66.51.184.46 (-):
ILLINOIS RURAL TELECOMMUNICATION CO,
WINCHESTER, ILLINOIS, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 135 pcap raw alerts
ruleset other
191 lines Yeah : 1.3
profile none summary
tarball none
none 5c52e3199d
NEW
69b938edb7
NEW 5c52e3199d [1]
none [4] ASM:Graph
none:none
FASM|
tElock| lines=83
none trace
trace

11:55:00 WinXP 222.234.97.226 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 135 pcap raw alerts
ruleset other
98 lines Yeah : 1.3
profile none summary
tarball none
none 899035248c
NEW
9d677c3f70
NEW 899035248c [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

12:13:00 WinXP 59.115.96.78 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset shell
3 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

12:15:00 WinXP 61.218.192.130 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
57ce4acac2
[Firefox:12 hits: 06-17 to 06-19] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

12:34:00 WinXP 76.77.228.13 (MADISONTELCO.COM):
MADISON TELEPHONE COMPANY,
HAMEL, ILLINOIS, US. n/a :proxima.ircgalaxy.pl 135 pcap raw alerts
ruleset other
260 lines Yeah : 1.3
profile none summary
tarball none ea9787a186
NEW none[4] none:none
PolyEnE| none trace

12:35:00 WinXP 70.183.63.227 (COX.NET):
COX COMMUNICATIONS INC,
NEWPORT BEACH, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.124:80
US:205.128.79.125:80
US:205.128.79.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

12:43:00 Win2K-f 66.138.57.137 (SWBELL.NET):
PPPOX POOL RBACK1.BUMTTX,
BEAUMONT, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.124:80
US:205.128.79.126:80
US:207.123.37.125:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

13:14:00 WinXP 86.8.84.63 (NTL.COM):
NTLI,
LONDON, ENGLAND, UK. (DSL) n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 28 of 31 f58222344f
[Firefox:12 hits: 12-31 to 06-03] 2a56436a64 [0] ASM:Graph
PolyEnE| lines=265
embedded dns trace

13:20:00 Win2K-f 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.126:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:13:42:00 WinXP 70.182.30.253 (COX.NET):
COX COMMUNICATIONS,
FT. SMITH, ARKANSAS, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3066 hits: 12-31 to 06-19] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

13:54:00 WinXP 98.140.229.160 (-):
. n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

14:11:00 WinXP 85.92.255.92 (NET.BA):
AS53#12 KONJIC TKC,
BA. (100Mbps) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:40 hits: 09-28 to 06-19] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

14:25:00 Win2K-f 85.181.14.39 (ALICEDSL.DE):
HANSENET-ADSL,
MUNICH, BAYERN, DE. (DSL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2658 hits: 12-31 to 06-19] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:14:53:00 WinXP 212.27.5.105 (-):
MLIFENET,
RU. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:296 hits: 05-01 to 06-19] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:14:54:00 WinXP 69.205.156.31 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TROY, NEW YORK, US. n/a RU:moscow-advokat.ru
:gaspode.zanet.org.za
:flanders.be.eu.undernet.org
SE:qis.md.us.dal.net
SE:ozbytes.dal.net
NO:london.uk.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 29 of 29 55fe9d9ade
[Firefox:50 hits: 05-03 to 06-04] 4bce6c4887 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:15:05:00 WinXP 70.72.66.186 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
259 lines Yeah : 1.3
profile none summary
tarball 30 of 33 18f75b34a5
NEW none[4] none:none
PolyEnE| none trace

15:14:00 WinXP 122.18.206.112 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:647 hits: 07-11 to 06-19] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

16:17:00 WinXP 71.103.198.166 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
SAN BERNARDINO, CALIFORNIA, US. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:296 hits: 05-01 to 06-19] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

16:22:00 WinXP 74.33.75.217 (FRONTIERNET.NET):
FRONTIER COMMUNICATIONS OF AMERICA INC,
OMAHA, NEBRASKA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3066 hits: 12-31 to 06-19] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

16:42:00 Win2K-f 97.89.22.172 (-):
. n/a :proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset other
277 lines Yeah : 1.3
profile none summary
tarball none 398530ed93
NEW none[4] none:none
PolyEnE| none trace

16:44:00 WinXP 4.224.168.65 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
COLUMBUS, OHIO, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:428 hits: 12-31 to 06-19] 048df78048 [0] ASM:Graph
none|none lines=61 trace

T:16:48:00 WinXP 75.179.36.222 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AKRON, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
b7082104e4
[Firefox: 4 hits: 06-18 to 06-18]
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19] none[4]
none [4]
e07c29c4ae[1] none:none
none:none
ASM:Graph
tElock|
tElock|
FSG| none
none
lines=92 trace
trace
trace

16:53:00 Win2K-f 98.140.228.155 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

16:53:00 Win2K-f 116.123.95.178 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.46.124:80
US:207.123.37.125:80
US:207.123.46.125:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball none
none 8a75955033
NEW
9276c8b36b
NEW none[4]
9276c8b36b[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:16:56:00 WinXP 222.147.166.223 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:647 hits: 07-11 to 06-19] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

17:01:00 WinXP 209.214.168.22 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
LOUISVILLE, KENTUCKY, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:715 hits: 05-01 to 06-18] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

T:17:24:00 WinXP 209.213.9.20 (SSLISP.COM):
ELTOPIA.COM LLC,
PASCO, WASHINGTON, US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3066 hits: 12-31 to 06-19] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:17:40:00 WinXP 172.191.179.191 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
97 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19]
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:17:45:00 Win2K-f 61.218.192.130 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
57ce4acac2
[Firefox:12 hits: 06-17 to 06-19]
b5919931fe
NEW none[4]
57ce4acac2[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:17:48:00 Win2K-f 66.51.184.46 (-):
ILLINOIS RURAL TELECOMMUNICATION CO,
WINCHESTER, ILLINOIS, US. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
191 lines Yeah : 1.3
profile none summary
tarball none
none
none 5c52e3199d
NEW
69b938edb7
NEW
b5919931fe
NEW 5c52e3199d [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
FASM|
tElock|
ASProtect| lines=83
none
lines=90 trace
trace
trace

T:17:49:00 WinXP 4.225.20.144 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KOKOMO, INDIANA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19]
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:17:49:00 Win2K-f 70.168.9.104 (COX.NET):
COX COMMUNICATIONS,
PAWTUCKET, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset http
95 lines Yeah : 1.3
profile none summary
tarball 33 of 33
none
28 of 33 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
b5919931fe
NEW
f685f8e027
NEW none[4]
b5919931fe[1]
f685f8e027[1] none:none
ASM:Graph
ASM:Graph
tElock|
ASProtect|
Armadillo| none
lines=90
lines=82 trace
trace
trace

17:51:00 WinXP 202.71.56.189 (WARABI.NE.JP):
WARABI CABLE VISION CO. LTD,
WARABI, SAITAMA, JP. n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 22999be88c
[Firefox: 4 hits: 04-05 to 05-02] eda2056971 [0] ASM:Graph
PolyEnE| lines=154
embedded dns trace

T:17:51:00 WinXP 202.71.56.189 (WARABI.NE.JP):
WARABI CABLE VISION CO. LTD,
WARABI, SAITAMA, JP. n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 22999be88c
[Firefox: 4 hits: 04-05 to 05-02] eda2056971 [0] ASM:Graph
PolyEnE| lines=154
embedded dns trace

T:18:13:00 WinXP 24.78.41.206 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
96 lines Yeah : 1.3
profile none summary
tarball none
none
none 607b60ad51
NEW
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19]
e5c7bce70e
NEW none[4]
e07c29c4ae[1]
e5c7bce70e[1] none:none
ASM:Graph
ASM:Graph
tElock|
FSG|
Armadillo| none
lines=92
lines=81 trace
trace
trace

18:58:00 WinXP 58.230.192.37 (-):
THRUNET-INFRA-SEOUL03,
SEOUL, KYONGGI-DO, KR. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:199.93.44.126:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball none
none 3dffacd270
NEW
d5bf17f14e
NEW 3dffacd270 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

T:19:05:00 WinXP 172.168.249.44 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
88 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19]
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:19:06:00 WinXP 170.51.183.19 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none 90d02b6b68
NEW none[4] none:none
PolyEnE| none trace

19:06:00 Win2K-f 4.245.62.237 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
OKLAHOMA CITY, OKLAHOMA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
21 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:19:26:00 WinXP 144.139.71.4 (TMNS.NET.AU):
TELSTRAINTERNET32,
MELBOURNE, VICTORIA, AU. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
94 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19]
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

19:33:00 WinXP 59.104.149.26 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none 9961bc25ef
NEW none[4] none:none
FSG| none trace

T:19:46:00 Win2K-f 63.245.183.231 (KITUSA.COM):
KANSAS INDEPENDENT TELECOMMUNICATIONS,
BURLINGTON, KANSAS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19]
b5919931fe
NEW none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

19:47:00 Win2K-f 65.86.121.85 (DSL.NET):
ABERCROMBIE SIMMONS & GILLETTE OF VIRGINIA INC,
VIRGINIA BEACH, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.83:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

20:02:00 Win2K-f 125.215.205.184 (IMSBIZ.COM):
PCCW BUSINESS INTERNET ACCESS,
HONG KONG, HONG KONG (SAR), HK. (100Mbps) n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
[Firefox:12 hits: 06-17 to 06-19] 57ce4acac2 [1] ASM:Graph
Armadillo| lines=81 trace

20:10:00 WinXP 218.168.175.167 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset shell
3 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

20:10:00 WinXP 75.33.43.229 (SBCGLOBAL.NET):
PPPOX POOL - RBACK6 BCVLOH,
CLEVELAND, OHIO, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.53.125:80
US:205.128.66.124:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
b7082104e4
[Firefox: 4 hits: 06-18 to 06-18] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

T:20:14:00 WinXP 220.237.97.156 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
SYDNEY, NEW SOUTH WALES, AU. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:715 hits: 05-01 to 06-18] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

T:20:18:00 Win2K-f 59.117.32.55 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:20:20:00 Win2K-f 24.83.122.161 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) n/a :proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset other
313 lines Yeah : 1.3
profile none summary
tarball none c78281a815
NEW none[4] none:none
PolyEnE| none trace

T:20:52:00 Win2K-f 71.148.35.35 (SBCGLOBAL.NET):
KASSA KASSA,
PLANO, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:20:53:00 Win2K-f 76.192.139.210 (SBCGLOBAL.NET):
PPPOX POOL - SE1.WOTNOH,
DALLAS, TEXAS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:21:03:00 WinXP 172.162.81.107 (AOL.COM):
AMERICA ONLINE,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
134 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19]
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:21:08:00 WinXP 82.59.85.8 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
NAPOLI, CAMPANIA, IT. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:40 hits: 09-28 to 06-19] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

21:15:00 WinXP 220.102.145.7 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:647 hits: 07-11 to 06-19] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

21:21:00 WinXP 124.66.248.182 (FCH.NE.JP):
FUREAI CHANNEL INC,
HIROSHIMA, HIROSHIMA, JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:40 hits: 09-28 to 06-19] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

21:30:00 Win2K-f 65.255.131.76 (OFMLIVE.NET):
OREGON FARMERS MUTUAL TELEPHONE COMPANY,
OREGON, MISSOURI, US. n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.83:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:32:00 WinXP 72.51.238.48 (NEWWAVECOMM.NET):
NEW WAVE COMMUNICATIONS,
SPARTA, ILLINOIS, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3066 hits: 12-31 to 06-19] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:21:43:00 WinXP 4.226.231.199 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MCKINNEY, TEXAS, US. (DIAL) n/a US:www.altavista.com
:jbeegvia.ru 135 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
[Firefox: 8 hits: 09-29 to 06-19] none[3] none:none
tElock| none trace

T:21:45:00 Win2K-f 69.134.138.180 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FALLS CHURCH, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19]
b5919931fe
NEW none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

21:45:00 WinXP 4.226.231.199 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MCKINNEY, TEXAS, US. (DIAL) n/a :www.google.com.au
US:www.yahoo.com
:jbeegvia.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
[Firefox: 8 hits: 09-29 to 06-19] none[3] none:none
tElock| none trace

22:02:00 WinXP 65.68.19.187 (-):
POPLAR PCS,
JONESBORO, ARKANSAS, US. (100Mbps) n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:64.62.193.134:80
US:64.62.193.166:80 135 pcap raw alerts
ruleset other
114 lines Yeah : 1.3
profile none summary
tarball 32 of 33
28 of 32 3f0a5b2ebe
[Firefox: 2 hits: 06-18 to 06-18]
c6bfb5f0f2
[Firefox: 2 hits: 06-18 to 06-18] none[4]
c6bfb5f0f2[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=81 trace
trace

22:04:00 Win2K-f 66.18.247.249 (PARTICLEWEB.COM):
NUCLEUS INC,
CHICAGO, ILLINOIS, US. n/a US:microsoft.com
US:download.microsoft.com
US:64.62.193.134:80
US:64.62.193.166:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

22:32:00 WinXP 119.95.54.64 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:64.215.166.173:80
US:64.215.166.190:80 135 pcap raw alerts
ruleset other
109 lines Yeah : 1.3
profile none summary
tarball none
none 83f26f5044
NEW
d715f88a95
NEW none[4]
d715f88a95[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:22:37:00 WinXP 66.138.57.137 (SWBELL.NET):
PPPOX POOL RBACK1.BUMTTX,
BEAUMONT, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
73f1082158
[Firefox:21 hits: 06-18 to 06-19]
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:22:38:00 WinXP 69.107.174.37 (PACBELL.NET):
3CIM INC,
SAN JOSE, CALIFORNIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset http
95 lines Yeah : 1.3
profile none summary
tarball 33 of 33
none
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
dc92683d9a
NEW
e07c29c4ae
[Firefox: 2 hits: 06-19 to 06-19] none[4]
dc92683d9a[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=82
lines=92 trace
trace
trace

22:45:00 Win2K-f 96.52.65.213 (-):
. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 135 pcap raw alerts
ruleset other
145 lines Yeah : 1.3
profile none summary
tarball none
none 794273fbfc
NEW
b455f223d6
NEW none[4]
b455f223d6[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=81 trace
trace

22:49:00 Win2K-f 124.115.15.45 (163DATA.COM.CN):
CHINANET SHANXI(SN) PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.124:80
US:199.93.41.124:80
US:199.93.53.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:55:00 Win2K-f 41.248.244.17 (IAM.NET.MA):
AFRINIC,
MA. 69.65.40.234:2345 66.29.25.194:80 US:game.doiluc.com
US:play.evodui.com 445 pcap raw alerts
ruleset http
irc
61 lines Yeah : 1.3
profile none summary
tarball none
none 67e72b246f
NEW
f24b618b0e
NEW 67e72b246f [1]
none [4] ASM:Graph
none:none
none|none
none|none lines=7
none trace
trace

T:22:56:00 Win2K-f 208.126.40.15 (-):
WESTERN IOWA NETWORKS,
BREDA, IOWA, US. n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com 135 pcap raw alerts
ruleset http
158 lines Yeah : 1.3
profile none summary
tarball none
none 4dcf7f18ac
NEW
9bf5558de5
NEW none[4]
9bf5558de5[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

23:12:00 Win2K-f 89.204.195.101 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
IE. n/a 445 pcap raw alerts
ruleset shell
4 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:14:00 Win2K-f 125.232.246.89 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2658 hits: 12-31 to 06-19] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:23:15:00 Win2K-f 41.249.252.178 (IAM.NET.MA):
AFRINIC,
MA. 69.65.40.234:2345 66.29.25.194:80 US:game.doiluc.com
US:play.evodui.com 445 pcap raw alerts
ruleset http
irc
63 lines Yeah : 1.3
profile none summary
tarball none
none 67e72b246f
NEW
f24b618b0e
NEW 67e72b246f [1]
none [4] ASM:Graph
none:none
none|none
none|none lines=7
none trace
trace

T:23:30:00 Win2K-f 99.164.38.227 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
none 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19]
b5919931fe
NEW none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:23:39:00 Win2K-f 59.104.149.26 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

23:49:00 Win2K-f 67.116.238.179 (-):
PPPOX POOL - RBACK1.PLTNCA 05182006-1157,
VACAVILLE, CALIFORNIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:64.62.216.56:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:73 hits: 06-17 to 06-19]
a08f3b74a4
[Firefox:24 hits: 06-18 to 06-19] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:50:00 WinXP 116.123.57.165 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:64.62.216.10:80
US:64.62.216.56:80 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 31 of 33
0 of 33 168aab35a3
[Firefox: 3 hits: 06-17 to 06-19]
4c3df24b32
[Firefox: 8 hits: 06-17 to 06-19] none[4]
4c3df24b32[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:23:54:00 Win2K-f 89.204.201.108 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
IE. n/a 445 pcap raw alerts
ruleset shell
4 lines Yeah : 1.3
profile none summary
tarball none none none none none none none