Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

22 June 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:16:00 WinXP 61.230.86.191 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 217.170.244.2:443 :proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 29 of 32 3e0b734da7
NEW none[4] none:none
FSG| none trace

00:32:00 WinXP 69.148.180.38 (SWBELL.NET):
PPPOX POOL - BRAS1 STLSMO,
ST. LOUIS, MISSOURI, US. n/a DE:siliconfireware.ru
SE:kavkazcenter.com
SE:kavkazcenter.net
FI:kavkazchat.com
US:chechenpress.info
GB:chechenpress.co.uk
US:shaheeds.org
:daymohk.info
:chripress.org
:marsho.dk
DE:ebookfinaltrash.ru
:wpad
DE:212.227.111.29:80
US:216.52.184.243:80
DE:217.11.54.126:80
GB:217.194.210.198:80
US:72.29.65.216:80
EU:78.47.200.154:80
FI:80.81.183.162:80
SE:88.80.5.157:80
SE:88.80.5.15:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 ab5e47bf8d
[Firefox:49 hits: 05-10 to 06-20] none[3] none:none
ASPack| none trace

T:00:45:00 WinXP 118.237.51.169 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 27b945de66
NEW none[4] none:none
none|none none trace

T:00:49:00 WinXP 24.64.242.103 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.126:80 135 pcap raw alerts
ruleset http
115 lines Yeah : 1.3
profile none summary
tarball 31 of 32
23 of 33 bca9e0fb5f
[Firefox: 2 hits: 06-18 to 06-18]
e53a9ea82e
[Firefox: 2 hits: 06-18 to 06-18] none[4]
e53a9ea82e[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=81 trace
trace

T:00:52:00 Win2K-f 211.135.43.56 (ZAQ.NE.JP):
KEIHAN CABLE TELEVISION CO. LTD,
JP. n/a US:microsoft.com
US:download.microsoft.com
US:4.23.60.125:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
NEW
53bfe15e91
[Firefox:123 hits: 06-17 to 06-21] 07fabc79ef [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:01:02:00 WinXP 122.50.177.165 (EXATT.NET):
INTERNET SERVICE PROVIDER,
BHUBANESHWAR, ORISSA, IN. n/a 135 pcap raw alerts
ruleset other
11 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

01:15:00 WinXP 119.72.44.112 (-):
. n/a :proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 30 of 32 721088fe83
NEW none[4] none:none
FSG| none trace

T:01:28:00 WinXP 85.181.58.145 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
5 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

01:30:00 WinXP 65.86.192.131 (-):
NOVICK EDELSTEIN ET AL,
YONKERS, NEW YORK, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.46.125:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
73f1082158
[Firefox:43 hits: 06-18 to 06-21] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:01:36:00 WinXP 4.232.171.211 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
LONG BEACH, CALIFORNIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
3 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:01:38:00 Win2K-f 24.76.71.117 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 28 of 33
30 of 33
0 of 32 12df83cb4f
NEW
2e7dc3f066
NEW
b5919931fe
[Firefox:17 hits: 06-20 to 06-21] 12df83cb4f [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
ASProtect| lines=82
none
lines=90 trace
trace
trace

01:49:00 Win2K-f 218.168.170.95 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:01:57:00 WinXP 79.111.154.26 (G-M-I.NET):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:653 hits: 07-11 to 06-21] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

02:07:00 WinXP 61.255.159.186 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:205.128.66.126:80
US:4.23.60.125:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 30 of 32
30 of 32 475d9a7753
NEW
e9a7fa27d5
NEW none[4]
e9a7fa27d5[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

02:29:00 WinXP 220.130.194.247 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

02:33:00 WinXP 212.27.0.26 (-):
ALIKS-TELECOM COMPANY,
MOSCOW, MOSKVA, RU. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 31 ed6e30072f
NEW none[4] none:none
PolyEnE| none trace

T:02:33:00 WinXP 212.27.0.26 (-):
ALIKS-TELECOM COMPANY,
MOSCOW, MOSKVA, RU. 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 31 of 31 ed6e30072f
NEW none[4] none:none
PolyEnE| none trace

T:02:42:00 WinXP 210.206.10.17 (KONICS.COM):
BORANET-NET-210-206/,
SEOUL, KYONGGI-DO, KR. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
115 lines Yeah : 1.3
profile none summary
tarball 29 of 32
28 of 32 a1a5fa95b9
NEW
e655846fa1
NEW none[4]
e655846fa1[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:02:44:00 Win2K-f 70.67.174.63 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
DUNCAN, BRITISH COLUMBIA, CA. 72.10.172.218:7382 CA:italian.swiifatecihno.com 135 pcap raw alerts
ruleset irc
http
587 lines Yeah : 1.8
profile none summary
tarball 29 of 32
28 of 32 8acd7e1937
NEW
f33628ba56
NEW 8acd7e1937 [1]
f33628ba56[1] ASM:Graph
ASM:Graph
none|none
ASPack| lines=0
lines=10 trace
trace

T:02:44:00 Win2K-f 220.139.170.166 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:02:50:00 Win2K-f 222.234.97.168 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 72.10.172.218:7382 :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:207.123.37.125:80 135 pcap raw alerts
ruleset http
98 lines Yeah : 1.8
profile none summary
tarball 31 of 33
30 of 32 1509c8d024
NEW
f23b040440
NEW none[4]
f23b040440[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

03:12:00 WinXP 122.30.229.204 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 840e31cc53
NEW none[4] none:none
Xtreme-Pr| none trace

T:03:23:00 Win2K-f 70.183.165.162 (COX.NET):
COX COMMUNICATIONS,
PROVIDENCE, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.124:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
a08f3b74a4
[Firefox:41 hits: 06-18 to 06-21]
b5919931fe
[Firefox:17 hits: 06-20 to 06-21] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:03:29:00 WinXP 220.229.78.210 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
73f1082158
[Firefox:43 hits: 06-18 to 06-21]
e07c29c4ae
[Firefox:22 hits: 06-19 to 06-21] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

03:32:00 WinXP 211.177.210.196 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com
US:204.160.126.126:80
US:206.33.45.125:80
US:207.123.46.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox:16 hits: 06-17 to 06-21]
53bfe15e91
[Firefox:123 hits: 06-17 to 06-21] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

03:51:00 Win2K-f 208.126.17.87 (NETINS.NET):
JEFFERSON TELEPHONE COMPANY,
RAVENWOOD, MISSOURI, US. (DSL) n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
US:64.215.166.173:80
US:64.215.166.190:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 29 of 33
30 of 33 2ef2f78792
NEW
b7a332eb7c
NEW 2ef2f78792 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

04:13:00 WinXP 4.185.189.96 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SILVER SPRING, MARYLAND, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:204.160.126.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
151 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
73f1082158
[Firefox:43 hits: 06-18 to 06-21] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:04:32:00 WinXP 86.8.84.63 (NTL.COM):
NTLI,
LONDON, ENGLAND, UK. (DSL) n/a :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 28 of 31 f58222344f
[Firefox:13 hits: 12-31 to 06-20] 2a56436a64 [0] ASM:Graph
PolyEnE| lines=265
embedded dns trace

04:36:00 WinXP 123.223.143.57 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

04:48:00 Win2K-f 70.64.136.144 (GASOC.COM):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
231 lines Yeah : 1.3
profile none summary
tarball 20 of 32 131351dd21
[Firefox: 4 hits: 05-22 to 06-13] none[4] none:none
none|none none trace

04:58:00 WinXP 61.228.185.145 (PRESTONAUTO.COM):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:05:07:00 WinXP 61.228.151.29 (PRESTONAUTO.COM):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

05:07:00 Win2K-f 119.72.77.130 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

05:14:00 WinXP 122.16.172.27 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:653 hits: 07-11 to 06-21] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:05:14:00 WinXP 211.208.245.252 (HANANET.NET):
HANARO TELECOM INC,
PUSAN, PUSAN-GWANGYOKSI, KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
89 lines Yeah : 1.3
profile none summary
tarball 31 of 33
0 of 33 168aab35a3
[Firefox:12 hits: 06-17 to 06-21]
4c3df24b32
[Firefox:16 hits: 06-17 to 06-21] none[4]
4c3df24b32[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

05:16:00 WinXP 219.110.164.146 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
JP. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 29 6887c0c417
[Firefox:10 hits: 08-17 to 03-20] 0a9bea2750 [0] ASM:Graph
FSG| lines=1932
embedded dns trace

05:25:00 WinXP 216.198.170.40 (MCLOUDTELECO.COM):
INTELLEQ COMMUNICATIONS CORPORATION,
NEWALLA, OKLAHOMA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:199.93.46.125:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset other
112 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 32 3cd7958258
[Firefox: 2 hits: 06-17 to 06-19]
41efedf70f
NEW none[4]
41efedf70f[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:05:34:00 Win2K-f 116.123.1.251 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:205.128.66.124:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 29 of 32
28 of 32 8a75955033
NEW
9276c8b36b
NEW none[4]
9276c8b36b[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

05:41:00 WinXP 61.199.117.190 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:52 hits: 09-28 to 06-21] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:05:42:00 Win2K-f 99.202.253.112 (-):
. n/a US:microsoft.com
US:download.microsoft.com
US:64.215.166.173:80
US:64.215.166.190:80 135 pcap raw alerts
ruleset other
84 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
a08f3b74a4
[Firefox:41 hits: 06-18 to 06-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

05:49:00 Win2K-f 218.169.86.9 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:05:55:00 WinXP 218.174.47.43 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 27 of 32 6c36e19037
NEW none[4] none:none
none|none none trace

T:05:57:00 WinXP 118.236.154.41 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 32 of 32 93385541f3
NEW none[4] none:none
none|none none trace

06:21:00 Win2K-f 58.0.100.42 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

06:38:00 WinXP 118.236.89.167 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 93385541f3
NEW none[4] none:none
none|none none trace

T:06:54:00 WinXP 24.93.109.31 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com
US:64.215.166.173:80
US:64.215.166.190:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
73f1082158
[Firefox:43 hits: 06-18 to 06-21] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

07:43:00 Win2K-f 218.168.34.180 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:07:46:00 WinXP 70.253.111.117 (SWBELL.NET):
PPPOX POOL - BRAS1.WCHTKS 032905-1955,
LIBERAL, KANSAS, US. (DIAL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3077 hits: 12-31 to 06-21] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:08:01:00 WinXP 86.146.10.6 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 1898e66cd2
[Firefox: 2 hits: 05-20 to 05-21] none[4] none:none
PolyEnE| none trace

08:01:00 WinXP 118.237.6.134 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 27b945de66
NEW none[4] none:none
none|none none trace

08:13:00 WinXP 118.108.248.250 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:08:23:00 Win2K-f 208.126.17.87 (NETINS.NET):
JEFFERSON TELEPHONE COMPANY,
RAVENWOOD, MISSOURI, US. (DSL) n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:64.62.216.10:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 29 of 33
30 of 33 2ef2f78792
NEW
b7a332eb7c
NEW 2ef2f78792 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

08:35:00 WinXP 122.25.140.82 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

09:17:00 WinXP 4.240.129.166 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PHOENIX, ARIZONA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:11:42:00 Win2K-f 24.69.99.242 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
:proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset http
95 lines Yeah : 1.3
profile none summary
tarball 33 of 33
29 of 33
0 of 32 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
9755a5d861
NEW
b5919931fe
[Firefox:17 hits: 06-20 to 06-21] none[4]
9755a5d861[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:12:00:00 Win2K-f 125.232.69.25 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
28 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:12:06:00 Win2K-f 78.51.157.71 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
4 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

12:42:00 WinXP 122.19.145.38 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 33 21e5edb96d
[Firefox: 3 hits: 06-19 to 06-21] none[4] none:none
none|none none trace

T:12:43:00 Win2K-f 4.252.89.112 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MARYSVILLE, OHIO, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
3 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:12:44:00 WinXP 206.82.88.68 (ALLTEL.NET):
ALLTEL DIAL POOL LIVE OAK FL,
LIVE OAK, FLORIDA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:301 hits: 05-01 to 06-21] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:13:10:00 WinXP 80.63.230.95 (ADSL-DHCP.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
COPENHAGEN, COPENHAGEN, DK. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 33 bce12aa21f
[Firefox:18 hits: 05-12 to 06-10] none[4] none:none
PolyEnE| none trace

13:19:00 WinXP 218.239.82.124 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:204.160.126.124:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
[Firefox:16 hits: 06-17 to 06-21]
53bfe15e91
[Firefox:123 hits: 06-17 to 06-21] 4c3df24b32 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:13:29:00 Win2K-f 80.41.158.13 (AS9105.COM):
TISCALI UK LTD,
LONDON, ENGLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:14:12:00 WinXP 190.18.24.78 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1343 hits: 12-31 to 06-21] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:15:14:00 WinXP 122.19.145.38 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 33 21e5edb96d
[Firefox: 3 hits: 06-19 to 06-21] none[4] none:none
none|none none trace

T:15:44:00 WinXP 201.47.250.219 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3077 hits: 12-31 to 06-21] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

15:48:00 Win2K-f 70.183.161.219 (COX.NET):
COX COMMUNICATIONS,
WOONSOCKET, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:199.93.44.124:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
a08f3b74a4
[Firefox:41 hits: 06-18 to 06-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:57:00 WinXP 65.26.231.8 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MILWAUKEE, WISCONSIN, US. n/a 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

16:00:00 WinXP 92.40.90.191 (IKBCC.COM):
EU-ZZ,
UK. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

16:20:00 Win2K-f 4.252.29.90 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
19 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

16:49:00 Win2K-f 125.225.8.161 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2679 hits: 12-31 to 06-21] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

17:24:00 WinXP 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.124:80
US:205.128.66.124:80
US:205.128.79.124:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
57ce4acac2
[Firefox:17 hits: 06-17 to 06-21] none[4]
57ce4acac2[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:28:00 WinXP 70.119.55.217 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. n/a 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:17:41:00 WinXP 4.159.29.53 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHAMPLIN, MINNESOTA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:205.128.66.124:80
US:205.128.79.125:80 135 pcap raw alerts
ruleset http
217 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
73f1082158
[Firefox:43 hits: 06-18 to 06-21]
e07c29c4ae
[Firefox:22 hits: 06-19 to 06-21] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

17:49:00 WinXP 216.8.192.89 (-):
. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:199.93.44.124:80
US:205.128.79.124:80 135 pcap raw alerts
ruleset other
114 lines Yeah : 1.3
profile none summary
tarball 31 of 32
28 of 32 7d1b06e856
NEW
df312ddc90
NEW none[4]
df312ddc90[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=81 trace
trace

18:05:00 WinXP 198.70.153.238 (EASTEX.NET):
EASTEX NET,
LIVINGSTON, TEXAS, US. n/a US:www.yahoo.com
US:www.altavista.com
:jbeegvia.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
[Firefox:11 hits: 09-29 to 06-21] none[3] none:none
tElock| none trace

18:40:00 WinXP 219.112.26.45 (YOURNET.NE.JP):
FREEBIT CO. LTD,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:52 hits: 09-28 to 06-21] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:18:46:00 Win2K-f 65.86.192.131 (-):
NOVICK EDELSTEIN ET AL,
YONKERS, NEW YORK, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
73f1082158
[Firefox:43 hits: 06-18 to 06-21] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:19:34:00 Win2K-f 207.5.244.39 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80
US:4.23.60.125:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
73f1082158
[Firefox:43 hits: 06-18 to 06-21] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:20:06:00 Win2K-f 172.190.98.70 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:207.123.37.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 30 of 32
29 of 32 3984f311ae
NEW
bfa18c4273
NEW none[4]
bfa18c4273[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:21:29:00 WinXP 123.50.68.65 (-):
MANA INTERNET SERVICE PROVIDER,
PAPEETE, FRENCH POLYNESIA, PF. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:52 hits: 09-28 to 06-21] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

21:38:00 WinXP 75.49.22.98 (SBCGLOBAL.NET):
PPPOX POOL - SE1.WOTNOH,
COLUMBUS, OHIO, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.144:80
US:72.247.30.211:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
a08f3b74a4
[Firefox:41 hits: 06-18 to 06-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

21:51:00 WinXP 70.182.251.209 (MAXONCORP.COM):
COX COMMUNICATIONS,
WICHITA, KANSAS, US. n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.144:80
US:72.247.30.211:80 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:123 hits: 06-17 to 06-21]
a08f3b74a4
[Firefox:41 hits: 06-18 to 06-21] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:22:19:00 WinXP 210.127.111.200 (KRLINE.NET):
KRNIC,
SEOUL, KYONGGI-DO, KR. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 31 of 33
29 of 33 0537139fe7
[Firefox: 2 hits: 06-21 to 06-21]
49b6f2dd5d
[Firefox: 2 hits: 06-21 to 06-21] none[4]
49b6f2dd5d[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=81 trace
trace

22:34:00 WinXP 78.51.237.49 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
5 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

22:35:00 WinXP 218.160.54.221 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAOYUAN, T'AI-WAN, TW. n/a :proxim.ircgalaxy.pl
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 29 of 32 2f5a49b768
NEW none[4] none:none
FSG| none trace

23:38:00 WinXP 216.186.181.91 (KNOLOGY.NET):
KNOLOGY HOLDINGS INC,
ST. PETERSBURG, FLORIDA, US. n/a EU:siliconfireware.ru
SE:kavkazcenter.com
SE:kavkazcenter.net
FI:kavkazchat.com
US:chechenpress.info
GB:chechenpress.co.uk
US:shaheeds.org
:daymohk.info
:chripress.org
:marsho.dk
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
GB:217.194.210.198:80
US:69.25.142.48:80
US:72.29.65.216:80
EU:78.47.200.154:80
FI:80.81.183.162:80
SE:88.80.5.157:80
SE:88.80.5.15:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 ab5e47bf8d
[Firefox:49 hits: 05-10 to 06-20] none[3] none:none
ASPack| none trace