Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

24 June 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:16:00 WinXP 82.247.241.199 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 32 of 33 b3dc05139e
NEW none[4] none:none
PolyEnE| none trace

T:00:20:00 WinXP 166.165.228.162 (MYVZW.COM):
SERVICE PROVIDER CORPORATION,
BEDMINSTER, NEW JERSEY, US. (DSL) 217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
61 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:00:36:00 WinXP 70.166.137.147 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
78 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

00:53:00 WinXP 84.140.238.100 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
LUBECK, SCHLESWIG-HOLSTEIN, DE. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:19 hits: 12-14 to 06-23] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

01:02:00 WinXP 61.20.171.158 (-):
FAR EASTONE TELECOMMUNICATION CO. LTD,
TW. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3082 hits: 12-31 to 06-23] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:01:07:00 Win2K-f 121.113.147.31 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. 217.170.244.2:443
CZ:217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
28 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:01:08:00 WinXP 58.156.35.172 (UCOM.NE.JP):
IML,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
21 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:655 hits: 07-11 to 06-22] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:01:40:00 WinXP 151.118.187.72 (QWEST.NET):
QWEST BROADBAND,
PHOENIX, ARIZONA, US. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

01:49:00 WinXP 84.177.215.218 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
DE. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
[Firefox:19 hits: 12-14 to 06-23] 83893bd25d [0] ASM:Graph
none|none lines=65 trace

T:01:50:00 WinXP 210.139.204.185 (SO-NET.NE.JP):
SO-NET ENTERTAINMENT CORPORATION,
NAHA, OKINAWA, JP. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:landdev1.lap.internal
:wpad
US:208.73.212.12:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
7 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:470 hits: 05-04 to 06-21] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:01:59:00 WinXP 66.143.34.251 (SWBELL.NET):
RBACK1.KSC2MO,
KANSAS CITY, MISSOURI, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:64.62.216.10:80
US:64.62.216.56:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

02:01:00 WinXP 118.168.1.96 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

02:20:00 WinXP 70.241.71.165 (SWBELL.NET):
PPPOX POOL - RBACK21 HSTNTX,
HOUSTON, TEXAS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:64.62.216.10:80
US:64.62.216.56:80 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

03:03:00 WinXP 222.159.36.198 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:03:22:00 WinXP 62.201.95.166 (T-ONLINE.HU):
T-ONLINE CATV CLIENTS (DYNAMIC ADDRESS POOL),
HU. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:59 hits: 09-28 to 06-23] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

03:51:00 WinXP 80.104.175.253 (BUSINESS.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A,
MILANO, LOMBARDIA, IT. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3082 hits: 12-31 to 06-23] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:03:56:00 Win2K-f 116.127.56.111 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 30 of 33
28 of 33 533d15b5ce
NEW
58c343a8d8
NEW none[4]
58c343a8d8[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:03:59:00 WinXP 121.102.146.6 (HI-HO.NE.JP):
PANASONIC NETWORK SERVICES INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:59 hits: 09-28 to 06-23] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:04:27:00 Win2K-f 61.37.147.200 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. (100Mbps) n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:198.78.220.126:80
US:199.93.41.124:80
US:199.93.41.126:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 32 of 33
30 of 33 3690b64ca2
[Firefox: 2 hits: 06-18 to 06-21]
a6fb77fd26
[Firefox: 2 hits: 06-18 to 06-21] none[4]
a6fb77fd26[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=82 trace
trace

T:05:10:00 Win2K-f 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:05:16:00 WinXP 87.10.224.93 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
ROME, LAZIO, IT. 217.170.244.2:443
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
irc
26 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:05:20:00 WinXP 4.239.243.44 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MT. LAUREL, NEW JERSEY, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:206.33.45.125:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset http
84 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23]
e07c29c4ae
[Firefox:25 hits: 06-19 to 06-23] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:06:06:00 WinXP 24.160.201.113 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ANN ARBOR, MICHIGAN, US. (100Mbps) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:59 hits: 09-28 to 06-23] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

T:06:21:00 Win2K-f 70.182.92.124 (COX.NET):
COX COMMUNICATIONS,
TULSA, OKLAHOMA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

06:39:00 WinXP 80.225.112.24 (TISCALI.COM):
TELINCO-DIALPOOL,
UK. (DIAL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:06:43:00 WinXP 61.217.132.204 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 217.170.244.2:443
CZ:217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
29 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

07:42:00 WinXP 62.11.233.188 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
IT. (DIAL) n/a DE:siliconfireware.ru
EU:ebookfinaltrash.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:470 hits: 05-04 to 06-21] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:08:43:00 Win2K-f 121.124.29.78 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:64.62.216.10:80
US:64.62.216.56:80 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 30 of 33
29 of 33 6ec2a8994b
NEW
857b781ca9
NEW none[4]
857b781ca9[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

08:49:00 Win2K-f 98.134.29.215 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:09:54:00 WinXP 82.29.110.52 (NTL.COM):
NTL INFRASTRUCTURE - BAGULEY,
UK. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
[Firefox:719 hits: 05-01 to 06-21] 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

T:10:08:00 WinXP 118.10.246.233 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 33 21e5edb96d
[Firefox: 5 hits: 06-19 to 06-22] none[4] none:none
none|none none trace

10:25:00 WinXP 63.238.166.20 (CAVTEL.NET):
CONECTIV COMMUNICATIONS INC,
PENNSVILLE, NEW JERSEY, US. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:10:32:00 Win2K-f 166.165.111.218 (MYVZW.COM):
SERVICE PROVIDER CORPORATION,
BEDMINSTER, NEW JERSEY, US. 217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
28 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

10:55:00 WinXP 4.155.18.91 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BALTIMORE, MARYLAND, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:59 hits: 09-28 to 06-23] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

11:27:00 WinXP 172.131.112.212 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:207.123.47.126:80
US:4.23.60.125:80 135 pcap raw alerts
ruleset other
170 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:11:52:00 WinXP 82.10.4.13 (NTL.COM):
NTL INFRASTRUCTURE - RENFREW,
NEWPORT, WALES, UK. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3082 hits: 12-31 to 06-23] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:12:08:00 Win2K-f 70.168.5.39 (COX.NET):
COX COMMUNICATIONS,
WEST WARWICK, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.110.126:80
US:207.123.37.126:80 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23]
b5919931fe
[Firefox:21 hits: 06-20 to 06-23] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:12:08:00 WinXP 119.72.25.81 (-):
. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1346 hits: 12-31 to 06-23] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

12:18:00 Win2K-f 70.168.5.39 (COX.NET):
COX COMMUNICATIONS,
WEST WARWICK, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:12:23:00 Win2K-f 4.234.33.225 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
FT. LAUDERDALE, FLORIDA, US. (DIAL) 217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
28 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:12:24:00 Win2K-f 65.167.40.215 (NEP.NET):
THE NORTH-EASTERN PENNSYLVANIA TELEPHONE COMPANY,
FOREST CITY, PENNSYLVANIA, US. n/a 445 pcap raw alerts
ruleset shell
6 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:12:45:00 WinXP 12.226.96.36 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
DAVENPORT, IOWA, US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 986b59708d
[Firefox:300 hits: 05-03 to 06-18] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

T:13:15:00 WinXP 75.49.225.67 (SBCGLOBAL.NET):
PPPOX POOL - BRAS6.STLSMO,
SOUTH FORK, MISSOURI, US. (DSL) n/a 135 pcap raw alerts
ruleset other
12 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:13:15:00 Win2K-f 203.123.13.71 (QALA.COM.SG):
CHAINCAST NETWORKS (S) PTE LTD,
SINGAPORE, SINGAPORE, SG. (100Mbps) n/a US:microsoft.com
:proxim.ircgalaxy.pl
US:download.microsoft.com
US:205.128.79.124:80 135 pcap raw alerts
ruleset http
114 lines Yeah : 1.3
profile none summary
tarball 32 of 33
30 of 33 993cfd2369
NEW
acce263b25
NEW none[4]
acce263b25[1] none:none
ASM:Graph
PolyEnE|
Armadillo| none
lines=81 trace
trace

13:18:00 Win2K-f 80.41.181.132 (AS9105.COM):
TISCALI UK LTD,
LONDON, ENGLAND, UK. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

13:22:00 WinXP 222.234.97.168 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:205.128.66.124:80
US:207.123.47.126:80
US:4.23.60.126:80 135 pcap raw alerts
ruleset other
97 lines Yeah : 1.3
profile none summary
tarball 31 of 33
30 of 32 1509c8d024
[Firefox: 2 hits: 06-17 to 06-22]
f23b040440
NEW none[4]
f23b040440[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

T:13:28:00 WinXP 62.11.228.52 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
IT. (DIAL) n/a GB:new.egg.com
DE:siliconfireware.ru
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
:landdev1.lap.internal
GB:217.145.225.22:80 445 pcap raw alerts
ruleset http
http
6 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
[Firefox:470 hits: 05-04 to 06-21] 9bbdd086c5 [0] ASM:Graph
ASPack| lines=186
embedded dns trace

T:13:43:00 Win2K-f 218.211.146.202 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH. CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80 135 pcap raw alerts
ruleset http
255 lines Yeah : 1.3
profile none summary
tarball 29 of 33
31 of 33 dd98c3c108
NEW
e98746deb1
NEW dd98c3c108 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

T:13:54:00 WinXP 98.140.251.237 (-):
. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 d42c1cc7c0
[Firefox:302 hits: 05-01 to 06-22] af9ca5bed1 [0] ASM:Graph
PolyEnE| lines=54 trace

T:14:14:00 Win2K-f 24.234.98.190 (COX.NET):
COX COMMUNICATIONS INC,
LAS VEGAS, NEVADA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23]
b5919931fe
[Firefox:21 hits: 06-20 to 06-23] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

14:19:00 WinXP 208.100.252.103 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
PITTSBURGH, PENNSYLVANIA, US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 135 pcap raw alerts
ruleset other
146 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:14:20:00 WinXP 92.40.162.102 (IKBCC.COM):
EU-ZZ,
UK. 217.170.244.2:443 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset shell
shell
ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 31 of 33 9861192127
NEW none[4] none:none
FSG| none trace

T:14:31:00 Win2K-f 12.72.48.179 (ATT.NET):
AT&T WORLDNET SERVICES,
LA PUENTE, CALIFORNIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:15:07:00 Win2K-f 85.127.158.6 (-):
LAC4-VIECH3-DYNAMIC-IPS,
WIEN, WIEN, AT. 217.170.244.2:443
CZ:217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
27 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

15:10:00 Win2K-f 85.127.158.6 (-):
LAC4-VIECH3-DYNAMIC-IPS,
WIEN, WIEN, AT. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:15:13:00 WinXP 98.134.8.141 (-):
. 72.10.172.218:7382 CA:italian.swiifatecihno.com
US:208.66.194.242:80 445 pcap raw alerts
ruleset shell
ftp
irc
http
34 lines Yeah : 1.8
profile none summary
tarball 29 of 32
27 of 33 8acd7e1937
NEW
f0473a332c
NEW 8acd7e1937 [1]
f0473a332c[1] ASM:Graph
ASM:Graph
none|none
ASPack| lines=0
lines=10 trace
trace

T:15:37:00 WinXP 71.131.139.234 (-):
VALLEY FOOD INC,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:37:00 WinXP 85.181.90.240 (ALICEDSL.DE):
HANSENET-ADSL,
MUNICH, BAYERN, DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
[Firefox:436 hits: 12-31 to 06-23] 048df78048 [0] ASM:Graph
none|none lines=61 trace

15:56:00 WinXP 87.7.142.225 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
NAPOLI, CAMPANIA, IT. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
[Firefox:59 hits: 09-28 to 06-23] e0197e8a64 [0] ASM:Graph
none|none lines=62 trace

15:57:00 WinXP 75.143.210.163 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3082 hits: 12-31 to 06-23] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:15:57:00 WinXP 75.143.210.163 (CHARTER.COM):
CHARTER COMMUNICATIONS,
US. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3082 hits: 12-31 to 06-23] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

16:05:00 WinXP 4.159.113.214 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GRAND RAPIDS, MICHIGAN, US. (DIAL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1346 hits: 12-31 to 06-23] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:16:05:00 WinXP 4.159.113.214 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GRAND RAPIDS, MICHIGAN, US. (DIAL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1346 hits: 12-31 to 06-23] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

16:09:00 WinXP 70.3.77.123 (SPCSDNS.NET):
SPRINT PCS,
US. (DSL) n/a 135 pcap raw alerts
ruleset other
19 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

16:13:00 Win2K-f 4.244.186.120 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
UNION, MISSOURI, US. (DIAL) n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

16:13:00 Win2K-f 4.153.53.151 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
GALLATIN, TENNESSEE, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 20 of 32 131351dd21
[Firefox: 5 hits: 05-22 to 06-22] none[4] none:none
none|none none trace

T:16:14:00 Win2K-f 24.198.43.225 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PORTLAND, MAINE, US. n/a 135 pcap raw alerts
ruleset other
625 lines Yeah : 1.3
profile none summary
tarball 33 of 33 d16355e15b
NEW none[4] none:none
ASPack| none trace

16:38:00 WinXP 64.126.154.114 (FSR.NET):
FIRST STEP INTERNET,
LENORE, IDAHO, US. (DIAL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1346 hits: 12-31 to 06-23] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:16:39:00 WinXP 64.126.154.114 (FSR.NET):
FIRST STEP INTERNET,
LENORE, IDAHO, US. (DIAL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1346 hits: 12-31 to 06-23] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

16:39:00 WinXP 4.232.78.163 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BREA, CALIFORNIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:16:47:00 WinXP 200.49.19.210 (BSR1000.PAPNET.CL):
PLUG AND PLAY NET S.A,
CL. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 33 e19fa0dfad
NEW none[4] none:none
PolyEnE| none trace

T:17:03:00 WinXP 24.80.165.36 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
96 lines Yeah : 1.3
profile none summary
tarball 31 of 32
0 of 33
2 of 32 607b60ad51
NEW
e07c29c4ae
[Firefox:25 hits: 06-19 to 06-23]
e5c7bce70e
NEW none[4]
e07c29c4ae[1]
e5c7bce70e[1] none:none
ASM:Graph
ASM:Graph
tElock|
FSG|
Armadillo| none
lines=92
lines=81 trace
trace
trace

17:09:00 Win2K-f 70.165.19.58 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. n/a US:microsoft.com
US:download.microsoft.com
US:192.221.99.124:80
US:199.93.53.125:80
US:204.160.126.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:17:36:00 WinXP 70.183.161.219 (COX.NET):
COX COMMUNICATIONS,
WOONSOCKET, RHODE ISLAND, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23]
e07c29c4ae
[Firefox:25 hits: 06-19 to 06-23] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

17:41:00 Win2K-f 59.112.38.100 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:17:51:00 Win2K-f 124.125.59.228 (-):
RELIANCE INFOCOMM LIMITED,
MUMBAI, MAHARASHTRA, IN. (DSL) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:02:00 Win2K-f 75.119.36.246 (-):
. n/a 135 pcap raw alerts
ruleset other
2 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:03:00 WinXP 218.210.224.180 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.41.126:80
US:204.160.126.126:80
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:04:00 Win2K-f 67.48.114.33 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LEES SUMMIT, MISSOURI, US. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.47.126:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

18:11:00 WinXP 76.230.232.74 (SBCGLOBAL.NET):
PPPOX POOL - BRAS31.PLTN,
US. n/a US:microsoft.com
US:download.microsoft.com
US:199.93.44.126:80
US:205.128.66.124:80
US:205.128.79.124:80 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:18:36:00 Win2K-f 63.28.52.221 (UU.NET):
UUNET TECHNOLOGIES INC,
CHICAGO, ILLINOIS, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
151 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23]
b5919931fe
[Firefox:21 hits: 06-20 to 06-23] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:18:40:00 WinXP 68.145.83.221 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
116 lines Yeah : 1.3
profile none summary
tarball 31 of 33
30 of 33 9d9054829c
NEW
b69118be9f
NEW none[4]
b69118be9f[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=82 trace
trace

18:56:00 WinXP 96.15.106.137 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
19 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:19:00:00 Win2K-f 67.71.94.229 (BELL.CA):
BELL SYMPATICO,
OTTAWA, ONTARIO, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.211:80 135 pcap raw alerts
ruleset http
111 lines Yeah : 1.3
profile none summary
tarball 0 of 32
28 of 32
30 of 33 b5919931fe
[Firefox:21 hits: 06-20 to 06-23]
e592406be2
[Firefox: 2 hits: 06-19 to 06-19]
f1218dd4e7
[Firefox: 2 hits: 06-19 to 06-19] b5919931fe [1]
e592406be2[1]
none [4] ASM:Graph
ASM:Graph
none:none
ASProtect|
Armadillo|
tElock| lines=90
lines=82
none trace
trace
trace

T:19:02:00 Win2K-f 12.64.78.186 (PRSERV.NET):
AT&T GLOBAL SERVICES,
CHICAGO, ILLINOIS, US. n/a 135 pcap raw alerts
ruleset other
207 lines Yeah : 1.3
profile none summary
tarball 29 of 33 48dc88ef9d
NEW 48dc88ef9d [1] ASM:Graph
FASM| lines=81 trace

19:08:00 WinXP 218.119.176.169 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
TOKYO, TOKYO, JP. n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.144:80
US:72.247.30.211:80 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23] none[4]
a08f3b74a4[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

19:15:00 Win2K-f 118.168.4.134 (-):
. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

19:31:00 WinXP 66.50.89.177 (PRTC.NET):
PUERTO RICO TELEPHONE COMPANY,
SAN JUAN, PUERTO RICO, PR. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3082 hits: 12-31 to 06-23] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:19:32:00 WinXP 66.50.89.177 (PRTC.NET):
PUERTO RICO TELEPHONE COMPANY,
SAN JUAN, PUERTO RICO, PR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:3082 hits: 12-31 to 06-23] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:19:51:00 Win2K-f 68.145.63.87 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a :proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset other
266 lines Yeah : 1.3
profile none summary
tarball 31 of 33 d70e9267fe
NEW none[4] none:none
PolyEnE| none trace

19:56:00 Win2K-f 98.134.245.124 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:20:05:00 WinXP 125.215.205.184 (IMSBIZ.COM):
PCCW BUSINESS INTERNET ACCESS,
HONG KONG, HONG KONG (SAR), HK. (100Mbps) n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
[Firefox:18 hits: 06-17 to 06-22] 57ce4acac2 [1] ASM:Graph
Armadillo| lines=81 trace

20:13:00 Win2K-f 24.222.241.244 (EASTLINK.CA):
EASTLINK,
BEDFORD, NOVA SCOTIA, CA. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:20:16:00 WinXP 116.127.124.3 (-):
HANARO TELECOM,
SEOUL, KYONGGI-DO, KR. n/a :proxima.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
98 lines Yeah : 1.3
profile none summary
tarball 31 of 33
31 of 33 776985f561
NEW
8ec6129efe
NEW 776985f561 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

20:27:00 WinXP 218.210.84.15 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com
US:download.microsoft.com
US:199.93.46.124:80
US:204.160.126.126:80
US:205.128.79.125:80 135 pcap raw alerts
ruleset other
382 lines Yeah : 1.3
profile none summary
tarball 29 of 33
31 of 33 49f8b27cca
NEW
e414dccc52
NEW 49f8b27cca [1]
none [4] ASM:Graph
none:none
Armadillo|
ASProtect| lines=82
none trace
trace

T:20:40:00 Win2K-f 76.87.244.12 (G-M-I.NET):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. n/a US:microsoft.com
US:download.microsoft.com
US:205.128.79.124:80 135 pcap raw alerts
ruleset http
62 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
b7082104e4
[Firefox: 8 hits: 06-18 to 06-23] none[4]
none [4] none:none
none:none
tElock|
tElock| none
none trace
trace

T:20:50:00 Win2K-f 24.77.151.82 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VERNON, BRITISH COLUMBIA, CA. n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
US:199.93.41.124:80 135 pcap raw alerts
ruleset http
115 lines Yeah : 1.3
profile none summary
tarball 28 of 33
30 of 33 12df83cb4f
[Firefox: 2 hits: 06-19 to 06-22]
2e7dc3f066
[Firefox: 2 hits: 06-19 to 06-22] 12df83cb4f [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

T:20:52:00 Win2K-f 71.12.23.98 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 217.170.244.2:443 445 pcap raw alerts
ruleset shell
ftp
irc
30 lines Yeah : 1.8
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

T:20:54:00 WinXP 87.110.16.66 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 31 of 32 f2668b51f1
[Firefox: 9 hits: 08-10 to 06-20] none[4] none:none
PolyEnE| none trace

20:55:00 WinXP 170.51.76.212 (COM.AR):
CTI COMPANIA DE TELEFONAS DEL INTERIOR S.A,
AR. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:1346 hits: 12-31 to 06-23] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

21:16:00 WinXP 61.34.136.91 (BORA.NET):
DACOM CORP,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
US:download.microsoft.com
US:207.123.46.125:80
US:4.23.60.126:80
US:8.12.202.125:80 135 pcap raw alerts
ruleset other
95 lines Yeah : 1.3
profile none summary
tarball 0 of 33
29 of 32 57ce4acac2
[Firefox:18 hits: 06-17 to 06-22]
83f26f5044
NEW 57ce4acac2 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:21:17:00 Win2K-f 12.72.23.187 (ATT.NET):
AT&T WORLDNET SERVICES,
SAN DIEGO, CALIFORNIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

21:18:00 WinXP 189.64.203.200 (-):
. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 33 7ffffc0adf
NEW none[4] none:none
PolyEnE| none trace

T:21:19:00 WinXP 189.64.203.200 (-):
. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 33 0e8b1eb68b
NEW none[4] none:none
PolyEnE| none trace

21:40:00 Win2K-f 67.120.74.174 (PACBELL.NET):
NAS16.IRVNCA,
ANAHEIM, CALIFORNIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
21 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

22:24:00 WinXP 59.105.84.251 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 33 of 33 9edaa61558
NEW none[4] none:none
PolyEnE| none trace

T:22:25:00 WinXP 59.105.84.251 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 33 of 33 9edaa61558
NEW none[4] none:none
PolyEnE| none trace

22:28:00 WinXP 63.28.25.1 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a
CZ:217.170.244.2:443
CZ:82.114.64.251:443 445 pcap raw alerts
ruleset shell
ftp
18 lines Yeah : 1.3
profile none summary
tarball 25 of 28 7fdfe363d5
[Firefox:2697 hits: 12-31 to 06-23] 10862ea8b8 [0] ASM:Graph
FSG| lines=1933
embedded dns trace

22:40:00 Win2K-f 4.254.166.235 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. n/a US:microsoft.com
US:download.microsoft.com
US:72.247.30.81:80
US:72.247.30.83:80 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
73f1082158
[Firefox:52 hits: 06-18 to 06-23] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:23:12:00 Win2K-f 85.113.251.80 (CONCEPTS.NL):
CONCEPTS-CUST-FTTH-ENSCHEDE,
ENSCHEDE, OVERIJSSEL, NL. n/a :proxim.ircgalaxy.pl
US:hail.dns2go.com 445 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 0.8
profile none summary
tarball 29 of 33 122376b0c0
NEW none[4] none:none
none|none none trace

T:23:19:00 Win2K-f 203.121.180.155 (-):
COLO-CATIONPI-2-203121180128,
TH. (100Mbps) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:150 hits: 06-17 to 06-23]
a08f3b74a4
[Firefox:53 hits: 06-18 to 06-23]
b5919931fe
[Firefox:21 hits: 06-20 to 06-23] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:23:20:00 WinXP 12.72.158.224 (ATT.NET):
AT&T WORLDNET SERVICES,
SANTA BARBARA, CALIFORNIA, US. (DIAL) n/a 445 pcap raw alerts
ruleset shell
shell
ftp
shell
shell
shell
shell
20 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

23:27:00 Win2K-f 92.112.8.175 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:scorti1.dns2go.com
US:208.101.48.210:7000 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 20 of 32 fd0bf48a75
[Firefox:13 hits: 04-28 to 05-23] none[3] none:none
ASProtect| none trace

23:29:00 WinXP 193.248.251.4 (STATIC-IP.OLEANE.FR):
TELECOM,
PARIS, ILE-DE-FRANCE, FR. n/a EU:siliconfireware.ru
:wpad
DE:212.227.111.29:80
DE:217.11.54.126:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 30 of 33 55bbb36238
NEW none[4] none:none
ASPack| none trace

T:23:40:00 WinXP 85.118.101.176 (-):
EGRISI,
GE. n/a 445 pcap raw alerts
ruleset other
8 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:23:43:00 Win2K-f 222.234.234.234 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com
:proxima.ircgalaxy.pl
US:download.microsoft.com 135 pcap raw alerts
ruleset http
98 lines Yeah : 1.3
profile none summary
tarball 31 of 33
31 of 33 b74e792974
NEW
f0e73c39a8
NEW b74e792974 [1]
none [4] ASM:Graph
none:none
Armadillo|
tElock| lines=82
none trace
trace

T:23:45:00 WinXP 68.149.183.8 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
742 lines Yeah : 1.3
profile none summary
tarball 31 of 33
31 of 33 60be29c325
NEW
83b454f0d3
NEW 60be29c325 [1]
83b454f0d3[1] ASM:Graph
ASM:Graph
ASPack|
ASPack| lines=10
lines=10 trace
trace