Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

27 June 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:19:00 Win2K-f 121.72.214.207 (TELSTRACLEAR.NET):
TELECOMMUNICATIONS COMPANY,
NZ. 221.5.74.39:65520 CN:proxim.ircgalaxy.pl
US:www.maxmind.com
CN:goasi.cn
CN:lometr.pl
CN:brenz.pl
:onuka.cn
113.19.2.69:3128
MY:121.121.34.184:3128
ES:155.54.19.250:3128
186.81.95.116:3128
187.10.215.243:3128
190.201.165.72:3128
BR:200.207.64.164:3128
US:200.62.22.252:3128
MY:60.54.188.190:3128
US:64.246.48.99:666
US:64.85.163.90:3954
US:69.121.194.200:3128
HU:80.98.213.30:3128
FR:88.163.175.222:3128
MT:88.203.45.56:3128
RO:89.34.88.79:3128 445 pcap raw alerts
ruleset irc
http
http
15 lines Yeah : 0.8
profile none summary
tarball 16 of 41
24 of 40
19 of 40 af3984706f
NEW
f1bb8174e3
NEW
f37b5a8f0c
NEW 2ce58e077a [0]
ff7d442dd1[0]
dce19a471e[0] none:none
none:none
none:none
tElock|
none|none
none|none none
none
none trace
trace
trace

T:00:29:00 WinXP 82.230.151.177 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 39 of 41 98b01b5433
NEW d2dd40e849 [0] none:none
ASPack| none trace

T:00:30:00 Win2K-f 24.80.169.137 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a CN:irc.zief.pl
CN:goasi.cn
:gg.arrancar.org
CN:211.95.79.6:80
CN:221.5.74.39:65520
US:66.90.73.229:555 135 pcap raw alerts
ruleset other
348 lines Yeah : 1.3
profile none summary
tarball 34 of 40 a72398081f
NEW 3f0ad45d1c [0] none:none
tElock| none trace

T:00:39:00 Win2K-f 59.114.43.177 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:00:50:00 Win2K-f 77.254.143.212 (COM.PL):
NETIA,
PL. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 6306024fe3
NEW 4fadf3fb74 [0] none:none
ASPack| none trace

T:01:04:00 Win2K-f 78.131.99.222 (-):
EMKTV DEBRECEN DOCSIS,
BUCHAREST, BUCURESTI, RO. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:01:04:00 WinXP 76.11.132.52 (NEWWAVECOMM.NET):
NEW WAVE COMMUNICATIONS,
SIKESTON, MISSOURI, US. 67.43.236.66:10324 NL:xx.sqlteam.info
CA:xx.nadnadzz.info
:xx.enterhere.biz
CA:xx.ka3ek.com
CA:67.43.236.66:10324
NL:83.68.16.6:5190 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 1.3
profile none summary
tarball 38 of 41 07f9735f14
NEW a66b2cb30b [0] none:none
FSG| none trace

T:01:06:00 Win2K-f 78.60.212.98 (ZEBRA.LT):
LIETUVOS,
LT. n/a 139 pcap raw alerts
ruleset ftp
18 lines Yeah : 0.8
profile none summary
tarball 34 of 41 d5e59c2ed7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:01:07:00 Win2K-f 89.37.194.200 (-):
SC ALTER-NET SRL,
RO. n/a 139 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball 40 of 40 013a5ba10e
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

01:16:00 Win2K-f 202.53.84.155 (NETTLINX.COM):
NETTLINX LIMITED,
HYDERABAD, ANDHRA PRADESH, IN. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:01:19:00 WinXP 87.205.151.99 (INETIA.PL):
NETIA,
PL. (DSL) n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8bdfceaf84
NEW 8a510bc571 [0] none:none
ASPack| none trace

T:01:19:00 WinXP 86.219.123.216 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
POITIERS, POITOU-CHARENTES, FR. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 38 of 41 084b71b74d
NEW 8a425894ca [0] none:none
pex| none trace

T:01:26:00 Win2K-f 202.53.84.155 (NETTLINX.COM):
NETTLINX LIMITED,
HYDERABAD, ANDHRA PRADESH, IN. n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:01:29:00 Win2K-f 59.105.20.32 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:01:32:00 Win2K-f 78.233.18.161 (PRESTONAUTO.COM):
PROXAD INTERNET SERVICE PROVIDER IN FRANCE,
PARIS, ILE-DE-FRANCE, FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 00c4fc2fd0
NEW 1e4ad6cdb1 [0] none:none
ASPack| none trace

T:01:44:00 WinXP 62.108.218.26 (HELSINGENT.SE):
HELSINGE NET AB,
SE. n/a RU:m.drd3h.com
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 41 053e25e2e4
NEW 1e4ad6cdb1 [0] none:none
ASPack| none trace

T:01:45:00 WinXP 81.198.224.82 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 40 379a6daa0d
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:01:47:00 WinXP 125.231.214.242 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a RU:m.drd3h.com
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 0.8
profile none summary
tarball 38 of 41 053e25e2e4
NEW 1e4ad6cdb1 [0] none:none
ASPack| none trace

T:01:52:00 Win2K-f 207.177.114.131 (LVCTA.COM):
WEBSTER CALHOUN TELEPHONE CO,
FT. DODGE, IOWA, US. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 40 4dd4197eb4
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:02:03:00 WinXP 118.161.248.28 (-):
. n/a RU:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 0.8
profile none summary
tarball 30 of 39 1a6c7da535
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:02:05:00 Win2K-f 78.131.84.159 (-):
EMKTV BUDAPEST VLAN 09 DOCSIS,
BUDAPEST, BUDAPEST, HU. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:02:18:00 Win2K-f 220.129.234.7 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:02:32:00 Win2K-f 80.39.62.36 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
MADRID, MADRID, ES. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 41 e59bd3cf96
NEW f978f8c5c6 [0] none:none
ASPack| none trace

T:02:40:00 WinXP 59.104.40.176 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 40 bd81d71c06
NEW 1993ba73cd [0] none:none
PolyEnE| none trace

T:02:45:00 Win2K-f 77.89.73.19 (MEDIA.PL):
PRZEDSIEBIORSTWO PROMAX SP J,
PL. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 40 013a5ba10e
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:02:46:00 WinXP 195.174.69.193 (KABLONET.COM.TR):
CABLE OPERATOR NETWORK OF TURK TELEKOM,
ISTANBUL, ISTANBUL, TR. (DSL) n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 0.8
profile none summary
tarball 40 of 41 e3faefa56a
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

02:49:00 Win2K-f 210.211.255.32 (VSNL.NET.IN):
VIDESH SANCHAR NIGAM LTD - INDIA,
IN. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 4 of 37 8ce32ded17
NEW none[3] none:none
Armadillo| none trace

T:02:52:00 WinXP 125.232.86.80 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a RU:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 38 of 40 3490e2ea15
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:02:53:00 WinXP 118.100.22.139 (-):
. n/a RU:m.drd3h.com 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 41 9b2c7d1c22
NEW 1e4ad6cdb1 [0] none:none
ASPack| none trace

T:02:55:00 Win2K-f 151.33.37.227 (14-151.IOL.IT):
ITALIA ONLINE S.P.A,
IT. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 40 of 41 f534041536
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:02:56:00 Win2K-f 67.204.241.202 (-):
. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 40 013a5ba10e
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:03:12:00 Win2K-f 115.41.165.78 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 40 3490e2ea15
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:03:19:00 Win2K-f 113.254.166.160 (-):
. n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:03:25:00 WinXP 122.126.150.33 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 139 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:03:32:00 Win2K-f 118.166.69.30 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 36 of 41 f75c895158
NEW afaf06d6cd [0] none:none
pex| none trace

T:03:39:00 Win2K-f 59.117.65.172 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:03:50:00 WinXP 24.73.151.155 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CASSELBERRY, FLORIDA, US. n/a RU:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
21 lines Yeah : 0.8
profile none summary
tarball 39 of 40 c00b8f7dba
NEW ab49b49a1e [0] none:none
ASPack| none trace

T:03:53:00 Win2K-f 85.136.139.144 (ONO.COM):
CABLEMODEM-AUNA-ZONA-SUR,
MADRID, MADRID, ES. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:04:02:00 Win2K-f 83.222.162.239 (-):
SUBSCRIBER NETWORK IN RUSSE,
RUSE, RAZGRAD, BG. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:04:10:00 Win2K-f 218.190.88.118 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:27:00 Win2K-f 87.0.251.11 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
IT. n/a RU:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:04:27:00 WinXP 114.45.138.224 (-):
. n/a RU:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 37 of 40 d8e60db98a
NEW 6991257f56 [0] none:none
pex| none trace

T:04:33:00 Win2K-f 80.14.66.234 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:04:36:00 WinXP 78.61.75.108 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
KAUNAS, KAUNO APSKRITIS, LT. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 3a1bb83dcd
NEW d316b1a994 [0] none:none
ASPack| none trace

T:04:46:00 WinXP 122.160.49.15 (122.AIRTELBROADBAND.IN):
ABTS-DSL-8972-DEL,
DELHI, DELHI, IN. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

05:03:00 Win2K-f 124.8.184.75 (TFN.NET.TW):
TAIWAN FIXED NETWORK CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:05:04:00 WinXP 67.204.246.64 (-):
. n/a RU:m.drd3h.com
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 41 053e25e2e4
NEW 1e4ad6cdb1 [0] none:none
ASPack| none trace

T:05:06:00 WinXP 119.230.93.57 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 38 of 41 7b313206a2
NEW 0c866c8cce [0] none:none
none|none none trace

T:05:35:00 Win2K-f 77.243.215.79 (GPINET.HU):
GPINET INTERNET KERESKEDELMI ES SZOLGALTATO KFT,
HU. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 40 3490e2ea15
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:05:36:00 Win2K-f 88.181.221.30 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 39 1a6c7da535
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

05:47:00 Win2K-f 77.92.142.122 (-):
HOSTING INTERNET HIZMETLERI LTD STI,
TR. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:05:55:00 WinXP 114.40.204.165 (-):
. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 40 4dd4197eb4
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:05:57:00 Win2K-f 77.92.142.122 (-):
HOSTING INTERNET HIZMETLERI LTD STI,
TR. n/a US:www.maxmind.com
US:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.68.70:80
US:64.246.48.99:666
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:06:11:00 Win2K-f 88.174.197.170 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 33 of 41 3e4b76d228
NEW ca3349caad [0] none:none
ASPack| none trace

T:06:13:00 WinXP 74.75.11.135 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PITTSFIELD, MASSACHUSETTS, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
NEW
53bfe15e91
NEW none[0]
1473091351[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=75
embedded dns trace
trace

06:20:00 Win2K-f 173.45.97.148 (-):
. n/a US:www.maxmind.com
EU:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:06:33:00 Win2K-f 114.201.123.188 (-):
. 218.93.205.24:65520 US:microsoft.com
CN:proxim.ircgalaxy.pl
CN:goasi.cn
CN:lometr.pl
CN:brenz.pl
:onuka.cn
DE:mx-ha02.web.de
US:alt4.gmail-smtp-in.l.google.com
:alt2.gmail-smtp-in.l.google.com
US:alt1.gmail-smtp-in.l.google.com
US:alt3.gmail-smtp-in.l.google.com
208.115.108.122:3954
CN:218.93.205.24:65520
CN:221.5.74.39:65520
CN:222.186.13.27:80
US:66.197.225.54:9712
US:67.19.219.74:80
US:74.53.96.138:80 135 pcap raw alerts
ruleset irc
http
241 lines Yeah : 1.8
profile none summary
tarball 4 of 41
18 of 41
29 of 32
24 of 40
19 of 40 372b880eb1
NEW
4efa213b79
NEW
8a75955033
NEW
f1bb8174e3
NEW
f37b5a8f0c
NEW 164314a8cc [0]
9e7dff694f[0]
2bf3e548b9[0]
ff7d442dd1[0]
dce19a471e[0] none:none
none:none
ASM:Graph
none:none
none:none
Armadillo|
none|none
tElock|
none|none
none|none none
none
lines=126
embedded dns
none
none trace
trace
trace
trace
trace

T:06:35:00 Win2K-f 88.172.241.104 (PROXAD.NET):
PROXAD / FREE SAS,
FR. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 31 of 33 954a98c971
NEW cdd769f7a4 [0] none:none
FSG| none trace

T:06:52:00 WinXP 211.74.91.68 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 bd81d71c06
NEW 1993ba73cd [0] none:none
PolyEnE| none trace

T:07:06:00 Win2K-f 84.163.187.63 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
KARLSRUHE, BADEN-WURTTEMBERG, DE. (DIAL) n/a GB:mx2.avg.power.net.uk
208.115.108.122:3954
CN:218.93.205.24:65520
US:66.197.225.54:9712 445 pcap raw alerts
ruleset other
79 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:07:08:00 Win2K-f 61.89.230.204 (SENSYU.NE.JP):
SNS,
KISHIWADA, MIYAGI, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:07:11:00 Win2K-f 77.253.162.173 (COM.PL):
NETIA,
PL. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 40 25d726bb10
NEW 4fadf3fb74 [0] none:none
ASPack| none trace

T:07:11:00 Win2K-f 4.230.120.12 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
AUSTIN, TEXAS, US. (DIAL) n/a
174.133.17.226:80
208.115.108.122:3954
208.115.112.138:3954
CN:221.5.74.39:65520
US:4.230.120.12:707
US:64.56.64.63:3954 135 pcap raw alerts
ruleset other
25 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:07:41:00 Win2K-f 125.232.107.142 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 39 1a6c7da535
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:07:41:00 WinXP 92.55.106.171 (IKBCC.COM):
EU-ZZ,
UK. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 4ceccaec21
NEW 6ffedb8be7 [0] none:none
PolyEnE| none trace

T:07:59:00 Win2K-f 173.45.97.148 (-):
. n/a US:www.maxmind.com
:checkip.dyndns.org
US:64.246.48.99:666
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:08:01:00 WinXP 125.230.11.19 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a RU:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball 38 of 41 084b71b74d
NEW 8a425894ca [0] none:none
pex| none trace

T:08:12:00 Win2K-f 125.225.137.248 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
irc
23 lines Yeah : 0.8
profile none summary
tarball 37 of 40 50cdd5c6cf
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:21:00 WinXP 94.251.192.171 (-):
. n/a RU:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:45:00 WinXP 79.163.133.2 (-):
IDEA,
PL. 213.219.245.212:80 218.93.205.24:65520 CN:proxim.ircgalaxy.pl
RU:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 34 of 36 9bb68450cd
NEW c2d5ac2315 [0] ASM:Graph
PolyEnE| lines=73
embedded dns trace

T:08:47:00 Win2K-f 61.229.217.188 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:54:00 Win2K-f 61.218.193.218 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
85 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:09:08:00 Win2K-f 203.70.240.205 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8ae30bb838
NEW 63f1e5f4c7 [0] none:none
ASPack| none trace

T:09:18:00 WinXP 86.170.28.70 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
UK. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
NEW none[0] none:none
PolyEnE| lines=57 trace

T:09:22:00 Win2K-f 96.11.108.201 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:09:44:00 WinXP 24.83.196.252 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a RU:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 40 of 41 25ef2f5f6d
NEW 9399e2ac48 [0] none:none
ASPack| none trace

T:09:54:00 WinXP 203.70.159.83 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8ae30bb838
NEW 63f1e5f4c7 [0] none:none
ASPack| none trace

T:10:22:00 Win2K-f 173.22.232.92 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:10:35:00 WinXP 89.44.145.18 (SMANET.RO):
JUMP NETWORK SERVICES S.R.L,
RO. n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 41 a1fba8d205
NEW 1fd5e5ad53 [0] none:none
PolyEnE| none trace

T:10:42:00 WinXP 219.113.85.157 (OCT-NET.NE.JP):
OITA CABLE TELECOM CO. LTD,
JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 36 of 40
37 of 41 a0f9032000
NEW
c6c22b482f
NEW efd993fa2a [0]
ea912a7756[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:10:57:00 Win2K-f 114.47.66.200 (-):
. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 39 1a6c7da535
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:11:14:00 WinXP 82.226.156.230 (PROXAD.NET):
PROXAD / FREE SAS,
MONTPELLIER, LANGUEDOC-ROUSSILLON, FR. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 39 of 41 d04034a8b3
NEW cbf5aba1bb [0] none:none
none|none none trace

T:11:46:00 Win2K-f 72.227.93.166 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SOUTH PORTLAND, MAINE, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:11:50:00 WinXP 70.183.96.125 (COX.NET):
COX COMMUNICATIONS,
OCEANSIDE, CALIFORNIA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:12:06:00 Win2K-f 95.84.27.70 (-):
. n/a 445 pcap raw alerts
ruleset ftp
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:07:00 WinXP 114.43.118.51 (-):
. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:12:08:00 WinXP 91.67.177.79 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 1.3
profile none summary
tarball 36 of 41 388adefa62
NEW b020897a42 [0] none:none
none|none none trace

T:12:09:00 Win2K-f 122.125.4.207 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:12:21:00 Win2K-f 77.22.3.11 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 38 of 41 ccae625eb1
NEW f2dcac5dcd [0] none:none
none|none none trace

T:12:33:00 WinXP 189.123.239.239 (-):
. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 37 of 41 ce2c5789bf
NEW 256b62a824 [0] none:none
none|none none trace

T:12:34:00 WinXP 95.88.42.49 (-):
. 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 37 of 41 7417aba821
NEW cd4b74c275 [0] none:none
none|none none trace

T:12:41:00 Win2K-f 118.165.80.183 (-):
. 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 35 of 41 aab88c1c51
NEW cf93cc0212 [0] none:none
none|none none trace

T:12:46:00 Win2K-f 78.8.99.149 (NET.PL):
DIALOG,
WROCLAW, DOLNOSLASKIE, PL. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:12:48:00 WinXP 86.11.138.149 (NTL.COM):
NTL INFRASTRUCTURE - RENFREW,
GLASGOW, SCOTLAND, UK. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
34 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:12:57:00 Win2K-f 88.76.86.15 (ARCOR-IP.NET):
ARCOR-DSL-NET,
MUNICH, BAYERN, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 37 of 41 3d6c0ae7fa
NEW 0c29ac518d [0] none:none
none|none none trace

T:13:02:00 Win2K-f 85.182.43.108 (ALICEDSL.DE):
HANSENET-ADSL,
HAMBURG, HAMBURG, DE. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 37 of 41 92f1d0587c
NEW 80711d78b0 [0] none:none
none|none none trace

T:13:13:00 WinXP 82.246.160.190 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a 139 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:22:00 Win2K-f 61.229.217.188 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:13:30:00 WinXP 122.122.131.86 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:13:36:00 Win2K-f 86.13.253.105 (NTL.COM):
NTL INFRASTRUCTURE - BAGULEY,
UK. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:13:46:00 Win2K-f 122.127.64.182 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:00:00 WinXP 77.21.48.9 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 36 of 40 64870e6cf9
NEW d0956e26bb [0] none:none
none|none none trace

T:14:03:00 Win2K-f 86.104.129.49 (CERNAVODA.RO):
SC GMB COMPUTERS SRL,
CONSTANTA, CONSTANTA, RO. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:04:00 WinXP 122.121.131.209 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 37 of 41 b9490144af
NEW 4c4890cc1f [0] none:none
ASProtect| none trace

T:14:33:00 Win2K-f 217.114.234.225 (AHA.RU):
PROVIDER LOCAL INTERNET REGISTRY,
RU. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:42:00 Win2K-f 95.90.216.35 (-):
. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 39 of 41 4720a9e8e1
NEW 14ce89722f [0] none:none
none|none none trace

T:14:55:00 WinXP 122.118.35.235 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:15:08:00 Win2K-f 114.43.16.171 (-):
. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
40 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

T:15:25:00 Win2K-f 24.76.16.197 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
41 lines Yeah : 1.3
profile none summary
tarball 36 of 41 1cc99ef6ae
NEW 08c137bf4d [0] none:none
none|none none trace

T:15:26:00 Win2K-f 59.127.224.83 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 36 of 41 f8724de9d7
NEW 733be76411 [0] none:none
none|none none trace

T:16:12:00 WinXP 95.90.63.36 (-):
. 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
16 lines Yeah : 1.3
profile none summary
tarball 34 of 41 acbb7393ca
NEW a8d3e7d79d [0] none:none
none|none none trace

T:16:26:00 Win2K-f 91.65.67.43 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 37 of 41 67a66839f7
NEW 7b1fc808a3 [0] none:none
none|none none trace

16:37:00 Win2K-f 190.55.211.77 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:17:04:00 Win2K-f 125.58.122.125 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

17:04:00 Win2K-f 114.198.166.19 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:13:00 Win2K-f 114.198.166.19 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:17:36:00 WinXP 77.243.215.79 (GPINET.HU):
GPINET INTERNET KERESKEDELMI ES SZOLGALTATO KFT,
HU. n/a RU:m.DRD3H.COM
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 40 3490e2ea15
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:18:06:00 WinXP 122.127.64.182 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:18:26:00 Win2K-f 4.177.18.93 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN DIEGO, CALIFORNIA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
122 lines Yeah : 1.3
profile none summary
tarball 37 of 41
36 of 40 47d3548e36
NEW
d8722af110
NEW ab13346633 [0]
ab30a55931[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:18:27:00 WinXP 67.8.201.249 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 d6df3972a0
NEW none[0] ASM:Graph
PolyEnE| lines=65 trace

T:18:48:00 Win2K-f 70.60.10.186 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NASHPORT, OHIO, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:54:00 Win2K-f 120.138.130.207 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
80 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

18:55:00 Win2K-f 114.116.248.244 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:19:01:00 WinXP 77.21.75.171 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset ftp
irc
15 lines Yeah : 1.3
profile none summary
tarball 38 of 41 bf2378bf7d
NEW c8f689a5f0 [0] none:none
none|none none trace

19:16:00 WinXP 70.111.8.31 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
WEST NEW YORK, NEW JERSEY, US. n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 29 of 29 32a0d7d0e0
NEW none[0] ASM:Graph
tElock| lines=81
embedded dns trace

T:20:21:00 WinXP 204.210.245.135 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HILLIARD, OHIO, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:21:12:00 WinXP 219.44.12.87 (BBTEC.NET):
SOFTBANK BB CORP,
TOKYO, TOKYO, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:21:24:00 Win2K-f 174.6.21.151 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

22:34:00 Win2K-f 118.170.90.70 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:22:43:00 Win2K-f 118.170.90.70 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
8 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

23:38:00 Win2K-f 125.232.84.39 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace