Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

17 August 2009
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:12:00 WinXP 24.105.235.246 (SPEAKEASY.NET):
US. 		n/a CA:xx.ka3ek.com
:nadsamcabran12.com 		135 pcap raw alerts
ruleset 		irc
http
352 lines 		Yeah : 1.3
profile 		none summary
tarball 		32 of 38
37 of 40		 524bc0f75c
NEW
a0a15f5ebf
NEW 		d3e9510bb3 [0]
c506c7cc86[0] 		none:none
none:none
 PENinja S|
Mew| 		none
none 		trace
trace
T:00:15:00 WinXP 114.206.140.75 (-):
. 		221.5.74.39:65520 :proxim.ircgalaxy.pl
US:microsoft.com
CN:dretis.cn
CN:kritq.cn
:onuka.cn
CN:streq.cn
114.27.179.84:3128
116.111.189.2:3128
116.72.176.230:3128
116.72.233.39:3128
116.75.103.108:3128
IN:121.246.155.76:3128
189.35.186.54:3128
189.83.57.175:3128
BR:201.29.244.222:3128
ID:203.190.55.186:3128
KR:211.192.246.42:3128
KR:211.246.229.189:3128
KR:220.86.231.116:3128
CN:60.18.226.68:3128 		135 pcap raw alerts
ruleset 		irc
http
http
152 lines 		Yeah : 1.8
profile 		none summary
tarball 		26 of 41
7 of 41
30 of 33
29 of 41
31 of 33		 0178563733
NEW
5354e986cd
NEW
87bd0a062f
NEW
bd42f36974
NEW
c7d6018f97
NEW 		b5b79679dc [0]
55eb7e6494[0]
dc70d9623a[0]
a7bcc4d8ca[0]
5c1d8bbd5b[0] 		none:none
none:none
none:none
none:none
none:none
 ASPack|
PENinja|
Armadillo|
Armadillo|
tElock| 		none
none
none
none
none 		trace
trace
trace
trace
trace
T:02:02:00 WinXP 72.185.220.62 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KISSIMMEE, FLORIDA, US. 		n/a   135 pcap raw alerts
ruleset 		other
1008 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 41 682a384fe9
NEW 		none[3] none:none
 none|none none trace
T:03:19:00 WinXP 91.188.110.92 (DOMAINUNUSED.NET):
SITEL,
PL. 		n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e63f3be55b
NEW 		0a081f4200 [0] none:none
 PolyEnE| none trace
T:04:23:00 WinXP 93.102.2.199 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:www.yahoo.com
US:www.altavista.com
:jbeegvia.ru 		135 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 17028f1eda
NEW 		none[3] none:none
 tElock| none trace
T:04:50:00 WinXP 194.126.184.69 (XCLUSIV.RO):
SC EXCLUSIV NETWORK SRL,
RO. 		67.43.236.67:10324 NL:xx.sqlteam.info
CA:xx.nadnadzz.info
:nadsamcabran12.com
NL:83.68.16.6:5190 		135 pcap raw alerts
ruleset 		irc
http
367 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 38
27 of 32		 524bc0f75c
NEW
a1684ab682
NEW 		d3e9510bb3 [0]
6d883c8d11[0] 		none:none
none:none
 PENinja S|
eXPressor| 		none
none 		trace
trace
T:04:55:00 WinXP 114.49.147.125 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 185d0c6d9f
NEW 		d524093add [0] none:none
 none|none none trace
T:05:07:00 Win2K-f 58.236.167.90 (-):
THRUNET-INFRA-INCHEON10,
SEOUL, KYONGGI-DO, KR. 		n/a :proxima.ircgalaxy.pl
US:microsoft.com 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
38 of 40		 6a4845ca11
NEW
ffafd341d9
NEW 		c23d00870b [0]
294fb27545[0] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=91 		trace
trace
05:26:00 Win2K-f 77.111.153.187 (ZELKANET.HU):
ZALAEGERSZEG CATV CLIENTS (ZELKANET DYNAMIC POOL),
ZALAEGERSZEG, ZALA, HU. 		n/a US:www.msn.com
:wospzgfcjz.biz
:bixqwg.org
NL:ccrxpsdvvik.info
:gifkzuwqquv.com
:bwaguv.net
:cujqlceyqtp.biz
:msued.net
US:xzugvuu.org
:bxtdyqxge.biz
:znqczmcflyk.com
:imihvottpg.net
:juojgtyu.com
:ndkyctxmdt.net
:xqfhq.info
NL:yniwncil.org
US:elpjfqm.info
US:sfhxgff.info
:xwuvawktftz.biz
:anldvikap.com
:tljjkrzu.info
NL:kbepli.info
US:jzgyy.org
US:agyxwhkjtw.info
:ggednxywex.org
:bnvjb.com
:yhlhdbjon.biz
:glzwmr.com
US:skkril.org
US:rzqajextlo.info
:qczkahyw.org
US:204.152.184.92:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
20 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:05:51:00 Win2K-f 211.179.174.254 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		n/a US:microsoft.com
:proxima.ircgalaxy.pl 		135 pcap raw alerts
ruleset 		other
97 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 33
31 of 33		 168aab35a3
NEW
667f0c59f3
NEW 		60b730b97e [0]
8fe2be2095[0] 		ASM:Graph
ASM:Graph
 tElock|
Armadillo| 		lines=120
embedded dns
lines=91 		trace
trace
T:07:28:00 Win2K-f 210.169.132.115 (ANTHNET.CO.JP):
CORE CREATE SYSTEM CO. LTD,
JP. (100Mbps) 		72.10.172.211:8080 US:mx1.hotmail.com
US:mailin-04.mx.aol.com
US:ftp.newaol.com
US:mailin-03.mx.aol.com
US:yutunrz.1dumb.com
:xx.enterhere.biz
NL:xx.sqlteam.info
CA:xx.ka3ek.com
NL:83.68.16.6:5190 		135 pcap raw alerts
ruleset 		http
irc
850 lines 		Yeah : 1.8
profile 		none summary
tarball 		1 of 41
39 of 41		 95113ad527
NEW
e8233f9ef5
NEW 		87137f55fc [0]
85f9aa299c[0] 		none:none
none:none
 Free|
FSG| 		none
none 		trace
trace
T:07:37:00 WinXP 12.77.130.98 (ATT.NET):
AT&T WORLDNET SERVICES,
LAWRENCEVILLE, GEORGIA, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:07:38:00 WinXP 209.250.52.106 (WISPNET.NET):
WISPNET LLC,
HOPKINSVILLE, KENTUCKY, US. 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 38 5865b09945
NEW 		4d99f4784a [0] none:none
 PolyEnE| none trace
T:08:53:00 WinXP 114.207.150.129 (-):
. 		n/a :proxima.ircgalaxy.pl
US:microsoft.com 		135 pcap raw alerts
ruleset 		other
135 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 35
33 of 35		 09d6505627
NEW
7b1709ae4c
NEW 		5c860f7b2f [0]
ce1f86bde3[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:09:07:00 WinXP 114.48.164.232 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 185d0c6d9f
NEW 		d524093add [0] none:none
 none|none none trace
T:10:31:00 WinXP 83.27.115.246 (TPNET.PL):
NEOSTRADA PLUS,
POZNAN, WIELKOPOLSKIE, PL. (DSL) 		n/a :proxima.ircgalaxy.pl
:moscow-advokat.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		35 of 36 c392067a90
NEW 		d83160e550 [0] none:none
 PolyEnE| none trace
T:10:43:00 WinXP 80.218.10.62 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 5df4dc0652
NEW 		0a3c9b3b52 [0] none:none
 PolyEnE| none trace
11:03:00 Win2K-f 173.53.20.209 (-):
. 		n/a US:www.getmyip.org
US:getmyip.co.uk
:checkip.dyndns.org
US:204.152.184.92:80
US:65.254.39.170:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:11:05:00 Win2K-f 173.29.130.232 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
29 lines 		Yeah : 1.3
profile 		none summary
tarball 		5 of 41 a992a13525
NEW 		none[3] none:none
 FASM| none trace
T:11:32:00 WinXP 84.47.197.40 (-):
PARSCYBERIAN CONSULTANTS,
AE. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:vit.ln.ua
RU:www.bbin.ru
RU:www.binbank.ru
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
49 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 9654ee8d3b
NEW 		a746fc417d [0] none:none
 ASPack| none trace
T:11:40:00 Win2K-f 4.176.120.110 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ALBUQUERQUE, NEW MEXICO, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
80 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:11:42:00 WinXP 87.173.120.86 (T-IPCONNECT.DE):
DEUTSCHE TELEKOM AG,
DE. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
NEW 		none[0] none:none
 none|none lines=61 trace
T:11:43:00 WinXP 61.193.226.23 (WAKWAK.NE.JP):
NTT-ME CORPORATION,
TOKYO, TOKYO, JP. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
39 of 41		 0aae26c5c4
NEW
c160425773
NEW 		ec71c253d1 [0]
a4d33c1e98[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:11:50:00 WinXP 83.221.85.191 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		none c05290bb06
NEW 		dddfe6a7fe [0] none:none
 PolyEnE| none trace
T:12:03:00 Win2K-f 63.246.121.100 (SPEAKEASY.NET):
US. 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:12:11:00 WinXP 24.103.196.250 (-):
. 		67.43.236.66:8080 72.10.172.211:8080 CA:xx.ka3ek.com
:nadsamcabran12.com
67.215.1.206:80
CA:67.43.236.66:8080
CA:72.10.172.211:8080 		135 pcap raw alerts
ruleset 		irc
349 lines 		Yeah : 1.8
profile 		none summary
tarball 		37 of 40 a0a15f5ebf
NEW 		c506c7cc86 [0] none:none
 Mew| none trace
T:13:42:00 WinXP 116.86.228.116 (MAXONLINE.COM.SG):
STARHUB CABLE VISION LTD,
SINGAPORE, SINGAPORE, SG. 		n/a :gg.arrancar.org 135 pcap raw alerts
ruleset 		other
186 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 11e183286c
NEW 		8a7d445a4a [0] none:none
 none|none none trace
T:14:16:00 WinXP 4.160.135.144 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SOUTH BEND, INDIANA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
152 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 8a48e5335b
NEW 		ba3ba6bf86 [0] none:none
 Armadillo| none trace
T:14:30:00 WinXP 89.111.226.151 (TEOL.NET):
TELEKOMSRPSKE,
BA. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 40 f54691063f
NEW 		6039c698cd [0] ASM:Graph
 none|none lines=59 trace
15:06:00 Win2K-f 200.103.97.244 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DIAL) 		n/a :akkjvtawntu.org
:lgoinetjbs.net
NL:skkril.org
:tdjevn.com
US:nabsefj.org
US:ooaegykgzlb.info
:tpaeaexwq.biz
:orhvulu.info
:yhlhdbjon.biz
US:ccrxpsdvvik.info
US:bixqwg.org
US:hshsbero.org
:wvozfub.com
:rudyaqanqr.net
:rybpakc.biz
:bwaguv.net
NL:zgshja.info
:imihvottpg.net
US:xdqwjxkuob.info
US:wfwlvbds.org
:oysjiozvb.net
US:dvljfplw.info
:tesmgvsr.net
:hnfnoqthfaz.com
NL:kwnmfyeluq.org
:gtsdpdt.biz
US:rzqajextlo.info
:vasexqjb.net
:bedvxow.net
:zxwbogtoi.biz
:ckkqwpwp.info
:aebac.com
:rjdedtyy.com
NL:riggpouttpo.org
:onjwion.com
:wtqgzoxbl.net
:macxg.biz
:ctpojxg.biz
:uwwrbutdkc.biz
NL:khanuhxztbo.info
US:zcqcdxcoxol.org
US:fjljxoxbvdi.org
:edpbugtnb.net
US:dzcyleckhd.org
:dbvlgko.net
US:glpcwtaphc.info
:uhsusbrzc.com
US:nsdbaall.info
US:204.152.184.92:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
4 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:15:56:00 WinXP 4.230.153.75 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN ANTONIO, TEXAS, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
861 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 41 1bb4b25c0e
NEW 		9293a2c3db [0] none:none
 StarForce| none trace
T:16:04:00 Win2K-f 173.169.214.215 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:17:06:00 WinXP 218.220.147.155 (ZAQ.NE.JP):
HIGASHI-OSAKA CABLE TELEVISION CO. LTD,
OSAKA, OSAKA, JP. 		n/a   135 pcap raw alerts
ruleset 		other
272 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 361f33c5c4
NEW 		67879d1538 [0] none:none
 PolyEnE| none trace
T:17:43:00 WinXP 63.19.132.86 (UU.NET):
UUNET TECHNOLOGIES INC,
RALEIGH, NORTH CAROLINA, US. 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 01d5815222
NEW 		9a81965a5c [0] none:none
 PolyEnE| none trace
18:10:00 Win2K-f 122.199.191.49 (NEXG.NET):
NEXG,
KR. 		n/a US:trafficconverter.biz
US:www.msn.com
:nkqmg.com
:eswet.net
:qmzztuhap.com
:vlcfnv.biz
US:ajoibiea.info
:oyhwzodm.info
:fagacuo.com
NL:fqhzehgs.org
:lzeet.com
US:hnomcj.info
:zulykknsxl.biz
:pbvywehty.net
:xblka.biz
:vkutdicmbq.com
:hbkbezpl.net
:lphncbds.net
:euczwke.biz
DE:ceppc.com
:ysvtflxrbm.biz
US:hgevvg.org
US:mjtzpxkdz.org
:kcpvmandg.net
:hjxqbb.biz
:eamdtuxt.com
NL:igmbawvx.org
US:zhuodcdq.info
:kdtjhhcpned.biz
:pyofherogrc.com
:fahfxdfzxp.biz
:wwtjqcort.info
US:204.152.184.92:80
US:65.55.17.27:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:18:55:00 WinXP 74.220.0.182 (CHIBARDUN.NET):
CHIBARDUN TELEPHONE COOPERATIVE INC,
DALLAS, WISCONSIN, US. (DIAL) 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
http
49 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
NEW 		none[0] none:none
 ASPack| lines=281
embedded dns 		trace
T:19:15:00 WinXP 96.8.189.107 (-):
. 		67.43.236.67:10324 CA:xx.nadnadzz.info
:nadsamcabran12.com 		135 pcap raw alerts
ruleset 		irc
http
302 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 38
32 of 38		 4e9fe62355
NEW
524bc0f75c
NEW 		a6117c4a34 [0]
d3e9510bb3[0] 		ASM:Graph
none:none
 Mew|
PENinja S| 		lines=425
embedded dns
none 		trace
trace
T:19:23:00 WinXP 211.244.182.150 (HAEDONGTEK.CO.KR):
THRUNET CO. LTD,
SEOUL, KYONGGI-DO, KR. 		n/a :proxim.ircgalaxy.pl
US:microsoft.com 		135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 33
28 of 33		 533d15b5ce
NEW
58c343a8d8
NEW 		c67adf46e2 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=126
embedded dns
lines=91 		trace
trace
T:19:33:00 WinXP 207.5.200.230 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:20:44:00 Win2K-f 72.215.32.113 (COX.NET):
COX COMMUNICATIONS,
NICEVILLE, FLORIDA, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
21:15:00 Win2K-f 189.99.196.149 (-):
. 		n/a NL:www.ask.com
US:mwmldyoyzjr.org
:kgnvgvwmvb.biz
:vmzsdxiwrfm.biz
US:agbjj.info
:akgjd.net
US:alqjsxeu.org
:eswet.net
:clhqf.com
:rszxhbqor.biz
:pnulnt.biz
:zulykknsxl.biz
:bxmpdf.biz
US:mbxuhlhdyav.info
US:jkkyonyra.org
:igmbawvx.org
NL:gxbqh.org
:wojgoir.net
US:wwtjqcort.info
:sdqqey.com
:wpsgzafr.com
:ffhzl.net
:pyofherogrc.com
:calauthjw.biz
US:zhuodcdq.info
US:rvmiv.info
:pcnjikx.org
NL:sxckhilan.info
:qmzztuhap.com
US:utvxxaehl.info
US:zgttteskau.info
US:204.152.184.92:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:22:23:00 Win2K-f 4.177.18.206 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN DIEGO, CALIFORNIA, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41
36 of 40		 47d3548e36
NEW
d8722af110
NEW 		ab13346633 [0]
ab30a55931[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
22:26:00 WinXP 59.112.170.129 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 40 74b3d149e8
NEW 		cef0fa2981 [0] none:none
 PolyEnE| none trace
T:22:40:00 WinXP 119.234.37.111 (-):
. 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 119ec42aa0
NEW 		fd3c61c261 [0] none:none
 PolyEnE| none trace