Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

03 September 2009
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:20:00 Win2K-f 220.139.53.13 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
00:25:00 Win2K-f 213.216.245.12 (SUOMI.NET):
OULU TELEPHONE COMPANY,
OULU, OULUN LAANI, FI. 		n/a  
US:204.152.184.139:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:00:40:00 WinXP 92.81.98.131 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:00:41:00 Win2K-f 77.21.170.92 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 a670739fa3
NEW 		none[none] none:none
 none|none none none
T:00:49:00 WinXP 89.218.204.245 (ADSL.ONLINE.KZ):
KAZAKHTELECOM DATA NETWORK ADMINISTRATION,
KZ. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:01:04:00 WinXP 114.48.157.80 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 747580a7f5
NEW 		none[none] none:none
 none|none none none
T:01:15:00 WinXP 125.228.109.251 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:01:26:00 Win2K-f 114.58.196.211 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:01:29:00 Win2K-f 92.124.172.235 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 0869445e1f
NEW 		none[none] none:none
 none|none none none
T:01:36:00 WinXP 61.64.103.18 (SO-NET.NET.TW):
SONY NETWORK TAIWAN LIMITED,
TAOYUAN, T'AI-WAN, TW. (DSL) 		n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 eda3b7766c
NEW 		7556343561 [0] none:none
 PolyEnE| none trace
T:01:47:00 WinXP 188.193.251.244 (DAVITA.COM):
VARIOUS REGISTRIES,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 1290ef7964
NEW 		none[none] none:none
 none|none none none
T:01:49:00 Win2K-f 78.49.112.23 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:01:56:00 Win2K-f 93.209.158.43 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		87.118.98.185:7000 DE:sobiesk1.myftp.org
DE:87.118.98.185:7000 		139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 40 88ae32e138
NEW 		5abec5b133 [none] none:none
 Armadillo| none none
T:01:59:00 WinXP 77.20.144.62 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 b42dd1b532
NEW 		none[none] none:none
 none|none none none
02:01:00 Win2K-f 130.13.171.22 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a US:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:204.152.184.139:80
208.78.70.70:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:02:09:00 Win2K-f 91.138.119.138 (-):
ZIKSUHR.CH A CABLETV AND INTERNET PROVIDER,
ZURICH, ZURICH, CH. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 5b32d88412
NEW 		none[none] none:none
 none|none none none
T:02:10:00 WinXP 87.123.141.174 (VERSANET.DE):
VERSATEL DEUTSCHLAND DYNAMIC POOL,
DE. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:02:28:00 WinXP 58.12.179.101 (UCOM.NE.JP):
IML,
JP. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 51117df63b
NEW 		none[none] none:none
 none|none none none
T:02:29:00 WinXP 95.91.220.76 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 fbdf43d028
NEW 		none[none] none:none
 none|none none none
T:02:30:00 Win2K-f 125.224.143.249 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a   445 pcap raw alerts
ruleset 		other
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:02:32:00 WinXP 85.65.48.188 (BARAK-ONLINE.NET):
BARAK I.T.C,
IL. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:02:52:00 Win2K-f 93.114.117.186 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		27 of 41 de2a8e3f8e
NEW 		032d753367 [0] none:none
 PENinja S| none trace
T:02:56:00 Win2K-f 124.13.139.177 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
MY. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 ced3a3b992
NEW 		none[none] none:none
 none|none none none
T:03:02:00 WinXP 117.39.236.97 (163DATA.COM.CN):
CHINANET SHANXI(SN) PROVINCE NETWORK,
BEIJING, BEIJING, CN. 		213.219.245.212:80 91.212.220.156:65520 FR:proxim.ircgalaxy.pl
RU:citi-bank.ru
CN:gidromash.cn 		445 pcap raw alerts
ruleset 		http
irc
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		34 of 36 9bb68450cd
NEW 		c2d5ac2315 [0] ASM:Graph
 PolyEnE| lines=73
embedded dns 		trace
T:03:06:00 Win2K-f 91.65.193.183 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:03:14:00 WinXP 203.184.0.5 (CALLPLUS.NET.NZ):
CALLPLUS SERVICES LIMITED,
HAMILTON, WAIKATO, NZ. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com 		445 pcap raw alerts
ruleset 		http
http
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 3037a9879a
NEW 		none[none] none:none
 none|none none none
T:03:19:00 WinXP 187.22.129.16 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 116733a20e
NEW 		none[none] none:none
 none|none none none
T:03:27:00 Win2K-f 220.141.44.105 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:03:27:00 WinXP 91.65.192.197 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a US:s.unicat.org
:www.proxy-socks.net
GB:olb2.nationet.com
RU:www.mmbank.ru
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
http
16 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 e25390be6c
NEW 		none[none] none:none
 none|none none none
T:04:03:00 WinXP 114.38.106.182 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:04:03:00 WinXP 114.59.181.4 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 0ec9f6119e
NEW 		none[none] none:none
 none|none none none
T:04:14:00 Win2K-f 193.201.18.185 (NET.PL):
RYSZARD CICHOWLAS GDANSK,
GDYNIA, POMORSKIE, PL. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:23:00 WinXP 93.81.157.174 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:04:59:00 WinXP 87.122.35.169 (VERSANET.DE):
VERSATEL DEUTSCHLAND DYNAMIC POOL,
DE. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:05:00:00 Win2K-f 77.20.20.27 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 bac2f7273b
NEW 		none[none] none:none
 none|none none none
T:05:19:00 WinXP 114.51.185.59 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:05:19:00 Win2K-f 188.192.18.139 (DAVITA.COM):
VARIOUS REGISTRIES,
UK. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 bac2f7273b
NEW 		none[none] none:none
 none|none none none
T:05:22:00 Win2K-f 95.24.187.121 (-):
. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:05:26:00 Win2K-f 218.173.240.34 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:05:26:00 WinXP 95.88.37.6 (-):
. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
42 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 64d6d6a6cc
NEW 		98c8e821c9 [none] none:none
 none|none none none
T:05:32:00 Win2K-f 83.68.70.108 (TNP.PL):
TELENETCENTRUM-NET,
PL. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
54 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:05:41:00 WinXP 85.177.200.87 (ALICEDSL.DE):
HANSENET-ADSL,
DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:05:47:00 Win2K-f 212.106.25.120 (POLBOX.PL):
POLBOX,
PL. 		n/a DE:sobiesk1.myftp.org
DE:87.118.98.185:7000 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		13 of 40 88ae32e138
NEW 		5abec5b133 [none] none:none
 Armadillo| none none
T:05:47:00 WinXP 114.51.55.70 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:05:58:00 WinXP 78.226.213.146 (PRESTONAUTO.COM):
PROXAD INTERNET SERVICE PROVIDER IN FRANCE,
PARIS, ILE-DE-FRANCE, FR. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 6f495c833b
NEW 		ffd498f313 [none] none:none
 none|none none none
T:06:11:00 Win2K-f 114.36.45.180 (-):
. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:06:18:00 Win2K-f 77.22.111.132 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41 2da17c36c9
NEW 		1bb111b86b [none] none:none
 none|none none none
T:06:22:00 Win2K-f 118.171.177.131 (-):
. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
06:34:00 Win2K-f 89.45.112.13 (CLAX.RO):
ISP,
TIMISOARA, TIMIS, RO. 		n/a US:www.maxmind.com
US:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
208.78.70.70:80
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		2 of 37 409ef22885
NEW 		none[3] none:none
 UPX| none trace
T:06:35:00 Win2K-f 188.193.43.72 (DAVITA.COM):
VARIOUS REGISTRIES,
UK. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
23 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 93970242a3
NEW 		none[none] none:none
 none|none none none
T:06:39:00 Win2K-f 88.134.24.122 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. (DSL) 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 40 0cf4c38ae2
NEW 		82bf36e112 [0] none:none
 none|none none trace
T:06:45:00 WinXP 77.20.161.52 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 5cb6f28328
NEW 		ca4f0f9c18 [none] none:none
 none|none none none
T:06:49:00 WinXP 114.59.29.247 (-):
. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
81 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:06:51:00 WinXP 66.184.4.23 (LDMI.COM):
TALK AMERICA,
DETROIT, MICHIGAN, US. 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 b27d73bfcb
NEW 		473c6454ce [0] ASM:Graph
 PolyEnE| lines=68 trace
T:06:52:00 WinXP 118.109.114.44 (-):
. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:07:03:00 WinXP 86.63.97.103 (COM.PL):
ASTA-NET CUSTOMERS,
PL. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:07:00 Win2K-f 95.84.53.151 (-):
. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:18:00 WinXP 125.233.217.242 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:07:26:00 Win2K-f 119.234.25.203 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:27:00 Win2K-f 81.84.169.125 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. 		n/a   445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 ca75597f85
NEW 		none[none] none:none
 none|none none none
T:07:43:00 WinXP 207.5.200.230 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:07:48:00 Win2K-f 114.206.113.136 (-):
. 		91.121.221.157:65520 91.212.220.156:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
CN:gidromash.cn
CN:ottopay.cn
US:64.235.53.208:80 		135 pcap raw alerts
ruleset 		irc
http
137 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
28 of 33
8 of 41		 533d15b5ce
NEW
58c343a8d8
NEW
dedb9bcef0
NEW 		c67adf46e2 [0]
none [0]
23233d4cd8[0] 		ASM:Graph
none:none
none:none
 tElock|
Armadillo|
Xtreme-Pr| 		lines=126
embedded dns
lines=91
none 		trace
trace
trace
T:07:57:00 WinXP 92.114.192.120 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		91.121.221.157:65520 EU:proxim.ircgalaxy.pl
CN:gidromash.cn
CN:ottopay.cn
US:64.235.53.208:80
FR:91.121.221.157:65520 		445 pcap raw alerts
ruleset 		http
irc
24 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 39
8 of 41		 dab4da4e21
NEW
dedb9bcef0
NEW 		e63b813015 [0]
23233d4cd8[0] 		ASM:Graph
none:none
 PolyEnE|
Xtreme-Pr| 		lines=134
none 		trace
trace
T:07:58:00 Win2K-f 114.36.29.71 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 a20e564b54
NEW 		8034b235b4 [0] none:none
 none|none none trace
T:08:09:00 Win2K-f 80.140.106.49 (T-DIALIN.NET):
DEUTSCHE TELEKOM AG,
BAMBERG, BAYERN, DE. (DIAL) 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:08:24:00 WinXP 95.91.0.97 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:08:25:00 Win2K-f 59.147.208.68 (SO-NET.NE.JP):
SO-NET SERVICE,
OSAKA, OSAKA, JP. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 c98b7aa82a
NEW 		3fbb550df7 [none] none:none
 none|none none none
T:08:26:00 Win2K-f 91.66.5.115 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 74d54b3e54
NEW 		none[none] none:none
 none|none none none
T:08:29:00 WinXP 77.20.137.5 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:www.1440wrok.com
DE:www.mar-y-sol.com
:xposeegypt.com
:booksfolder.net
US:mailin-02.mx.aol.com
US:yucelcavdar.com
EU:mx1.yandex.ru
US:mailin-01.mx.aol.com
US:mailin-03.mx.aol.com
US:mailin-04.mx.aol.com
:mxs.mail.ru
:mx2.yandex.ru
RU:imx1.rambler.ru
US:c.mx.mail.yahoo.com
US:d.mx.mail.yahoo.com
US:66.252.13.214:2081
US:72.232.11.26:80 		445 pcap raw alerts
ruleset 		ftp
http
38 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 41 1baff03987
NEW 		14927e172a [0] none:none
 none|none none trace
08:40:00 Win2K-f 217.129.210.170 (SM-217-129-214-10.NETVISAO.PT):
CABOVISAO SA,
PORTO, PORTO, PT. 		n/a US:www.w3.org
:fxitixxcxml.com
:jmolyojyf.com
NL:vzcpgpau.info
:hiiykaasb.net
:mydhlr.com
:tccsat.biz
US:fzycgbaxkm.info
:ocmmh.info
NL:qveyx.info
:dlvwh.biz
:wxkgzvtxwr.biz
:fdastpcpo.net
:vbenu.com
NL:kxoxufpywqv.info
:yixotngs.biz
US:fscnpvkiw.info
US:ebwkjua.org
:vvesydhsw.net
:buildxnu.com
:kjofcd.biz
:bbbwjpwgme.com
:arrjbti.net
:oggsojb.biz
:mbwdudt.com
:cqflqb.net
US:lvstje.info
:dzcibc.net
US:danhyjzyr.info
:whofjzxn.com
:rpygyqzz.biz
:hqogoka.net
US:wqssxvwyo.info
:tqnhse.net
:xdmzju.net
:huesq.com
:daxwfnkkny.biz
:xhbmns.com
:lfhcrpa.com
US:sjpnvgyibv.info
US:oxopfzrs.info
:udxqhwz.biz
:fzsmjee.org
NL:eocohwe.org
:qweloziefzw.net
US:gktft.info
:fjeiuphnwn.biz
:xgjbwrjrkas.com
:slncxyiwwgx.org
:ijsntc.com
US:nsebxofqua.info
:fulegyig.com
:dtdhslhr.biz
US:trkvhfhi.org
:oyqyr.com
NL:ezonpy.info
:cwdggiogbo.net
US:toppxgcu.info
:smuujk.net
:aczolj.net
:xpvdid.net
:msvompuvy.com
:oojucfs.com
:ytfjflvm.net
US:jxcfwbqa.info
:aboxpmuob.com
US:nwyqoo.org
:zjiiicepr.com
:egyygscr.org
:jzawkjti.com
:pqnpgun.net
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
6 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:08:41:00 WinXP 78.57.130.175 (ZEBRA.LT):
LIETUVOS,
LT. 		n/a FR:sys.zief.pl
CN:gidromash.cn
CN:ottopay.cn
:www.petdoso.com
CN:dl.guarddog2009.com
US:s.unicat.org
174.36.176.242:81
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
http
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		21 of 41
31 of 41
8 of 41		 1b7635d92c
NEW
62a1cdd6b4
NEW
dedb9bcef0
NEW 		28cf6965a6 [0]
none [none]
23233d4cd8[0] 		none:none
none:none
none:none
 MEW|
none|none
Xtreme-Pr| 		none
none
none 		trace
none
trace
T:08:42:00 WinXP 188.193.126.237 (DAVITA.COM):
VARIOUS REGISTRIES,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 997848bd3a
NEW 		none[none] none:none
 none|none none none
T:08:49:00 Win2K-f 92.81.44.217 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 6a350ad847
NEW 		none[none] none:none
 none|none none none
T:08:55:00 Win2K-f 77.20.179.168 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:08:59:00 WinXP 91.66.97.191 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 87add836c6
NEW 		none[none] none:none
 none|none none none
T:09:11:00 WinXP 77.29.142.61 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		87.118.98.185:7000 DE:sobiesk1.myftp.org
DE:87.118.98.185:7000 		139 pcap raw alerts
ruleset 		ftp
irc
25 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 40 88ae32e138
NEW 		5abec5b133 [none] none:none
 Armadillo| none none
T:09:21:00 Win2K-f 65.32.211.91 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. 		n/a   135 pcap raw alerts
ruleset 		other
1008 lines 		Yeah : 1.3
profile 		none summary
tarball 		10 of 41 4bab32523d
NEW 		none[3] none:none
 none|none none trace
T:09:26:00 WinXP 89.123.153.173 (PLATINUMGROUP.RO):
ARTELECOM,
BUCHAREST, BUCURESTI, RO. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:09:44:00 WinXP 94.251.150.61 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 b32ad614bc
NEW 		none[none] none:none
 none|none none none
T:09:46:00 Win2K-f 91.66.12.41 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 41 8c91a7ccb1
NEW 		d91e25afc8 [0] none:none
 none|none none trace
T:09:47:00 Win2K-f 24.234.68.126 (COX.NET):
COX COMMUNICATIONS INC,
LAS VEGAS, NEVADA, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:09:51:00 WinXP 61.20.138.181 (-):
FAR EASTONE TELECOMMUNICATION CO. LTD,
TW. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:10:11:00 Win2K-f 84.13.195.165 (84.IN-ADDR.ARPA):
OPAL TELECOM DSL NETWORK,
UK. 		n/a   445 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:10:28:00 Win2K-f 88.134.32.23 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. (DSL) 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 9ba97a874a
NEW 		57a4610d3c [0] none:none
 none|none none trace
T:10:28:00 WinXP 78.58.22.108 (ZEBRA.LT):
LIETUVOS,
LT. 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:10:36:00 Win2K-f 83.68.192.5 (NET2000.CH):
VIDEO200 GARE 15 2000 NEUCHATEL SWITZERLAND,
NEUCHATEL, NEUCHATEL, CH. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 3a4b9202e3
NEW 		none[none] none:none
 none|none none none
T:10:39:00 WinXP 82.114.224.8 (-):
NEW GAMMA TELECOM LTD,
NICOSIA, NICOSIA, CY. 		n/a US:f.unicat.org
US:sasgrowth.com
GB:www.relevet.com
IR:radio.irib.ir
US:www.yahoo.com
US:maellisromance.com
TR:ziyagokalpilkogretim72.meb.k12.tr
US:pingaksh.com
BE:www.railwayservices.be
US:mailin-02.mx.aol.com
US:66.252.13.214:9890
US:69.50.216.215:80
US:72.232.11.26:80 		445 pcap raw alerts
ruleset 		ftp
http
142 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 40
0 of 32		 8d60c652a3
NEW
d41d8cd98f
NEW 		89a3cd3a28 [0]
none [3] 		none:none
ASM:Graph
 ASProtect|
none|none 		none
lines=0 		trace
trace
T:11:06:00 WinXP 173.29.130.232 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 41
38 of 40		 067917e07b
NEW
d764c1dcb2
NEW 		dae35b319c [0]
3d2bc60c5d[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:11:16:00 Win2K-f 78.58.19.95 (ZEBRA.LT):
LIETUVOS,
LT. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 aa149834b9
NEW 		none[none] none:none
 none|none none none
T:11:19:00 Win2K-f 81.245.40.30 (ISP.BELGACOM.BE):
BELGACOM-ADSL,
GEEL, ANTWERPEN, BE. (DSL) 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:11:32:00 WinXP 95.89.124.220 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 bb1a100fac
NEW 		none[none] none:none
 none|none none none
T:11:47:00 Win2K-f 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
57ce4acac2
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:11:48:00 WinXP 78.53.188.61 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 39 046e0eb5f5
NEW 		7f89380d95 [0] none:none
 none|none none trace
T:11:55:00 Win2K-f 96.50.173.224 (-):
. 		n/a   135 pcap raw alerts
ruleset 		other
1008 lines 		Yeah : 1.3
profile 		none summary
tarball 		15 of 41 770a04a72c
NEW 		none[3] none:none
 none|none none trace
T:12:03:00 WinXP 78.131.53.122 (-):
EMKTV BUDAPEST VLAN 19 DOCSIS,
BUDAPEST, BUDAPEST, HU. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 7bdaa6cf11
NEW 		none[none] none:none
 none|none none none
T:12:07:00 WinXP 77.23.188.213 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 bb1a100fac
NEW 		none[none] none:none
 none|none none none
T:12:16:00 Win2K-f 58.126.178.186 (HANANET.NET):
HANARO TELECOM INC,
KR. 		91.212.220.156:65520 FR:proxima.ircgalaxy.pl
US:microsoft.com
CN:gidromash.cn
CN:ottopay.cn
:nenastiya.cn
US:64.235.53.208:80 		135 pcap raw alerts
ruleset 		irc
http
107 lines 		Yeah : 1.8
profile 		none summary
tarball 		none
1 of 40
8 of 41
38 of 40		 6a4845ca11
NEW
9ba2752f0b
NEW
dedb9bcef0
NEW
ffafd341d9
NEW 		c23d00870b [0]
none [none]
23233d4cd8[0]
294fb27545[0] 		none:none
none:none
none:none
ASM:Graph
 tElock|
UPX|
Xtreme-Pr|
Armadillo| 		none
none
none
lines=91 		trace
none
trace
trace
T:12:16:00 WinXP 89.155.249.82 (-):
TVCABO PORTUGAL S.A,
PT. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:12:33:00 WinXP 84.236.74.139 (T-ONLINE.HU):
PROVIDER LOCAL REGISTRY,
HU. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 b90c6b9264
NEW 		none[none] none:none
 none|none none none
T:12:35:00 Win2K-f 77.23.86.31 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 b4ebb4a24b
NEW 		none[none] none:none
 none|none none none
T:12:37:00 WinXP 87.123.14.241 (VERSANET.DE):
VERSATEL DEUTSCHLAND DYNAMIC POOL,
BERLIN, BERLIN, DE. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 40 fb9a13cb52
NEW 		230ea5dfa3 [none] none:none
 none|none none none
T:13:30:00 WinXP 77.29.132.41 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		87.118.98.185:7000 DE:sobiesk1.myftp.org 139 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 40 88ae32e138
NEW 		5abec5b133 [none] none:none
 Armadillo| none none
T:13:35:00 Win2K-f 91.141.28.165 (I-ONE.AT):
NETWORK OF ONE GMBH,
VIENNA, WIEN, AT. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
13:41:00 Win2K-f 89.18.22.95 (-):
SC CRISTIANO CAFFE SRL,
BUCHAREST, BUCURESTI, RO. 		n/a US:www.maxmind.com
US:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
208.78.70.70:80
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 4e533978e1
NEW 		none[3] none:none
 UPX| none trace
T:13:43:00 Win2K-f 188.193.23.246 (DAVITA.COM):
VARIOUS REGISTRIES,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 1290ef7964
NEW 		none[none] none:none
 none|none none none
T:13:56:00 WinXP 95.84.199.158 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 6ea16d7627
NEW 		none[none] none:none
 none|none none none
T:13:59:00 Win2K-f 61.229.122.185 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 bd5434d6d0
NEW 		713ce9fc31 [none] none:none
 none|none none none
T:14:03:00 WinXP 95.91.200.115 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 2f81f98c10
NEW 		none[none] none:none
 none|none none none
T:14:10:00 WinXP 213.39.151.130 (HANSENET.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 fa8f85c807
NEW 		df66a1f256 [none] none:none
 none|none none none
T:14:23:00 Win2K-f 85.245.232.59 (DSL.TELEPAC.PT):
PT.COM - COMUNICACOES INTERACTIVAS S.A,
PT. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:14:32:00 WinXP 78.159.80.98 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 4ce3b4e76c
NEW 		24892d9819 [0] none:none
 FSG| none trace
T:14:37:00 Win2K-f 83.68.70.33 (TNP.PL):
TELENETCENTRUM-NET,
PL. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:14:45:00 Win2K-f 91.65.233.154 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 36 cd6e300a29
NEW 		fba970f3f2 [0] none:none
 StarForce| none trace
T:14:46:00 Win2K-f 70.183.164.236 (COX.NET):
COX COMMUNICATIONS,
WARWICK, RHODE ISLAND, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
14:50:00 Win2K-f 93.81.35.64 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a :www.google.com
:buildxnu.com
:zcgwiju.biz
US:vzcpgpau.info
:xahtcr.com
NL:fzycgbaxkm.info
:nuatjazh.com
US:ocmmh.info
US:pjxqlvhs.info
:sjuecbwyqdy.net
:hpzee.biz
:tftjmluqsw.biz
:xsajcxpixjm.net
US:rchcwb.org
:zvmhpyrtci.biz
:qweloziefzw.net
:cwdggiogbo.net
US:uqjvflyttkg.org
:wtuzjawf.com
:bujrvi.net
US:dnxsyqgvfk.info
US:lugnvxq.info
:ttskat.biz
US:arjay.com
:lrdjfaox.com
:gnavfx.net
US:bqpqscd.info
:sbaladvoc.biz
:fjeiuphnwn.biz
:wakhnggthgt.net
:vylrzjoqn.com
:dsabvplgr.com
US:xhagplvg.org
:neartqp.com
NL:ljceszrztx.org
:jjehbbvd.com
:irbzseeut.net
US:pvazy.info
US:pjwlhuur.info
:jtzamxghq.com
:sgqiow.biz
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
8 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:14:50:00 WinXP 77.22.214.185 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 954798cb43
NEW 		none[none] none:none
 none|none none none
T:15:18:00 WinXP 78.8.7.168 (NET.PL):
DIALOG,
WROCLAW, DOLNOSLASKIE, PL. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
15:24:00 WinXP 200.70.144.193 (COM.AR):
TELEFONICA DATA ARGENTINA S.A,
BUENOS AIRES, BUENOS AIRES, AR. 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 a92e3f8fc8
NEW 		none[0] ASM:Graph
 PolyEnE| lines=68 trace
T:15:39:00 WinXP 173.20.182.98 (-):
. 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 986b59708d
NEW 		none[0] none:none
 PolyEnE| lines=57 trace
T:15:47:00 Win2K-f 77.23.115.59 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 2da17c36c9
NEW 		1bb111b86b [none] none:none
 none|none none none
T:15:56:00 WinXP 78.236.208.119 (PRESTONAUTO.COM):
PROXAD INTERNET SERVICE PROVIDER IN FRANCE,
PARIS, ILE-DE-FRANCE, FR. 		n/a FR:irc.zief.pl
CN:gidromash.cn
CN:ottopay.cn
:nenastiya.cn
CN:dl.guarddog2009.com
US:s.unicat.org
US:64.235.53.208:80
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
irc
http
152 lines 		Yeah : 0.8
profile 		none summary
tarball 		19 of 41
1 of 40
8 of 41
33 of 41		 95ca496b37
NEW
9ba2752f0b
NEW
dedb9bcef0
NEW
e37403a61b
NEW 		none[none]
none [none]
23233d4cd8[0]
none [none] 		none:none
none:none
none:none
none:none
 none|none
UPX|
Xtreme-Pr|
none|none 		none
none
none
none 		none
none
trace
none
T:15:59:00 WinXP 87.122.19.40 (VERSANET.DE):
VERSATEL DEUTSCHLAND DYNAMIC POOL,
DE. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 39 18cab43993
NEW 		9315527570 [0] none:none
 none|none none trace
T:16:04:00 Win2K-f 114.38.6.23 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:16:39:00 WinXP 94.241.178.38 (-):
. 		82.98.86.170:80 EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
DE:ebookfinaltrash.ru 		445 pcap raw alerts
ruleset 		http
http
http
http
30 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 df17a625ee
NEW 		none[0] none:none
 ASPack| lines=298
embedded dns 		trace
T:17:05:00 WinXP 78.49.170.89 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:17:19:00 WinXP 70.121.218.165 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CASSELBERRY, FLORIDA, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:17:28:00 WinXP 24.105.219.43 (MHCABLE.COM):
MID-HUDSON CABLEVISION INC. (CATSKILL),
HUDSON, NEW YORK, US. (DSL) 		91.212.220.156:65520 FR:proxim.ircgalaxy.pl
CN:gidromash.cn
CN:dl.guarddog2009.com
CN:ottopay.cn
US:64.235.53.208:80 		445 pcap raw alerts
ruleset 		http
irc
32 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36
19 of 41
8 of 41		 04ed4d2967
NEW
95ca496b37
NEW
dedb9bcef0
NEW 		e8aa304d1c [0]
none [none]
23233d4cd8[0] 		none:none
none:none
none:none
 PolyEnE|
none|none
Xtreme-Pr| 		none
none
none 		trace
none
trace
T:17:36:00 Win2K-f 67.10.91.238 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:17:57:00 Win2K-f 69.193.41.59 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:18:05:00 WinXP 76.91.43.48 (-):
. 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 986b59708d
NEW 		none[0] none:none
 PolyEnE| lines=57 trace
T:18:14:00 Win2K-f 66.220.226.83 (VERMONTEL.NET):
VERMONT TELEPHONE COMPANY INC,
CHESTER, VERMONT, US. 		194.67.57.20:80 :www.google.com.au
:jbeegvia.ru
US:www.worldbank.org
RU:prodexteam.net
DE:mail.ru
:yoiayoi.ru
:wcqahzhzn.ru
:iirpryry.ru
:rihafvu.ru
:ryryodokm.ru
:uvjiis.ru
:gwvwka.ru
:jqsbnyzkp.ru
:pvygdo.ru
:fxkyagpnw.ru
:knclvdz.ru
:trsqeigw.ru
:odokeqy.ru
:kelmpsjp.ru
:edjiesp.ru
:vllcdvv.ru
:nuksdln.ru
:tmmeno.ru
:zoxdgqx.ru
:pwvbfz.ru
:nuzbcp.ru
:bqpuqt.ru
NL:www.viruslist.com
:okskyyn.ru
:ycgnbe.ru
:yyavtgop.ru
SE:www.kavkazcenter.com
:fmqsdrjwt.ru
RU:www.cbr.ru
DE:kavkaz.co.uk
:mwllaaw.ru 		135 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		14 of 41 3a80418418
NEW 		none[none] none:none
 none|none none none
18:59:00 Win2K-f 24.78.167.209 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
NORTH VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a US:www.msn.com
US:trafficconverter.biz
:srlsldoee.com
:lmkxe.org
:yacisuqnhns.net
:xqueczprqi.com
:olyxbsie.net
:fufbwek.net
US:pcuwwgwlgd.info
:cdglai.net
:tbqpbfullud.biz
:sfftjmwp.biz
:vtydr.com
US:kxdquibi.info
US:uujhqrn.info
:lrwekjbegf.info
:gytdpq.net
US:hnikutsc.org
US:hzljqghllq.org
US:obedjcq.info
:hesdauv.net
:ehiyllvjlcp.net
:yjnozchh.net
:idlgmkn.net
US:rtakehqknn.info
US:pzobuudq.org
:gigyttsdm.com
:hdadqfijqd.net
US:lvcvjtgym.org
:jkkuzd.info
NL:svaiwj.info
:uqnegnoa.biz
US:qzwdprbtjuv.info
US:hubtvjvbm.org
US:bolsfnwyty.info
:giasrxzvmw.info
NL:sibrm.org
:cxiacbjcyxf.com
:lxlryl.com
:wnkyysxvtjk.biz
:cfcgup.net
:qkbnm.biz
:awmrdvzml.biz
US:tlrsktypg.org
:bfdfhqpvu.biz
:tgmbblivi.com
:hzwbndte.net
:sjowzi.net
:irlnehsy.net
:zfktwnva.biz
US:usrknemnc.org
:smfwcbtstq.biz
US:ffrtdk.org
:suacxguysi.net
US:bawjrmyr.info
:uwrihbryqcb.com
:ecbjaqhc.biz
:zlfturen.biz
US:yrihkn.info
US:mrqht.org
:fijwgvmj.com
:cjxebnttqwk.com
:kuttdjwf.org
:fvkqjoknf.biz
:yoykinp.biz
US:ycaltyphsw.org
:upwlxme.net
:jofppbe.net
:phhpkcjrqf.net
US:ndawwovn.org
:hgveqzwvq.net
:wjwokatycs.biz
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
22 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:19:05:00 WinXP 4.240.39.240 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MESA, ARIZONA, US. (DIAL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36 3b8b96d0db
NEW 		066792f4a4 [0] none:none
 PolyEnE| none trace
T:19:11:00 WinXP 174.1.111.202 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
39 of 41		 6abd2f0404
NEW
7bc0367ae2
NEW 		d6dee2289f [none]
80367e263e[none] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		none
none
T:19:41:00 Win2K-f 114.47.125.25 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:19:50:00 WinXP 114.38.117.121 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:20:05:00 WinXP 130.13.166.192 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   135 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:20:20:00 WinXP 118.168.23.14 (-):
. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:20:47:00 Win2K-f 122.121.180.120 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 70500e59f4
NEW 		b707db4fff [none] none:none
 none|none none none
T:21:36:00 Win2K-f 95.91.227.209 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 c2375d703b
NEW 		none[none] none:none
 none|none none none
T:22:07:00 WinXP 173.28.205.27 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 41
38 of 40		 067917e07b
NEW
d764c1dcb2
NEW 		dae35b319c [0]
3d2bc60c5d[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:22:26:00 WinXP 72.21.131.167 (-):
ACETECH USA INC,
LIBERTY LAKE, WASHINGTON, US. 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 042774a2b7
NEW 		none[0] none:none
 PolyEnE| lines=69
embedded dns 		trace
22:33:00 WinXP 72.21.131.167 (-):
ACETECH USA INC,
LIBERTY LAKE, WASHINGTON, US. 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 042774a2b7
NEW 		none[0] none:none
 PolyEnE| lines=69
embedded dns 		trace
T:22:42:00 WinXP 71.101.43.239 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
BARTOW, FLORIDA, US. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 40 5e8ccc4190
NEW 		none[none] none:none
 none|none none none
T:23:16:00 WinXP 114.48.140.118 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 40 5285741560
NEW 		60590b8b67 [0] ASM:Graph
 none|none lines=59 trace
T:23:34:00 WinXP 87.248.189.247 (87-248-181-10.STARNET.MD):
STARNET S.R.L,
MD. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 97689d16d7
NEW 		none[none] none:none
 none|none none none