Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

09 December 2009
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:08:00 WinXP 193.250.132.106 (ABO.WANADOO.FR):
WANADOO,
PARIS, ILE-DE-FRANCE, FR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 03f912899b
NEW 		none[0] none:none
 none|none lines=64 trace
00:36:00 Win2K-f 93.115.102.10 (-):
S.C. FOCUS TDR S.R.L,
RO. (DSL) 		n/a  
US:204.152.184.139:80 		445 pcap raw alerts
ruleset 		http
4 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:01:15:00 WinXP 188.192.52.10 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
DE. (DSL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad 		445 pcap raw alerts
ruleset 		http
http
http
27 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
NEW 		none[0] none:none
 ASPack| lines=298
embedded dns 		trace
T:01:24:00 Win2K-f 71.111.193.130 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
DURHAM, NORTH CAROLINA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:02:02:00 WinXP 187.2.219.214 (VIVAX.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
02:07:00 Win2K-f 83.66.57.30 (-):
DOL-SIP-NETWORK,
ISTANBUL, ISTANBUL, TR. (DSL) 		n/a US:blklie.org
US:jtpesqwaw.info
:dxdrsqli.com
:hjeoepoa.net
:sdqmmxg.org
:qbizxdq.biz
US:ukfqjbshi.org
:atlznspqarp.net
:zryhmafajlp.biz
:huvicokqavn.com
:pxybqephf.com
US:dscuu.org
:mingkqibd.biz
:ktaeeuux.net
:tvwzbqlf.com
:tzslrgqt.net
:evqqdcwgpk.biz
:fiitirsjva.com
:sbchzylo.net
:appgrlaknpz.biz
:fnmddj.biz
:lalnhkxd.biz
:ftjobagilci.com
:ynrjrqfcs.com
:rylgvythlqc.com
:tqcygpivxw.net
:xxkfu.net
:sqkgmmg.biz
:uuhvptyjhy.com
:ueobfssukqy.biz
:rtmlnqdcomv.com
:vdextzy.net
:pimgvzzij.info
:tuurphqkvm.com
US:pqjkekwhd.info
US:rkgjtv.org
:mvckwl.biz
:awpoyi.com
:pldbquviu.net
NL:wxfhw.org
US:qvocwq.info
:thcvnjobr.biz
:bvoiwfj.biz
US:ykdoeyegx.org
:waoyae.biz
:kwuxyo.com
NL:gugyf.info
:wfsxzlhf.net
US:egelakfm.info
:snriiq.biz
:whjtzncy.net
:jkkiqieg.com
:cikctnkq.com
:lbxmjkjyijk.biz
:krujjhaldz.com
:rnotuqul.biz
:ticogopt.com
:ctobijw.net
:iygetjiq.net
US:gjffvujhaq.org
:pvoohc.biz
:lrfdaor.biz
:tdrxjoa.biz
US:sslalhsvv.info
:fclqk.net
US:vkxtvdcv.info
:epmqjv.com
:akolntvu.net
NL:fjbtdwitot.info
US:xvqxevtkz.org
NL:ygvauvpfdl.info
:dabvas.com
US:pqxzotq.info
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:02:16:00 WinXP 193.250.84.114 (ABO.WANADOO.FR):
WANADOO,
PARIS, ILE-DE-FRANCE, FR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
NEW 		none[0] none:none
 none|none lines=61 trace
05:15:00 Win2K-f 62.87.65.205 (AIRTEL.NET):
GLOBAL MOBILE OPERATOR,
BARCELONA, CATALONIA, ES. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
GB:www.vouchercodez.com
:checkip.dyndns.org
US:www.getmyip.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
GB:80.82.119.191:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:05:25:00 Win2K-f 62.87.65.205 (AIRTEL.NET):
GLOBAL MOBILE OPERATOR,
BARCELONA, CATALONIA, ES. (DSL) 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
EU:getmyip.co.uk
DE:131.220.6.26:80
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
05:33:00 Win2K-f 92.115.113.238 (HOST-STATIC-92-115-28-10.MOLDTELECOM.MD):
JSC MOLDTELECOM SA,
CHISINAU, CHISINAU, MD. (DSL) 		n/a CN:www.baidu.com
US:trafficconverter.biz
NL:juwuyqdvygi.info
:dxdrsqli.com
NL:sdqmmxg.org
:riaocdjvptm.com
:jkkiqieg.com
:usrhrpqriff.biz
:vuajb.net
:rdmwvr.net
:swswabr.com
:tknekj.com
:udpxl.net
:yrwcbdbvug.biz
:doxylwnm.net
:hxfytgafwlo.com
:pazjzz.org
:tyijdlsx.net
:fbbwa.com
:lalnhkxd.biz
US:hjbptgyqi.org
CA:behod.com
:jacbh.com
:pjrilkzame.com
:uwbvmguagq.biz
:wrcdtd.com
:xxkfu.net
US:qphkw.info
US:ptskxyvc.org
US:rkgjtv.org
:jfdsncjlqk.net
:rxtugd.biz
:cikctnkq.com
US:tmwhchnco.info
:awpoyi.com
:tlbenwem.net
:ydkpmqj.com
:uuhvptyjhy.com
:rylgvythlqc.com
US:chqfmpb.info
US:auwazphf.org
:xfuiynaa.com
:htniaxic.net
US:skjobzopk.info
:gkxjtotu.com
:tzslrgqt.net
US:ieqee.info
US:szqafvcbni.org
:twwdjlz.com
NL:lgrcnvzboc.info
:zryhmafajlp.biz
:hkwcovbvfw.biz
:pubbzzpxc.info
:ynrjrqfcs.com
NL:wlqtnpbx.info
:ytqta.com
US:dscuu.org
:sqkgmmg.biz
US:gwrql.org
:xxavduz.biz
US:badgrf.info
US:tsrzsiixtc.org
:rnotuqul.biz
:nesuwlqh.info
:appgrlaknpz.biz
:lkwbtgiwld.net
:ueobfssukqy.biz
:snyobl.com
US:fjbtdwitot.info
:wtqwwh.info
NL:dkzbuhme.org
US:izymox.org
US:204.152.184.139:80
CA:74.117.116.73:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:05:33:00 Win2K-f 211.23.226.98 (-):
LIOU-TZUNG-YI-TC,
TAIPEI, T'AI-PEI, TW. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
37 of 40		 5d445c59d8
NEW
8a54950abb
NEW 		892e12db7b [0]
f6b9e43917[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:06:10:00 Win2K-f 211.37.109.34 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		193.104.94.11:65520 DE:proxim.ircgalaxy.pl
CN:giopnon.cn
CN:q.kfgrtjer.cn
:bfkq.com
:jsactivity.com
EU:colopin.cn
US:search.toptravellingtips.com
CN:www.petdoso.com
EU:streq.cn
:horobl.cn
US:search.articleswave.co.uk
:commerceclick.co.uk
173.45.105.218:8392
CN:202.97.184.196:81
204.27.57.154:80
204.27.57.154:8392
US:208.43.250.167:80
69.197.161.10:80 		139 pcap raw alerts
ruleset 		irc
http
108 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 41
38 of 41
14 of 41
29 of 41
31 of 41
11 of 41
9 of 41
11 of 41		 093fe30898
NEW
358dcb5ee9
NEW
6724d42b18
NEW
785e86954f
NEW
a2f35954d8
NEW
c285951e81
NEW
cc91564fec
NEW
f261981059
NEW 		none[none]
56844d37cb[none]
94a1eb4d51[none]
c6edee8e8b[0]
none [none]
fe138a693a[none]
2677ae881c[none]
269dcd9909[none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
UPX|
PeStubOEP|
FSG|
StarForce|
PeCompact|
Mew| 		none
none
none
none
none
none
none
none 		none
none
none
trace
none
none
none
none
T:06:19:00 Win2K-f 208.100.226.89 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
ATHENS, ALABAMA, US. (DIAL) 		88.198.228.238:65520 DE:proxim.ircgalaxy.pl
CN:av.ghura.pl
EU:colopin.cn
CN:www.petdoso.com
:commerceclick.co.uk
EU:ya.ru
CN:202.97.184.196:81 		445 pcap raw alerts
ruleset 		http
irc
http
http
http
46 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 41
31 of 41
23 of 41		 785e86954f
NEW
95e0bce7d1
NEW
9b6ea363eb
NEW 		c6edee8e8b [0]
none [none]
7a32f7a54f[none] 		none:none
none:none
none:none
 PeStubOEP|
FSG|
UPX| 		none
none
none 		trace
none
none
T:06:19:00 WinXP 218.63.112.242 (163DATA.COM.CN):
CHINANET YUNNAN PROVINCE NETWORK,
BEIJING, BEIJING, CN. (DIAL) 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
NEW 		none[0] none:none
 PolyEnE| lines=93
embedded dns 		trace
T:07:03:00 WinXP 122.53.81.60 (PLDT.NET):
IPG,
MANILA, MANILA, PH. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
104 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 39
36 of 39		 ee4c5c80ea
NEW
f37bd4ab26
NEW 		28944e2541 [0]
c78cfe6339[0] 		ASM:Graph
ASM:Graph
 tElock|
tElock| 		lines=42
lines=64
embedded dns 		trace
trace
T:08:23:00 Win2K-f 122.146.243.101 (SPARQNET.NET):
NEW CENTRY INFOCOM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
57ce4acac2
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:08:31:00 WinXP 95.25.15.103 (CORBINA.RU):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
NEW 		none[0] none:none
 none|none lines=60 trace
08:39:00 Win2K-f 95.132.228.74 (UKRTEL.NET):
UKRTELECOM IP NETWORK,
KIEV, KYYIV, UA. (DSL) 		n/a US:www.msn.com
US:skoktosly.info
:ctdnd.biz
US:sppwcg.org
NL:nesuwlqh.info
:rtmlnqdcomv.com
:gewgbihdqo.biz
:htniaxic.net
:rxtugd.biz
:huvicokqavn.com
:swhnd.com
:iygetjiq.net
:valaxcerqne.com
:tyijdlsx.net
:hznacrqxhgo.org
:wfsxzlhf.net
NL:xvqxevtkz.org
US:qvocwq.info
:pqgohz.net
:pldbquviu.net
:xxkfu.net
:usrhrpqriff.biz
US:ieqee.info
US:tlvhie.org
US:dxxobtfv.info
US:dkzbuhme.org
:glkhhbr.com
:hrlwmtcv.biz
:ikagnfmu.biz
:jacbh.com
US:qiwilkacag.org
:uvegpsla.net
US:gakaen.org
:dxdrsqli.com
:vbepeavau.net
:snyobl.com
:lkwbtgiwld.net
US:xwjopuey.info
:xfwxkor.com
:kwuxyo.com
US:chqfmpb.info
:dovadwsxcp.info
NL:wtqwwh.info
:fnmddj.biz
US:kbwwwcp.org
US:rxmqqgiek.org
:imdvda.org
:efwmsx.biz
US:pqxzotq.info
US:amxufrlv.org
US:kenjnrw.org
:lqqkh.net
:rzpumthdwbm.net
:ggohmxrsj.com
:awpoyi.com
US:vbuth.org
:fkbqgnjowu.biz
US:gugyf.info
US:rcuxqyvhhc.org
:zryhmafajlp.biz
:idodypen.biz
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
11:43:00 Win2K-f 61.224.245.11 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a :www.google.com
:hrlwmtcv.biz
:snriiq.biz
US:juwuyqdvygi.info
:uuhvptyjhy.com
:bhxylvqmk.net
:gkxjtotu.com
:snyobl.com
:lqqkh.net
:auwazphf.org
:zryhmafajlp.biz
:ggohmxrsj.com
:lbxmjkjyijk.biz
:syvzozoeot.biz
:cikctnkq.com
US:rpewcydunyx.org
US:blklie.org
US:badgrf.info
:gjffvujhaq.org
NL:dscuu.org
:fiitirsjva.com
US:vmsfugj.info
:valaxcerqne.com
:mbwmgof.com
US:vkxtvdcv.info
:vdwcjwtl.net
NL:pazjzz.org
:pxybqephf.com
:ytqta.com
:jfdsncjlqk.net
US:frppgjfxsbv.org
US:ptskxyvc.org
:bgaacugd.biz
:rdmwvr.net
:cyfpofbnwj.org
:huvicokqavn.com
US:ninweqfh.org
:jmrrginto.com
NL:wphdpgadpja.org
US:brwph.info
:fapvpftdfs.com
:ctdnd.biz
:rxmqqgiek.org
:mingkqibd.biz
NL:zmfqof.org
:skoktosly.info
US:lgrcnvzboc.info
:nhkjk.net
:uwbvmguagq.biz
:kwuxyo.com
US:jtpesqwaw.info
:gxslokxv.net
US:zyayzcx.org
:zqmmepl.org
:tvwzbqlf.com
:glkhhbr.com
NL:uhtwdpqezfi.org
:epmqjv.com
US:mhpmnvwbbfe.info
:dxxobtfv.info
US:pimgvzzij.info
:fkbqgnjowu.biz
US:egelakfm.info
:nesuwlqh.info
:tkjwgb.biz
:xfuiynaa.com
US:gakaen.org
:atlznspqarp.net
:hxfytgafwlo.com
US:qvocwq.info
US:qiwilkacag.org
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
7 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:11:44:00 WinXP 90.137.148.112 (TELE2.HR):
TELE2 INTERNET PROVIDER,
HR. (DSL) 		n/a DE:siliconfireware.ru
GB:welcome3.smile.co.uk
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
GB:195.92.84.198:80
DE:212.227.111.29:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
NEW 		none[0] none:none
 ASPack| lines=281
embedded dns 		trace
T:11:49:00 Win2K-f 4.153.8.220 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MILAN, TENNESSEE, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
106 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:12:06:00 WinXP 24.164.90.67 (RR.COM):
ROAD RUNNER HOLDCO LLC,
SIDNEY, OHIO, US. (DSL) 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
27 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
NEW 		none[0] none:none
 ASPack| lines=281
embedded dns 		trace
T:12:53:00 WinXP 89.204.198.125 (O2.IE):
O2 IRELAND MOBILE PHONE OPERATOR,
DUBLIN, DUBLIN, IE. (DSL) 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 9865c6b08a
NEW 		74a4d89dcb [none] none:none
 PolyEnE| none none
T:13:04:00 WinXP 207.5.161.171 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:13:29:00 Win2K-f 173.29.253.168 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
CHANHASSEN, MINNESOTA, US. (DSL) 		212.54.2.171:3305 :cx10man.weedns.com
JP:fx010413.whyI.org
US:gynoman.weedns.com
AR:g.0x20.biz
RU:c010x1.co.cc
JP:commgr.co.cc
FI:telephone.dd.blueline.be
RU:89.208.33.88:3305
92.240.234.164:3305 		135 pcap raw alerts
ruleset 		irc
696 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 41 cc88f4f016
NEW 		3d17903825 [0] none:none
 StarForce| none trace
14:48:00 Win2K-f 95.28.35.111 (CORBINA.RU):
INVESTELEKTROSVIAZ LTD,
MOSCOW, MOSCOW CITY, RU. (100Mbps) 		n/a US:www.w3.org
NL:ydsac.org
:ilrjlfypsa.com
:swswabr.com
US:pazjzz.org
US:wphdpgadpja.org
:rylgvythlqc.com
:hxfytgafwlo.com
:xxavduz.biz
:lkwbtgiwld.net
US:sppwcg.org
:idodypen.biz
US:qiwilkacag.org
US:jesjqqg.info
US:zqmmepl.org
US:wlqtnpbx.info
US:vkxtvdcv.info
:cyfpofbnwj.org
:mbwtkzhu.biz
US:kbwwwcp.org
:ulgmywrqgy.net
:tkjwgb.biz
:rxtugd.biz
:lalnhkxd.biz
:jacbh.com
:bssgww.com
:fbbwa.com
:hrlwmtcv.biz
US:bptcjjfmx.org
:mingkqibd.biz
NL:bjpmsyreicg.info
ES:tsisa.com
:yjlxtzzi.net
:ikagnfmu.biz
:tdrxjoa.biz
US:zyayzcx.org
:pittnzjs.org
NL:ninweqfh.org
US:xetrfbv.org
US:xvqxevtkz.org
:gewgbihdqo.biz
:sqkgmmg.biz
NL:rcuxqyvhhc.org
:gkxjtotu.com
:ytqta.com
:mvckwl.biz
:fnmddj.biz
:kwuxyo.com
US:yswhvvac.info
:bbjnxvjurs.net
:fpjafknc.net
:jshqfhlwrss.org
NL:xcktohrsnd.info
:snriiq.biz
US:rkgjtv.org
:evqqdcwgpk.biz
:rxmqqgiek.org
:twwdjlz.com
:vdextzy.net
NL:pqjkekwhd.info
:jmrrginto.com
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:16:56:00 WinXP 222.233.162.161 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		88.198.228.238:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
EU:colopin.cn
CN:www.petdoso.com
CN:202.97.184.196:81 		135 pcap raw alerts
ruleset 		irc
http
141 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
28 of 33
29 of 41
31 of 41		 533d15b5ce
NEW
58c343a8d8
NEW
785e86954f
NEW
fc390a4f44
NEW 		c67adf46e2 [0]
none [0]
c6edee8e8b[0]
none [none] 		ASM:Graph
none:none
none:none
none:none
 tElock|
Armadillo|
PeStubOEP|
FSG| 		lines=126
embedded dns
lines=91
none
none 		trace
trace
trace
none
T:17:04:00 Win2K-f 4.163.250.49 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BROOMFIELD, COLORADO, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
106 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:19:02:00 WinXP 114.48.230.165 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 40 5285741560
NEW 		60590b8b67 [0] ASM:Graph
 none|none lines=59 trace
T:19:18:00 WinXP 200.139.108.34 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
NEW 		none[0] none:none
 PolyEnE| lines=93
embedded dns 		trace
T:19:32:00 WinXP 186.124.230.205 (-):
. 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 c1918274c2
NEW 		c71803882e [none] none:none
 PolyEnE| none none
T:19:42:00 WinXP 186.9.117.193 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:19:50:00 Win2K-f 98.141.30.160 (CAVTEL.NET):
CAVALIER TELEPHONE,
NORFOLK, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
20:58:00 Win2K-f 80.180.109.163 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
TRIESTE, FRIULI-VENEZIA GIULIA, IT. (DSL) 		n/a US:www.yahoo.com
US:m.www.yahoo.com
NL:rvlnjdqb.org
:hdwsvcpmh.com
:aazsw.com
US:vmhdkecq.org
:eapmaigmym.com
US:tkhiewh.info
:ygzribun.biz
:nkzkbgeb.org
:iuxrepoo.com
:hooraf.biz
US:vjsgillv.info
:bmfce.com
:gmqgtnvzmkd.com
US:bgahrvqkx.info
:nvhlmvnuyv.net
US:lkxohtdsb.info
:ocpebdz.net
:udoheomd.net
US:ndayefovdoo.org
:wivjhpxx.org
NL:kxokdsr.org
:cvdtpvac.com
:pxqwyedatra.net
:omnphezs.com
US:hedoowx.org
:tsavx.biz
:wgjwptdhvt.net
US:gywtjad.org
US:fkonciesgi.info
US:crvolphf.org
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:21:12:00 Win2K-f 114.203.62.87 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 41
33 of 33		 8b41cb7a41
NEW
97fef473b9
NEW 		ef18d720f3 [0]
ff4e7d6992[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:21:31:00 Win2K-f 219.112.173.139 (THN.NE.JP):
TOKAI CORPORATION,
TOKYO, TOKYO, JP. (DSL) 		92.240.234.164:3305 US:cx10man.weedns.com
JP:fx010413.whyI.org
AR:gynoman.weedns.com
92.240.234.164:3305 		135 pcap raw alerts
ruleset 		irc
608 lines 		Yeah : 1.8
profile 		none summary
tarball 		39 of 40 aad01ff2b9
NEW 		719867f96c [0] none:none
 StarForce| none trace
T:22:07:00 Win2K-f 66.81.40.108 (O1.COM):
O1 DIALUP SERVICES,
PLACERVILLE, CALIFORNIA, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
151 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:22:35:00 Win2K-f 211.20.222.150 (HINET.NET):
XUN HANG TECHNOLOGY CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) 		n/a AR:cx10man.weedns.com
US:fx010413.whyI.org
92.240.234.164:3305 		135 pcap raw alerts
ruleset 		irc
695 lines 		Yeah : 1.3
profile 		none summary
tarball 		28 of 41 b8076e37ae
NEW 		52953fed05 [0] none:none
 StarForce| none trace
T:22:44:00 Win2K-f 110.11.245.222 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
5 of 41		 14f47ffd1e
NEW
50437008d9
NEW 		90bf4b99ff [0]
c1b09ac5d7[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:22:49:00 Win2K-f 4.240.24.13 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PHOENIX, ARIZONA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:23:11:00 Win2K-f 174.5.164.217 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
186 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 f3932b94a6
NEW 		910494cc45 [0] none:none
 none|none none trace
T:23:48:00 WinXP 114.48.18.82 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:23:56:00 Win2K-f 221.139.167.131 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		88.198.228.238:65520 US:microsoft.com
FR:proxim.ircgalaxy.pl
CN:giopnon.cn
CN:q.kfgrtjer.cn
CA:maxdomzhit.com
EU:colopin.cn
DE:88.198.228.238:65520
EU:91.206.201.39:80 		135 pcap raw alerts
ruleset 		irc
http
159 lines 		Yeah : 1.8
profile 		none summary
tarball 		39 of 41
38 of 41
5 of 41
11 of 41		 0e927ffe94
NEW
70d9f45041
NEW
aa109808e5
NEW
c285951e81
NEW 		e9e756f828 [none]
b91fd75bfa[none]
169a6e454c[none]
fe138a693a[none] 		none:none
none:none
none:none
none:none
 Armadillo|
tElock|
ASPack|
StarForce| 		none
none
none
none 		none
none
none
none