Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

05 January 2010
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:06:00 Win2K-f 203.91.165.198 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
NEW
b7082104e4
NEW 		1473091351 [0]
c5b49e7b82[0] 		ASM:Graph
ASM:Graph
 tElock|
tElock| 		lines=75
embedded dns
lines=41 		trace
trace
T:00:18:00 Win2K-f 24.81.57.163 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a TW:m.drd3h.com
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		32 of 41 ef816f1e7c
NEW 		none[none] none:none
 none|none none none
T:00:27:00 Win2K-f 124.84.157.165 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
TOKYO, TOKYO, JP. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 1b3d8e9fe7
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:00:43:00 Win2K-f 112.202.40.103 (PLDT.NET):
IPG,
CEBU, CEBU CITY, PH. (DIAL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 40 0448650359
NEW 		none[none] none:none
 none|none none none
T:00:56:00 Win2K-f 115.165.33.61 (CATV02.ITSCOM.JP):
ITS COMMUNICATIONS INC,
TOKYO, TOKYO, JP. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:01:05:00 Win2K-f 208.127.228.164 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 c13a6c3da5
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:01:11:00 Win2K-f 118.169.222.208 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 8887d42f5c
NEW 		afaf06d6cd [0] none:none
 pex| none trace
T:01:41:00 Win2K-f 98.141.163.84 (CAVTEL.NET):
CAVALIER TELEPHONE,
PHILADELPHIA, PENNSYLVANIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:01:44:00 Win2K-f 59.115.50.219 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e0dc02ee4b
NEW 		none[none] none:none
 none|none none none
T:01:55:00 Win2K-f 221.125.4.79 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 40 3490e2ea15
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:02:01:00 WinXP 90.21.24.92 (ABO.WANADOO.FR):
IP2000-ADSL-BAS,
PARIS, ILE-DE-FRANCE, FR. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 8128405d8c
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:02:14:00 Win2K-f 78.30.175.14 (ADSL-78-30-128-10.EUNET.RS):
YUNET INTERNATIONAL,
RS. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 c03793a035
NEW 		none[none] none:none
 none|none none none
T:02:15:00 Win2K-f 113.254.155.94 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 084b71b74d
NEW 		8a425894ca [0] none:none
 pex| none trace
T:02:46:00 Win2K-f 74.196.94.18 (SUDDENLINK.NET):
SUDDENLINK COMMUNICATIONS,
IDABEL, OKLAHOMA, US. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 2cf0ba5461
NEW 		none[none] none:none
 none|none none none
T:03:23:00 Win2K-f 125.4.12.132 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
TOKYO, TOKYO, JP. (DSL) 		92.240.234.164:3305 :cx10man.weedns.com 135 pcap raw alerts
ruleset 		irc
578 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 41 1bb4b25c0e
NEW 		9293a2c3db [0] none:none
 StarForce| none trace
T:03:31:00 Win2K-f 64.39.163.39 (GOLDEN.NET):
GOLDEN TRIANGLE ON LINE,
KITCHENER, ONTARIO, CA. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e3199ed3a3
NEW 		none[none] none:none
 none|none none none
T:03:39:00 WinXP 113.252.234.23 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 084b71b74d
NEW 		8a425894ca [0] none:none
 pex| none trace
T:03:46:00 Win2K-f 125.232.137.82 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 39 1a6c7da535
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:03:57:00 WinXP 89.42.201.211 (PRIMARIAPANTELIMON.RO):
SC PAN-NET SRL,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 40 9363d60262
NEW 		none[none] none:none
 none|none none none
T:04:09:00 Win2K-f 122.126.34.232 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   139 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:09:00 Win2K-f 24.32.238.74 (CEBRIDGE.NET):
CEBRIDGE CONNECTIONS,
PAOLA, KANSAS, US. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 1fdcad552c
NEW 		none[none] none:none
 none|none none none
T:04:39:00 Win2K-f 71.116.212.170 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:04:40:00 WinXP 88.182.140.42 (PROXAD.NET):
PROXAD / FREE SAS,
CHAMBERY, RHONE-ALPES, FR. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 40 379a6daa0d
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:04:40:00 Win2K-f 59.115.50.219 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a TW:m.drd3h.com
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e0dc02ee4b
NEW 		none[none] none:none
 none|none none none
T:05:37:00 Win2K-f 122.160.187.188 (122.AIRTELBROADBAND.IN):
ABTS-DSL-DEL,
NEW DELHI, DELHI, IN. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:05:47:00 Win2K-f 82.65.68.117 (PROXAD.NET):
PROXAD / FREE SAS,
VERSAILLES, ILE-DE-FRANCE, FR. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 013a5ba10e
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:06:00:00 Win2K-f 24.66.239.201 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CRANBROOK, BRITISH COLUMBIA, CA. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 c13a6c3da5
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:06:13:00 Win2K-f 64.130.136.176 (SCRTC.COM):
SOUTH CENTRAL RURAL TELEPHONE CO,
SAN JOSE, CALIFORNIA, US. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 40 7ea0317789
NEW 		none[none] none:none
 none|none none none
T:06:33:00 Win2K-f 66.220.100.167 (BENDCABLE.COM):
BEND CABLE COMMUNICATIONS LLC,
BEND, OREGON, US. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 8128405d8c
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:06:45:00 Win2K-f 122.2.81.96 (PLDT.NET):
MLLC7300I01_CONSUMER,
MANILA, MANILA, PH. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 41 18727a186e
NEW 		1ea861ccfa [0] none:none
 Armadillo| none trace
T:06:48:00 WinXP 200.219.109.188 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:07:53:00 Win2K-f 4.167.248.167 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW YORK, NEW YORK, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:08:11:00 Win2K-f 24.84.40.29 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:08:49:00 Win2K-f 173.22.161.143 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
SPRINGFIELD, MISSOURI, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
39 of 41		 10759405e0
NEW
d08e00dfaf
NEW 		292d343248 [0]
854c49d8c4[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:09:21:00 WinXP 186.9.187.169 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
NEW 		none[0] none:none
 PolyEnE| lines=93
embedded dns 		trace
T:09:25:00 Win2K-f 4.249.174.34 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BRIDGEPORT, WEST VIRGINIA, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
270 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
39 of 41		 53bcb942c4
NEW
6d4ed181c0
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:11:36:00 WinXP 70.240.4.93 (SWBELL.NET):
AT&T INTERNET SERVICES,
ST. LOUIS, MISSOURI, US. (DSL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
SE:kavkazcenter.com
SE:kavkazcenter.net
FI:kavkazchat.com
:chechenpress.info
GB:chechenpress.co.uk
:shaheeds.org
:daymohk.info
:chripress.org
:marsho.dk
GB:www.chechenpress.co.uk
174.46.45.151:80
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
31 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 ab5e47bf8d
NEW 		67fb5eff61 [0] none:none
 ASPack| none trace
T:12:02:00 Win2K-f 63.246.125.200 (ALTUSCGI.NET):
PRIVATE CABLE ISP SUBSCRIBER (GEORGETOWN SC MARKET),
GEORGETOWN, SOUTH CAROLINA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:12:18:00 WinXP 186.9.150.227 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 3ae357d17b
NEW 		none[0] ASM:Graph
 PolyEnE| lines=73 trace
12:36:00 WinXP 65.32.151.84 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TAMPA, FLORIDA, US. (100Mbps) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
NEW 		none[0] ASM:Graph
 PolyEnE| lines=73 trace
T:13:34:00 WinXP 70.184.248.143 (COX.NET):
COX COMMUNICATIONS,
TULSA, OKLAHOMA, US. (DSL) 		193.104.94.11:65520 FR:proxim.ircgalaxy.pl
US:microsoft.com
CN:down1130.iwillhavesexygirls.com
CN:210.51.36.215:88 		135 pcap raw alerts
ruleset 		irc
140 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 33
29 of 33		 87e1117f2a
NEW
b4fe4581c3
NEW 		3ff643aae6 [0]
599b835896[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:13:42:00 Win2K-f 68.146.211.26 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 39
40 of 41		 19f9cb1f21
NEW
a9d40bc96b
NEW 		8b1482be5d [0]
b07fa6d434[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:14:14:00 Win2K-f 71.136.17.68 (-):
MILANO DESIGN,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
85 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33
33 of 33		 73ce2b74da
NEW
79c01ec060
NEW 		none[0]
1bfd34056c[0] 		ASM:Graph
ASM:Graph
 Armadillo|
tElock| 		lines=81
lines=64
embedded dns 		trace
trace
T:15:54:00 WinXP 208.100.223.207 (1DIAL.COM):
AD-BASE SYSTEMS INC. (DBA GLOBALPOPS),
TAMPA, FLORIDA, US. (DIAL) 		n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
NEW 		none[0] ASM:Graph
 PolyEnE| lines=54 trace
T:16:04:00 Win2K-f 125.58.122.125 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:16:10:00 Win2K-f 68.146.136.164 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 39
40 of 41		 19f9cb1f21
NEW
a9d40bc96b
NEW 		8b1482be5d [0]
b07fa6d434[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:17:54:00 WinXP 67.55.129.163 (NETINS.NET):
CENTRAL SCOTT TELEPHONE,
BLAIR, NEBRASKA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:19:04:00 Win2K-f 220.214.161.28 (DION.NE.JP):
DION (KDDI CORPORATION),
YOKOHAMA, KANAGAWA, JP. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
11 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:19:49:00 Win2K-f 98.141.9.96 (CAVTEL.NET):
CAVALIER TELEPHONE,
VIRGINIA BEACH, VIRGINIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:19:59:00 WinXP 76.184.188.242 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ROWLETT, TEXAS, US. (DSL) 		n/a :moscow-advokat.ru
SE:ozbytes.dal.net
NO:london.uk.eu.undernet.org
:washington.dc.us.undernet.org
:lulea.se.eu.undernet.org
SE:ced.dal.net
SE:viking.dal.net
:brussels.be.eu.undernet.org
:caen.fr.eu.undernet.org
SE:qis.md.us.dal.net
AT:graz.at.eu.undernet.org
SE:coins.dal.net 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
NEW 		none[0] none:none
 PolyEnE| lines=93
embedded dns 		trace
T:20:36:00 Win2K-f 70.61.205.3 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WINSTON SALEM, NORTH CAROLINA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
21:42:00 WinXP 85.204.186.186 (UPCNET.RO):
SC UPC ROMANIA SA,
RO. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 3ae357d17b
NEW 		none[0] ASM:Graph
 PolyEnE| lines=73 trace
T:22:15:00 Win2K-f 110.13.218.183 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
5 of 41		 14f47ffd1e
NEW
50437008d9
NEW 		90bf4b99ff [0]
c1b09ac5d7[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:22:22:00 Win2K-f 203.114.106.150 (-):
BAMNETNARONGWITAYAKOMSCHOOL,
BANGKOK, KRUNG THEP, TH. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:22:30:00 WinXP 4.177.18.141 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SAN DIEGO, CALIFORNIA, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41
36 of 40		 47d3548e36
NEW
d8722af110
NEW 		ab13346633 [0]
ab30a55931[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:22:53:00 WinXP 4.90.3.201 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ALBA, TEXAS, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
23:50:00 Win2K-f 64.79.71.23 (-):
. 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace