Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

07 January 2010
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:09:00 Win2K-f 75.49.23.241 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
COLUMBUS, OHIO, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:00:56:00 Win2K-f 4.159.80.104 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MENOMONIE, WISCONSIN, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
157 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 40
38 of 40		 925f6538d5
NEW
ab50d2d976
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:01:15:00 Win2K-f 65.34.30.26 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLERMONT, FLORIDA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:02:12:00 WinXP 67.203.210.143 (CENTENNIALPR.NET):
CENTENNIAL DE PUERTO RICO,
SAN JUAN, PUERTO RICO, PR. (DSL) 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 40 52e666bff9
NEW 		321954f6f7 [0] none:none
 PolyEnE| none trace
T:02:29:00 Win2K-f 110.12.13.145 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
5 of 41		 14f47ffd1e
NEW
50437008d9
NEW 		90bf4b99ff [0]
c1b09ac5d7[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:02:43:00 WinXP 12.162.174.97 (COALFIELDS.NET):
MIKROTEC INTERNET SERVICES INC,
HAROLD, KENTUCKY, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:02:49:00 Win2K-f 67.55.176.51 (NETINS.NET):
WESTERN IOWA TELEPHONE,
MOVILLE, IOWA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:03:12:00 Win2K-f 122.146.81.28 (SPARQNET.NET):
NEW CENTRY INFOCOM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:03:33:00 WinXP 116.120.240.38 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
113 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
5 of 41		 14f47ffd1e
NEW
50437008d9
NEW 		90bf4b99ff [0]
c1b09ac5d7[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:03:40:00 Win2K-f 69.193.68.239 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:03:48:00 WinXP 218.210.68.92 (SPARQNET.NET):
THEFAREASTERNGROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:03:48:00 Win2K-f 71.130.22.21 (PACBELL.NET):
WILLIAM MARTINEZ DBA,
PLANO, TEXAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:03:58:00 Win2K-f 67.150.143.107 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
SACRAMENTO, CALIFORNIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
57 lines 		Yeah : 1.3
profile 		none summary
tarball 		5 of 40 80c11fb068
NEW 		none[none] none:none
 none|none none none
T:04:34:00 Win2K-f 125.4.233.221 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
40 of 41		 1b1db1c992
NEW
8a50345c2f
NEW 		a8036b5105 [0]
585123125f[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
04:36:00 Win2K-f 60.170.82.50 (CNDATA.COM):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:05:49:00 WinXP 208.110.61.166 (-):
PRIVATE CABLE ISP SUBSCRIBER (SCHAUMBURG IL MARKET),
JONESBORO, GEORGIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
71 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 33 73ce2b74da
NEW 		none[0] ASM:Graph
 Armadillo| lines=81 trace
T:05:55:00 Win2K-f 218.117.136.125 (BBTEC.NET):
JAPAN NATION-WIDE NETWORK OF SOFTBANK BB CORP,
KITAKYUSHU, FUKUOKA, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:05:59:00 Win2K-f 216.209.116.130 (BELL.CA):
SYMPATICO (BELL NEXXIA),
NEWMARKET, ONTARIO, CA. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
144 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:06:06:00 WinXP 87.123.166.254 (VERSANET.DE):
VERSATEL DEUTSCHLAND,
BOCHUM, NORDRHEIN-WESTFALEN, DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 97689d16d7
NEW 		84451cebae [0] none:none
 none|none none trace
T:07:32:00 Win2K-f 173.22.150.252 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
SPRINGFIELD, MISSOURI, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
39 of 41		 3bff218b8f
NEW
7eaf7b4470
NEW 		b570b734be [0]
8e0b194526[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:08:30:00 Win2K-f 67.125.140.230 (PACBELL.NET):
AT&T INTERNET SERVICES,
FRESNO, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:09:01:00 Win2K-f 4.240.12.48 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
PHOENIX, ARIZONA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:24:00 Win2K-f 70.184.248.143 (COX.NET):
COX COMMUNICATIONS,
TULSA, OKLAHOMA, US. (DSL) 		193.104.94.11:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
:www.liagand.cn
CN:down1130.iwillhavesexygirls.com
CN:1130.kfgrtjer.cn
:bfkq.com
:jsactivity.com
CN:ty.lnlycnc.cn
:wws.mobiec.net
CN:russia.2288.org
US:search.toptravellingtips.com
US:search.articleswave.co.uk
:sendfan.com
CA:insuranceist.com
204.27.57.154:8392
US:208.43.250.167:80
CN:210.51.36.215:88
US:66.96.221.101:8392 		135 pcap raw alerts
ruleset 		irc
http
217 lines 		Yeah : 1.8
profile 		none summary
tarball 		9 of 41
8 of 41
0 of 41
16 of 41
32 of 33
29 of 33
26 of 41
20 of 40
15 of 41		 4cc227822c
NEW
538d5f5430
NEW
6ce8f86cc9
NEW
7a3ca7fb68
NEW
87e1117f2a
NEW
b4fe4581c3
NEW
dd96e88e03
NEW
dfb985a9e0
NEW
e632b7a547
NEW 		none[none]
none [none]
none [none]
none [none]
3ff643aae6[0]
599b835896[0]
6f87541765[0]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
tElock|
Armadillo|
StarForce|
none|none
none|none 		none
none
none
none
none
none
none
none
none 		none
none
none
none
trace
trace
trace
none
none
T:10:26:00 WinXP 217.202.39.212 (-):
TELECOM ITALIA MOBILE,
ROME, LAZIO, IT. (DSL) 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
NEW 		none[0] none:none
 PolyEnE| lines=93
embedded dns 		trace
T:10:27:00 Win2K-f 99.164.23.178 (SBCGLOBAL.NET):
RANI PAL LLC,
PLANO, TEXAS, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
402 lines 		Yeah : 1.3
profile 		none summary
tarball 		11 of 36 c4c5a56ffe
NEW 		8bef2f9170 [0] none:none
 StarForce| none trace
T:11:05:00 Win2K-f 92.119.161.1 (ONTELECOMS.GR):
IP ADDRESSES FOR ON CUSTOMERS,
ATHENS, ATTIKI, GR. (DSL) 		88.198.228.238:65520 68.178.232.100:80 DE:proxim.ircgalaxy.pl
CN:down1130.iwillhavesexygirls.com
CN:1130.kfgrtjer.cn
CN:ty.lnlycnc.cn
:wws.mobiec.net
:xz.ub9.net
CN:russia.2288.org
:in.7cy.net
:in1.7cy.net
US:cardiovascularrisk.info
US:as.casalemedia.com
:pagead2.googlesyndication.com
US:images-pw.secureserver.net
:imagesak.godaddy.com
US:204.2.136.26:80
CN:218.10.18.119:44
CN:218.61.126.9:80
US:64.202.167.128:80 		445 pcap raw alerts
ruleset 		http
irc
72 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 40 dfb985a9e0
NEW 		none[none] none:none
 none|none none none
T:11:06:00 Win2K-f 61.99.41.160 (SONICANT.CO.KR):
THRUNET CO. LTD,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		122.195.190.197:65520 FR:proxima.ircgalaxy.pl
US:microsoft.com 		135 pcap raw alerts
ruleset 		irc
177 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
39 of 41		 6e2eaa0359
NEW
71ece09646
NEW 		none[4]
5e74a7c1aa[0] 		none:none
none:none
 PolyEnE|
Armadillo| 		none
none 		trace
trace
T:11:30:00 Win2K-f 4.225.147.9 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CINCINNATI, OHIO, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
196 lines 		Yeah : 1.3
profile 		none summary
tarball 		35 of 36
3 of 33		 126a1d4446
NEW
3ed16ae12d
NEW 		31867051da [0]
none [0] 		none:none
ASM:Graph
 tElock|
Armadillo| 		none
lines=81 		trace
trace
T:13:00:00 Win2K-f 173.27.240.208 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
STREAMWOOD, ILLINOIS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 40
38 of 40		 474acf88e5
NEW
68f0c14692
NEW 		1f53944b24 [0]
ccc1b24d53[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:13:05:00 Win2K-f 203.118.238.245 (-):
GRAND TAINAN TECHNOLOGY CO.LTD,
TAINAN, T'AI-WAN, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:13:58:00 Win2K-f 70.182.94.31 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. (DSL) 		193.104.94.11:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
CN:av.lometr.pl
CN:down1130.iwillhavesexygirls.com
CN:210.51.36.215:88
CN:61.235.117.71:80 		135 pcap raw alerts
ruleset 		irc
119 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 36
35 of 36		 bea8cb1865
NEW
fac78fde16
NEW 		154de51a66 [0]
882896ab05[0] 		ASM:Graph
none:none
 Armadillo|
tElock| 		lines=91
none 		trace
trace
T:14:20:00 WinXP 83.216.235.98 (HELIWEB.DE):
HELI NET TELEKOMMUNIKATION GMBH & CO. KG,
HAMM, NORDRHEIN-WESTFALEN, DE. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1a2c0e6130
NEW 		none[0] none:none
 none|none lines=60 trace
T:15:00:00 WinXP 94.197.106.109 (THREE.CO.UK):
MOBILE BROADBAND SERVICE,
UK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:15:23:00 Win2K-f 4.137.87.23 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
HUNTSVILLE, ALABAMA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
189 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:16:14:00 WinXP 173.24.113.81 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
CARBONDALE, ILLINOIS, US. (DSL) 		n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:16:26:00 Win2K-f 70.166.107.90 (COX.NET):
COX COMMUNICATIONS,
PHOENIX, ARIZONA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:16:56:00 WinXP 98.148.155.98 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PALMDALE, CALIFORNIA, US. (DSL) 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
NEW 		none[0] none:none
 PolyEnE| lines=93
embedded dns 		trace
T:17:05:00 Win2K-f 110.14.214.164 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		193.104.94.11:65520 US:microsoft.com
DE:proxim.ircgalaxy.pl
:www.liagand.cn
CN:down1130.iwillhavesexygirls.com
CN:210.51.36.215:88 		135 pcap raw alerts
ruleset 		irc
137 lines 		Yeah : 1.8
profile 		none summary
tarball 		37 of 41
38 of 41		 598636aa73
NEW
a57ddcdef0
NEW 		613af3f9a2 [0]
none [4] 		none:none
none:none
 Armadillo|
PolyEnE| 		none
none 		trace
trace
T:17:31:00 WinXP 66.19.76.32 (MCLEODUSA.NET):
PAETEC COMMUNICATIONS INC,
TAMPA, FLORIDA, US. (DSL) 		88.198.228.238:65520 DE:proxim.ircgalaxy.pl
:www.liagand.cn
CN:down1130.iwillhavesexygirls.com
CN:1130.kfgrtjer.cn
:bfkq.com
:jsactivity.com
CN:ty.lnlycnc.cn
173.45.105.218:8392
CN:210.51.36.215:88
CN:218.61.126.9:80
US:66.96.221.101:8392
DE:88.198.228.238:65520 		445 pcap raw alerts
ruleset 		http
irc
20 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 39
20 of 40
15 of 41		 dab4da4e21
NEW
dfb985a9e0
NEW
e632b7a547
NEW 		e63b813015 [0]
none [none]
none [none] 		ASM:Graph
none:none
none:none
 PolyEnE|
none|none
none|none 		lines=134
none
none 		trace
none
none
T:17:56:00 Win2K-f 174.6.76.33 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
1001 lines 		Yeah : 1.3
profile 		none summary
tarball 		7 of 41 fca7883bc4
NEW 		none[none] none:none
 none|none none none
T:18:29:00 WinXP 114.51.172.185 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 5285741560
NEW 		60590b8b67 [0] ASM:Graph
 none|none lines=59 trace
T:20:28:00 Win2K-f 206.166.195.205 (-):
LIGHT HELICOPTER TURBINE,
HUNTSVILLE, ALABAMA, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40
39 of 40		 0ca024ba9a
NEW
27c59568ba
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:20:35:00 WinXP 64.203.49.124 (MINDSPRING.COM):
EARTHLINK INC,
SAN DIEGO, CALIFORNIA, US. (DSL) 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad
:www.proxy-socks.net 		445 pcap raw alerts
ruleset 		http
http
http
http
48 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 40
0 of 40
0 of 40
29 of 29		 58cd22e7da
NEW
7ac149160c
NEW
c2ff549e82
NEW
df17a625ee
NEW 		none[none]
none [none]
none [none]
none [0] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
ASPack| 		none
none
none
lines=298
embedded dns 		none
none
none
trace
T:21:17:00 Win2K-f 67.55.129.163 (NETINS.NET):
CENTRAL SCOTT TELEPHONE,
BLAIR, NEBRASKA, US. (DSL) 		n/a DE:sys.zief.pl
:www.liagand.cn
CN:av.lometr.pl
CN:down1130.iwillhavesexygirls.com
CN:1130.kfgrtjer.cn
:bfkq.com
:jsactivity.com
CN:ty.lnlycnc.cn
:wws.mobiec.net
CN:russia.2288.org
US:search.toptravellingtips.com
173.45.105.218:8392
CN:61.235.117.71:80
US:66.96.221.101:8392 		135 pcap raw alerts
ruleset 		http
221 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32
16 of 41
0 of 40
13 of 41
26 of 41
15 of 41
36 of 40
5 of 40		 73f1082158
NEW
7a3ca7fb68
NEW
84554b2fec
NEW
a836ced040
NEW
dd96e88e03
NEW
e632b7a547
NEW
eb8a028b2c
NEW
fdcae9a8d1
NEW 		none[0]
none [none]
none [none]
none [none]
6f87541765[0]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
 Armadillo|
none|none
none|none
none|none
StarForce|
none|none
none|none
none|none 		lines=90
none
none
none
none
none
none
none 		trace
none
none
none
trace
none
none
none
T:21:58:00 Win2K-f 92.96.189.156 (NET.AE):
EMIRATES TELECOMMUNICATIONS CORPORATION,
DUBAI, DUBAI, AE. (DSL) 		n/a US:diplomatweb.com
US:images01.tzimg.com
US:domdex.com
:b.collective-media.net
:a.collective-media.net
US:ad.yieldmanager.com
US:ad.adtegrity.net
174.133.57.140:80
US:208.43.250.167:80 		445 pcap raw alerts
ruleset 		http
28 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:22:45:00 Win2K-f 173.168.62.53 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LUTZ, FLORIDA, US. (DSL) 		92.240.234.164:3305 JP:cx10man.weedns.com 135 pcap raw alerts
ruleset 		irc
696 lines 		Yeah : 1.8
profile 		none summary
tarball 		28 of 41 b8076e37ae
NEW 		52953fed05 [0] none:none
 StarForce| none trace