Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

16 January 2010
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:05:00 WinXP 121.121.200.96 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
NEW 		none[0] none:none
 none|none lines=61 trace
T:00:52:00 WinXP 217.203.106.3 (-):
TELECOM ITALIA MOBILE,
IT. (DSL) 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 c91c60dd02
NEW 		acfce17a48 [0] none:none
 PolyEnE| none trace
T:02:21:00 WinXP 59.103.198.126 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		none e3f7886e3c
NEW 		none[none] none:none
 none|none none none
T:02:33:00 Win2K-f 203.91.184.97 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:02:52:00 Win2K-f 174.6.76.33 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 40 379a6daa0d
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:02:56:00 Win2K-f 78.62.171.64 (ZEBRA.LT):
LIETUVOS,
KAUNAS, KAUNO APSKRITIS, LT. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none db12dac6c7
NEW 		none[none] none:none
 none|none none none
T:02:56:00 Win2K-f 95.180.192.2 (88.IN-ADDR.ARPA):
NEOTEL DOO EXPORT-IMPORT SKOPJE,
SKOPJE, KARPOS, MK. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
30 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 46bf358cc3
NEW 		none[none] none:none
 none|none none none
T:02:57:00 WinXP 78.58.40.94 (ZEBRA.LT):
LIETUVOS,
VILNIUS, VILNIAUS APSKRITIS, LT. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 013a5ba10e
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:03:00:00 WinXP 113.253.121.229 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 1b3d8e9fe7
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:03:01:00 Win2K-f 95.180.39.48 (IKOMLINE.NET):
IKOMLINE,
RS. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
9 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:03:13:00 Win2K-f 119.94.50.23 (PLDT.NET):
IPG,
LAS PINAS CITY, MANILA, PH. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 5fa6f2f4f2
NEW 		none[none] none:none
 none|none none none
T:03:17:00 Win2K-f 78.84.98.83 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:03:22:00 Win2K-f 86.52.195.92 (REV.STOFANET.DK):
STOFANET-INET-CIDR,
SLAGELSE, VESTSJALLAND, DK. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 8128405d8c
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:03:27:00 WinXP 88.28.111.61 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
MADRID, MADRID, ES. (DSL) 		213.219.245.212:80 RU:citi-bank.ru
DE:kidos-bank.ru 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a0139d7ad8
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:03:32:00 WinXP 125.232.100.137 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 39 1a6c7da535
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:03:33:00 Win2K-f 85.65.12.60 (BARAK-ONLINE.NET):
BARAK I.T.C,
HOLON, TEL AVIV, IL. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
28 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 4dd4197eb4
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:03:44:00 Win2K-f 113.252.29.68 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HK. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 d8e60db98a
NEW 		6991257f56 [0] none:none
 pex| none trace
T:03:46:00 Win2K-f 67.204.204.63 (PERSONA.CA):
PERSONA COMMUNICATIONS,
SUDBURY, ONTARIO, CA. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 f534041536
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:03:56:00 Win2K-f 77.254.115.243 (INETIA.PL):
INTERNETIA,
ZAWIERCIE, KATOWICE, PL. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 29a3030e16
NEW 		1d04d6dc84 [none] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:04:02:00 WinXP 86.105.220.134 (-):
SC DIVO SRL,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 40 379a6daa0d
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:04:12:00 Win2K-f 78.51.53.153 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
BERLIN, BERLIN, DE. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:21:00 Win2K-f 113.252.86.49 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 39 1a6c7da535
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:04:22:00 Win2K-f 85.67.213.196 (BACS-NET.HU):
FIBERNET COMMUNICATION CO,
BUDAPEST, BUDAPEST, HU. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
11 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:25:00 WinXP 218.190.162.107 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a TW:m.drd3h.com
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e0dc02ee4b
NEW 		none[none] none:none
 none|none none none
T:04:32:00 WinXP 77.81.200.53 (TITANNET.RO):
SC ENTERNET TEAM SRL,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 ffbb6cbe61
NEW 		1d04d6dc84 [none] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:04:37:00 Win2K-f 78.61.124.174 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
KAUNAS, KAUNO APSKRITIS, LT. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:42:00 Win2K-f 78.60.211.106 (ZEBRA.LT):
LIETUVOS,
SIAULIAI, SIAULIU APSKRITIS, LT. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:54:00 Win2K-f 118.169.218.140 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 8887d42f5c
NEW 		afaf06d6cd [0] none:none
 pex| none trace
T:04:55:00 Win2K-f 218.174.157.220 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e0dc02ee4b
NEW 		none[none] none:none
 none|none none none
T:05:00:00 WinXP 218.175.33.34 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e3faefa56a
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:05:02:00 Win2K-f 112.104.182.218 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 8128405d8c
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:05:08:00 Win2K-f 78.131.122.62 (HDSNET.HU):
DOROG DOCSIS,
HU. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 013a5ba10e
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:05:14:00 Win2K-f 220.253.99.157 (NETSPACE.NET.AU):
NETSPACE ONLINE SYSTEMS PTY LTD,
HOBART, TASMANIA, AU. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 ffbb6cbe61
NEW 		1d04d6dc84 [none] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:05:15:00 WinXP 217.162.163.109 (HISPEED.CH):
CABLECOM,
ZURICH, ZURICH, CH. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 013a5ba10e
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:05:27:00 Win2K-f 113.253.10.144 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 39 1a6c7da535
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:05:35:00 Win2K-f 79.149.138.38 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2008113582),
MADRID, MADRID, ES. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 40 9363d60262
NEW 		none[none] none:none
 none|none none none
T:05:35:00 Win2K-f 113.252.203.22 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 80563974df
NEW 		afaf06d6cd [0] none:none
 pex| none trace
T:05:47:00 WinXP 77.81.10.218 (-):
SC COBALT IT SRL,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 40 9363d60262
NEW 		none[none] none:none
 none|none none none
T:05:50:00 Win2K-f 61.229.230.250 (PRESTONAUTO.COM):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:05:52:00 Win2K-f 113.253.161.210 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 1b3d8e9fe7
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:05:53:00 Win2K-f 95.160.57.241 (VECTRANET.PL):
VECTRA TECHNOLOGIE S.A,
PL. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 4dd4197eb4
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:06:10:00 WinXP 122.125.91.114 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 39 1a6c7da535
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:06:13:00 Win2K-f 87.246.57.187 (-):
TRIPLE PLAY OF CABLETEL PLC IN SHUMEN - NEW CMTS,
SOFIA, GRAD SOFIYA, BG. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 8128405d8c
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:06:25:00 Win2K-f 87.205.213.24 (INETIA.PL):
INTERNETIA,
KATOWICE, SLASKIE, PL. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		none c9aed378f1
NEW 		none[none] none:none
 none|none none none
T:06:29:00 WinXP 94.52.152.47 (-):
NEW COM TELECOMUNICATII SA,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 6704922c65
NEW 		none[none] none:none
 none|none none none
T:06:48:00 WinXP 70.60.54.88 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AKRON, OHIO, US. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 3e40107c32
NEW 		none[none] none:none
 none|none none none
T:06:58:00 Win2K-f 78.34.4.204 (NETCOLOGNE.DE):
NETCOLOGNE DYNAMIC IP POOL,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 820384a62e
NEW 		none[none] none:none
 none|none none none
T:07:00:00 WinXP 78.84.11.253 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 1b3d8e9fe7
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:07:09:00 Win2K-f 89.123.37.13 (ROMTELECOM.NET):
ROMTELECOM DATA NETWORK,
RO. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 c13a6c3da5
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:07:17:00 Win2K-f 92.83.219.123 (-):
SMALL CUSTOMERS,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 4dd4197eb4
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:07:25:00 WinXP 72.253.130.36 (HAWAIIANTEL.NET):
HAWAIIAN TELCOM SERVICES COMPANY INC,
HONOLULU, HAWAII, US. (DSL) 		n/a TW:m.drd3h.com
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 97da1e046e
NEW 		none[none] none:none
 none|none none none
T:07:45:00 Win2K-f 12.72.58.115 (ATT.NET):
AT&T WORLDNET SERVICES,
COLTON, CALIFORNIA, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
109 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:07:50:00 Win2K-f 174.0.113.130 (KODIAKPETROLEUM.COM):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 013a5ba10e
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:07:55:00 Win2K-f 68.146.140.107 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 c03793a035
NEW 		none[none] none:none
 none|none none none
T:08:02:00 Win2K-f 77.253.251.15 (INETIA.PL):
INTERNETIA,
TYCHY, SLASKIE, PL. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 b68d420d61
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:08:05:00 WinXP 113.252.254.130 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 61a9127875
NEW 		61a9127875 [1] ASM:Graph
 pex| lines=19 trace
T:08:07:00 Win2K-f 94.52.231.60 (-):
NEW COM TELECOMUNICATII SA,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 82e755f5d3
NEW 		none[none] none:none
 none|none none none
T:08:12:00 Win2K-f 113.253.169.1 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 0274cfa236
NEW 		none[none] none:none
 none|none none none
T:08:25:00 Win2K-f 24.79.155.185 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none c60a9b8b7a
NEW 		none[none] none:none
 none|none none none
T:08:40:00 Win2K-f 70.76.79.70 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
228 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41
38 of 41		 4180c19d91
NEW
b6e91e001c
NEW 		9f3f2de385 [0]
d2275a6cf5[0] 		none:none
none:none
 Armadillo|
PolyEnE| 		none
none 		trace
trace
T:09:05:00 Win2K-f 78.84.7.148 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 b68d420d61
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:09:12:00 Win2K-f 68.146.114.210 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 29a3030e16
NEW 		1d04d6dc84 [none] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:09:14:00 Win2K-f 97.104.45.182 (RR.COM):
ROAD RUNNER HOLDCO LLC,
PALM BAY, FLORIDA, US. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 844356b69c
NEW 		none[none] none:none
 none|none none none
T:09:17:00 WinXP 186.9.205.120 (IMOVIL.ENTELPCS.CL):
ENTEL PCS TELECOMUNICACIONES S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 		n/a :moscow-advokat.ru
:lulea.se.eu.undernet.org
SE:ozbytes.dal.net
SE:qis.md.us.dal.net
:caen.fr.eu.undernet.org
SE:vancouver.dal.net
SE:coins.dal.net
:los-angeles.ca.us.undernet.org
:lia.zanet.net
SE:viking.dal.net
:brussels.be.eu.undernet.org
SE:ced.dal.net
NL:diemen.nl.eu.undernet.org
AT:graz.at.eu.undernet.org
:flanders.be.eu.undernet.org 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 1.3
profile 		none summary
tarball 		25 of 25 7f60162c2c
NEW 		none[0] none:none
 PolyEnE| lines=93
embedded dns 		trace
T:09:26:00 Win2K-f 77.254.128.100 (INETIA.PL):
INTERNETIA,
KRAKOW, MALOPOLSKIE, PL. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 50cdd5c6cf
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:09:30:00 Win2K-f 67.204.240.64 (PERSONA.CA):
PERSONA COMMUNICATIONS,
SUDBURY, ONTARIO, CA. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e0dc02ee4b
NEW 		none[none] none:none
 none|none none none
T:09:41:00 Win2K-f 95.180.33.32 (IKOMLINE.NET):
IKOMLINE,
RS. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 8887d42f5c
NEW 		afaf06d6cd [0] none:none
 pex| none trace
T:09:49:00 WinXP 95.246.85.1 (BUSINESS.TELECOMITALIA.IT):
TELECOM ITALIA WIRELINE SERVICES,
ROME, LAZIO, IT. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 40 379a6daa0d
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:09:55:00 Win2K-f 70.72.74.166 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 ffbb6cbe61
NEW 		1d04d6dc84 [none] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:10:39:00 Win2K-f 85.67.96.245 (BACS-NET.HU):
FIBERNET COMMUNICATION CO,
BUDAPEST, BUDAPEST, HU. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 8128405d8c
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:10:42:00 Win2K-f 77.254.148.174 (INETIA.PL):
INTERNETIA,
KRAKOW, MALOPOLSKIE, PL. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 b68d420d61
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:10:51:00 WinXP 93.188.186.49 (TRANCOM.RU):
TRANCOM NAT POOL P2P ETC,
MOSCOW, MOSCOW CITY, RU. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 40 9363d60262
NEW 		none[none] none:none
 none|none none none
T:10:53:00 Win2K-f 204.181.141.130 (SPRINTLINK.NET):
SPRINT,
BETHEL, CONNECTICUT, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 41
38 of 41		 4d4b7efca2
NEW
539d61fc06
NEW 		ec83dac222 [0]
c3af874c93[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:10:54:00 Win2K-f 89.167.93.56 (-):
NPLAY NETWORK - LUBLIN POLAND,
LUBLIN, LUBELSKIE, PL. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 f534041536
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:11:11:00 Win2K-f 24.66.63.204 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
MEDICINE HAT, ALBERTA, CA. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 40 379a6daa0d
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:11:21:00 Win2K-f 93.87.43.175 (GNET.CO.YU):
YU-TELEKOM,
RS. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 c03793a035
NEW 		none[none] none:none
 none|none none none
T:11:32:00 Win2K-f 97.77.89.18 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none f996bf0275
NEW 		none[none] none:none
 none|none none none
T:11:38:00 Win2K-f 77.47.62.123 (CABLESURF.DE):
KKG-GUE-DHCP-SPACE,
BERLIN, BERLIN, DE. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none c473a72583
NEW 		none[none] none:none
 none|none none none
T:11:46:00 Win2K-f 70.61.205.3 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WINSTON SALEM, NORTH CAROLINA, US. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 013a5ba10e
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:12:01:00 WinXP 88.156.27.219 (VECTRANET.PL):
VECTRA S.A,
OLSZTYN, WARMINSKO-MAZURSKIE, PL. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 3dc7b40786
NEW 		none[none] none:none
 none|none none none
T:12:14:00 WinXP 202.212.240.101 (-):
PHILLIPS MURRAY,
TOKYO, TOKYO, JP. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:12:14:00 Win2K-f 76.164.164.149 (NEHP.NET):
NEW HOPE TELEPHONE,
HUNTSVILLE, ALABAMA, US. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 9810215e67
NEW 		18ff3687ad [0] none:none
 ASPack| none trace
T:12:55:00 Win2K-f 97.67.118.26 (DELTACOM.NET):
ITC^DELTACOM,
ANNISTON, ALABAMA, US. (DSL) 		n/a TW:m.drd3h.com
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		none f996bf0275
NEW 		none[none] none:none
 none|none none none
T:12:57:00 Win2K-f 109.96.14.31 (JWS.COM):
EU-ZZ,
UK. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e3faefa56a
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:13:13:00 WinXP 70.72.15.208 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 29a3030e16
NEW 		1d04d6dc84 [none] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:13:23:00 WinXP 94.251.134.210 (-):
CUSTOMER IN CZESTOCHOWA,
CZESTOCHOWA, SLASKIE, PL. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
26 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e3faefa56a
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:13:27:00 Win2K-f 70.64.250.8 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
PRINCE ALBERT, SASKATCHEWAN, CA. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
10 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:13:39:00 Win2K-f 125.232.135.17 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 39 1a6c7da535
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:14:11:00 Win2K-f 67.52.111.59 (RR.COM):
ROAD RUNNER HOLDCO LLC,
VAN NUYS, CALIFORNIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:14:49:00 WinXP 212.171.168.200 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A,
PESARO, MARCHE, IT. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:15:09:00 Win2K-f 174.6.226.43 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CA. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 013a5ba10e
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:15:16:00 Win2K-f 70.182.95.34 (COX.NET):
COX COMMUNICATIONS,
EDMOND, OKLAHOMA, US. (DSL) 		218.93.201.51:65520 US:microsoft.com
DE:proxim.ircgalaxy.pl
CN:ad.lometr.pl
CN:down1130.iwillhavesexygirls.com
CN:1130.kfgrtjer.cn
:bfkq.com
:jsactivity.com
:xxx.mobiec.net
US:search.toptravellingtips.com
:www.toptravellingtips.com
:wws.mobiec.net
US:search.articleswave.co.uk
CN:210.51.36.215:88
98.126.9.218:80 		135 pcap raw alerts
ruleset 		irc
http
333 lines 		Yeah : 1.8
profile 		none summary
tarball 		none
12 of 41
none
5 of 41
32 of 33
29 of 33
none
none		 1eb4f9ad5b
NEW
6e36427ade
NEW
7670bfe380
NEW
79383ccc54
NEW
87e1117f2a
NEW
b4fe4581c3
NEW
c077724843
NEW
dad848734c
NEW 		none[none]
none [none]
none [none]
none [none]
3ff643aae6[0]
599b835896[0]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
tElock|
Armadillo|
none|none
none|none 		none
none
none
none
none
none
none
none 		none
none
none
none
trace
trace
none
none
T:15:37:00 Win2K-f 98.30.117.179 (RR.COM):
ROAD RUNNER HOLDCO LLC,
UPPER SANDUSKY, OHIO, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:15:45:00 WinXP 77.236.175.253 (-):
VCABLE,
SOFIA, GRAD SOFIYA, BG. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		none 220053b50c
NEW 		none[none] none:none
 none|none none none
T:15:49:00 WinXP 68.146.232.67 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a TW:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 29a3030e16
NEW 		1d04d6dc84 [none] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:16:30:00 Win2K-f 99.157.172.178 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
OKLAHOMA CITY, OKLAHOMA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:16:38:00 Win2K-f 95.180.86.13 (IKOMLINE.NET):
IKOMLINE,
RS. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none c45a01fbcc
NEW 		none[none] none:none
 none|none none none
T:17:46:00 Win2K-f 110.11.222.153 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		218.93.201.51:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
CN:ad.lometr.pl
EU:pozeml.com
:pozemle.cn
CN:down1130.iwillhavesexygirls.com
CN:www.petdoso.com
CN:1130.kfgrtjer.cn
:bfkq.com
:jsactivity.com
:xxx.mobiec.net
CN:202.97.184.196:81
CN:218.93.201.51:65520
98.126.9.218:80 		135 pcap raw alerts
ruleset 		irc
http
207 lines 		Yeah : 1.8
profile 		none summary
tarball 		none
16 of 41
12 of 41
5 of 41
29 of 32
28 of 32
11 of 41
none
none
none		 1eb4f9ad5b
NEW
371ffb2c8b
NEW
6e36427ade
NEW
79383ccc54
NEW
8a75955033
NEW
9276c8b36b
NEW
a2ce42b73d
NEW
b4d75f9c8e
NEW
c077724843
NEW
dad848734c
NEW 		none[none]
none [none]
none [none]
none [none]
2bf3e548b9[0]
none [0]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
ASM:Graph
ASM:Graph
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
tElock|
Armadillo|
none|none
none|none
none|none
none|none 		none
none
none
none
lines=126
embedded dns
lines=81
none
none
none
none 		none
none
none
none
trace
trace
none
none
none
none
18:26:00 Win2K-f 189.113.226.12 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
EU:getmyip.co.uk
208.78.70.70:80
US:67.15.94.80:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:18:27:00 Win2K-f 120.138.159.168 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40
39 of 41		 3f89b1ddee
NEW
6b887aded4
NEW 		20017af26d [0]
c28c1ffb6f[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:18:28:00 Win2K-f 75.42.69.212 (SBCGLOBAL.NET):
AT&T INTERNET SERVICES,
SACRAMENTO, CALIFORNIA, US. (DSL) 		193.104.94.11:65520 :search.homecinemasoftware.com
:ectap.com
FR:proxim.ircgalaxy.pl
CN:av.lometr.pl
CN:ad.lometr.pl
CN:down1130.iwillhavesexygirls.com
CN:210.51.36.215:88
CN:61.235.117.71:80 		445 pcap raw alerts
ruleset 		http
irc
39 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:18:36:00 Win2K-f 83.148.88.21 (-):
VISIOLAN LTD,
PLOVDIV, PLOVDIV, BG. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 40 3490e2ea15
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:19:40:00 Win2K-f 96.49.159.80 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:19:49:00 Win2K-f 70.167.73.201 (COX.NET):
COX COMMUNICATIONS,
OCEANSIDE, CALIFORNIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:20:06:00 WinXP 125.4.248.65 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
40 of 41		 1b1db1c992
NEW
8a50345c2f
NEW 		a8036b5105 [0]
585123125f[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:20:21:00 Win2K-f 173.22.144.199 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
SPRINGFIELD, MISSOURI, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
39 of 41		 5e3a9c2d9d
NEW
630308d06b
NEW 		dbc48b815a [0]
847d302e37[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:21:48:00 Win2K-f 124.195.149.215 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		none
none		 332ee73652
NEW
a56538ee3d
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:22:13:00 Win2K-f 63.246.122.61 (ALTUSCGI.NET):
PRIVATE CABLE ISP SUBSCRIBER (GEORGETOWN SC MARKET),
GEORGETOWN, SOUTH CAROLINA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:22:38:00 Win2K-f 67.204.207.237 (PERSONA.CA):
PERSONA COMMUNICATIONS,
SUDBURY, ONTARIO, CA. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 40 84b1b363a1
NEW 		1e4ad6cdb1 [0] none:none
 ASPack| none trace
T:22:43:00 WinXP 137.118.253.156 (ACTACCESS.NET):
CONNEXTIONS TELCOM,
ROYSE CITY, TEXAS, US. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
18 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 013a5ba10e
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:22:47:00 Win2K-f 84.72.145.182 (HISPEED.CH):
CABLECOMMAIN-NET,
ZURICH, ZURICH, CH. (DSL) 		n/a TW:m.DRD3H.COM
TW:122.117.146.70:6668 		139 pcap raw alerts
ruleset 		ftp
irc
24 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 4dd4197eb4
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace