Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

20 February 2010
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:09:00 Win2K-f 203.118.238.245 (-):
GRAND TAINAN TECHNOLOGY CO.LTD,
TAINAN, T'AI-WAN, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:00:21:00 Win2K-f 24.76.2.134 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SELKIRK, MANITOBA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
1019 lines 		Yeah : 1.3
profile 		none summary
tarball 		17 of 41 e1693609f9
NEW 		none[3] none:none
 none|none none trace
T:00:31:00 Win2K-f 116.121.68.253 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		60.190.222.139:65520 US:microsoft.com
CN:proxima.ircgalaxy.pl
:www.liagand.cn
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
:pozemle.cn
CN:122.224.6.48:88
CN:60.190.222.139:65520 		135 pcap raw alerts
ruleset 		irc
http
154 lines 		Yeah : 1.8
profile 		none summary
tarball 		40 of 41
11 of 41
40 of 41
7 of 41		 140509b92d
NEW
3664ce2ec2
NEW
76d0e1922b
NEW
dd3a45a19c
NEW 		none[none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none 		none
none
none
none 		none
none
none
none
T:00:33:00 Win2K-f 114.205.165.35 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		60.190.222.139:65520 US:microsoft.com
CN:proxima.ircgalaxy.pl
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
:pozemle.cn
EU:img.ub8.net
:xz.ub9.net
:in.7cy.net
CN:122.224.6.48:88
174.133.57.141:80
CN:60.190.222.139:65520
EU:91.214.44.12:80
93.174.92.220:80 		135 pcap raw alerts
ruleset 		irc
http
105 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
29 of 39
31 of 33
16 of 40
7 of 41		 168aab35a3
NEW
4691ac4856
NEW
667f0c59f3
NEW
941e12f4ee
NEW
dd3a45a19c
NEW 		60b730b97e [0]
none [none]
8fe2be2095[0]
none [none]
none [none] 		ASM:Graph
none:none
ASM:Graph
none:none
none:none
 tElock|
none|none
Armadillo|
none|none
none|none 		lines=120
embedded dns
none
lines=91
none
none 		trace
none
trace
none
none
T:00:49:00 Win2K-f 114.206.21.56 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		60.190.222.139:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
:www.liagand.cn
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
:pozemle.cn
CN:122.224.6.48:88
CN:60.190.222.139:65520
DE:83.133.119.206:65520
93.174.92.220:80 		135 pcap raw alerts
ruleset 		irc
http
99 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
2 of 35
7 of 41		 6ec2a8994b
NEW
bcf66a38c8
NEW
dd3a45a19c
NEW 		398aab9636 [0]
570133b348[0]
none [none] 		none:none
none:none
none:none
 tElock|
Armadillo|
none|none 		none
none
none 		trace
trace
none
01:10:00 Win2K-f 218.22.106.14 (CNDATA.COM):
CHINANET ANHUI PROVINCE NETWORK,
HEFEI, ANHUI, CN. (DSL) 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
EU:getmyip.co.uk
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
03:51:00 Win2K-f 173.45.80.136 (XLHOST.COM):
XLHOST.COM INC,
COLUMBUS, OHIO, US. (100Mbps) 		n/a US:www.maxmind.com
:checkip.dyndns.org
EU:getmyip.co.uk
US:www.getmyip.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 dc331fb791
NEW 		none[3] none:none
 UPX| none trace
T:03:59:00 Win2K-f 58.126.180.184 (HANANET.NET):
HANARO TELECOM INC,
KR. (DSL) 		83.133.119.206:65520 US:microsoft.com
DE:proxim.ircgalaxy.pl
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
US:bfkq.com
EU:img.ub8.net
:jsactivity.com
:xz.ub9.net
173.45.105.218:8392
US:64.120.176.66:8392
DE:83.133.119.206:65520
EU:91.206.201.39:80
EU:91.214.44.12:80 		135 pcap raw alerts
ruleset 		irc
http
192 lines 		Yeah : 1.8
profile 		none summary
tarball 		29 of 39
30 of 33
28 of 33
14 of 41
16 of 40
0 of 41		 4691ac4856
NEW
533d15b5ce
NEW
58c343a8d8
NEW
74afc61c67
NEW
941e12f4ee
NEW
d4c8acb6f0
NEW 		none[none]
c67adf46e2[0]
none [0]
none [none]
none [none]
none [none] 		none:none
ASM:Graph
none:none
none:none
none:none
none:none
 none|none
tElock|
Armadillo|
none|none
none|none
none|none 		none
lines=126
embedded dns
lines=91
none
none
none 		none
trace
trace
none
none
none
04:14:00 Win2K-f 91.98.241.227 (PARSONLINE.NET):
PARS,
TEHRAN, ESFAHAN, IR. (DSL) 		n/a US:www.maxmind.com
EU:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:04:15:00 Win2K-f 75.181.163.105 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. (100Mbps) 		n/a US:housesforrentin.net
US:searchportal.information.com
US:spi.domainsponsor.com
US:ads1.revenue.net
US:datings-direct.com
:pagead2.googlesyndication.com
173.45.105.218:8392
174.133.57.141:80
US:204.13.160.17:80
US:64.120.176.66:8392
US:72.232.247.106:80
74.125.19.164:80
NL:85.17.35.48:80 		135 pcap raw alerts
ruleset 		http
83 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:04:24:00 Win2K-f 91.98.241.227 (PARSONLINE.NET):
PARS,
TEHRAN, ESFAHAN, IR. (DSL) 		n/a US:www.maxmind.com
:alesha.com
US:ad.yieldmanager.com
:www.google-analytics.com
US:cookex.amp.yahoo.com
NL:content.yieldmanager.com
174.133.57.141:80
US:67.15.94.80:80
NL:77.67.126.9:80 		445 pcap raw alerts
ruleset 		http
45 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 41
3 of 37		 3fd97b8103
NEW
d9cb288f31
NEW 		none[none]
45603a001c[0] 		none:none
ASM:Graph
 none|none
UPX| 		none
lines=174
embedded dns 		none
trace
T:04:41:00 WinXP 202.90.218.19 (WARABI.NE.JP):
WARABI CABLE VISION CO. LTD,
WARABI, SAITAMA, JP. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40 2f8c24ba70
NEW 		none[none] none:none
 none|none none none
05:11:00 Win2K-f 116.11.130.62 (163DATA.COM.CN):
CHINANET GUANGXI PROVINCE NETWORK,
NANNING, GUANGXI, CN. (DSL) 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
EU:getmyip.co.uk
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		8 of 37 78ceaae025
NEW 		none[3] none:none
 UPX| none trace
T:05:18:00 WinXP 210.5.85.36 (PLDT.NET):
MYDSL PROFESSIONAL,
MANILA, MANILA, PH. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 40 29458b1220
NEW 		none[none] none:none
 none|none none none
T:05:26:00 WinXP 117.99.6.93 (-):
GPRS-SUBSCRIBERS-IN-EAST,
BHUBANESHWAR, ORISSA, IN. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 1fcc146d70
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:05:29:00 WinXP 95.74.211.53 (-):
TELECOM ITALIA MOBILE,
IT. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 e15cecba87
NEW 		none[none] none:none
 none|none none none
T:06:13:00 Win2K-f 202.147.220.100 (KCN-TV.NE.JP):
KUMAMOTO CABLE NETWORK CORPORATION,
KUMAMOTO, KUMAMOTO, JP. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
402 lines 		Yeah : 1.3
profile 		none summary
tarball 		11 of 36 c4c5a56ffe
NEW 		8bef2f9170 [0] none:none
 StarForce| none trace
T:06:22:00 WinXP 79.163.170.138 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WROCLAW, DOLNOSLASKIE, PL. (DSL) 		83.133.119.206:65520 DE:proxim.ircgalaxy.pl
EU:updatemania.info
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
US:bfkq.com
EU:img.ub8.net
:xz.ub9.net
:jsactivity.com
US:search.toptravellingtips.com
:in.7cy.net
:redirect.hotkeys.com
NL:i.nuseek.com
CN:122.224.6.48:88
US:63.217.20.10:80
US:64.120.176.66:8392
DE:83.133.119.206:65520 		445 pcap raw alerts
ruleset 		http
irc
82 lines 		Yeah : 1.3
profile 		none summary
tarball 		12 of 41
29 of 39
7 of 41
14 of 41
16 of 40
37 of 39
0 of 40		 25188d4c14
NEW
4691ac4856
NEW
60dccfd625
NEW
74afc61c67
NEW
941e12f4ee
NEW
9c20944d61
NEW
a489c90adb
NEW 		none[none]
none [none]
none [none]
none [none]
none [none]
0bf3a9d27b[0]
none [none] 		none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
 none|none
none|none
none|none
none|none
none|none
PolyEnE|
none|none 		none
none
none
none
none
lines=134
none 		none
none
none
none
none
trace
none
T:06:23:00 Win2K-f 180.67.129.204 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		60.190.222.139:65520 US:microsoft.com
CN:proxima.ircgalaxy.pl
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
:pozemle.cn
US:bfkq.com
:jsactivity.com
EU:img.ub8.net
CN:60.190.222.139:65520
EU:91.214.44.12:80 		135 pcap raw alerts
ruleset 		irc
http
193 lines 		Yeah : 1.8
profile 		none summary
tarball 		31 of 33
0 of 41
31 of 33
14 of 41
10 of 41
16 of 40
7 of 41		 168aab35a3
NEW
61d6819b68
NEW
667f0c59f3
NEW
74afc61c67
NEW
8412afbcf5
NEW
941e12f4ee
NEW
dd3a45a19c
NEW 		60b730b97e [0]
none [none]
8fe2be2095[0]
none [none]
none [none]
none [none]
none [none] 		ASM:Graph
none:none
ASM:Graph
none:none
none:none
none:none
none:none
 tElock|
none|none
Armadillo|
none|none
none|none
none|none
none|none 		lines=120
embedded dns
none
lines=91
none
none
none
none 		trace
none
trace
none
none
none
none
T:06:47:00 Win2K-f 116.11.130.62 (163DATA.COM.CN):
CHINANET GUANGXI PROVINCE NETWORK,
NANNING, GUANGXI, CN. (DSL) 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:getmyip.co.uk
:checkip.dyndns.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
07:23:00 Win2K-f 87.10.96.20 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
CATANIA, SICILIA, IT. (DSL) 		n/a US:trafficconverter.biz
US:204.152.184.139:80 		445 pcap raw alerts
ruleset 		http
20 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
07:32:00 Win2K-f 78.92.178.20 (T-ONLINE.HU):
T-ONLINE CATV CLIENT POOL,
BUDAPEST, BUDAPEST, HU. (DSL) 		n/a :adahzczh.com
:wirunkcye.net
US:cwaxpvpf.biz
:mhezetta.org
:ywnep.info
:etxofg.info
:cfbkfnyoll.info
US:xwkmmvevfiq.biz
:dcugbbao.com
:hatyt.com
:cawstturl.org
US:izfaqu.biz
:meamoev.org
:sarfkpeiby.org
US:buiikcsh.biz
:ugkafsu.org
:dmapcmz.info
:hcpztnoz.net
:qlbfiostkg.net
:xmolbz.info
:rewvvqae.info
:cjfez.net
:aswmjmed.info
:ycbqrqacqcw.info
:rzauwimf.org
:enywyrq.com
:nhrvfgwy.net
:igobd.info
US:dupai.biz
:khvsaoirs.info
US:gzekhmru.biz
:tmkinoloa.net
:otvbisvql.com
:rvkunexnot.org
:qbchugfpnx.com
:qqczg.info
:padnvey.com
:aombqzuy.net
:llzkjvtg.org
:tnfgy.com
:ingaukalef.org
:queeqht.org
:ihuzhykc.org
US:keeeeglp.biz
:dhujppojrhe.org
:sljsvkv.org
:xyeve.info
US:pgftbqkjdcw.biz
US:dijxfhkfsl.biz
:ytjndrbgof.com
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
13 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
07:40:00 Win2K-f 117.34.141.56 (163DATA.COM.CN):
CHINANET SHANXI(SN) PROVINCE NETWORK,
BEIJING, BEIJING, CN. (DSL) 		n/a  
US:204.152.184.139:80 		445 pcap raw alerts
ruleset 		http
23 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
07:47:00 Win2K-f 188.26.112.77 (RDSNET.RO):
RDS,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a  
US:204.152.184.139:80 		445 pcap raw alerts
ruleset 		http
24 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
07:55:00 Win2K-f 87.122.85.62 (VERSANET.DE):
VERSATEL DEUTSCHLAND,
KIEL, SCHLESWIG-HOLSTEIN, DE. (DSL) 		n/a  
US:204.152.184.139:80 		445 pcap raw alerts
ruleset 		http
21 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
08:04:00 Win2K-f 114.158.238.82 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. (DSL) 		n/a  
US:204.152.184.139:80 		445 pcap raw alerts
ruleset 		http
20 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
08:12:00 Win2K-f 219.85.43.75 (SO-NET.NET.TW):
SONY NETWORK TAIWAN LIMITED,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a  
US:204.152.184.139:80 		445 pcap raw alerts
ruleset 		http
22 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
08:21:00 Win2K-f 92.112.129.172 (UKRTEL.NET):
UKRTELECOM IP ACCESS NETWORK,
DONETSK, DONETS'KA OBLAST', UA. (DSL) 		n/a EE:www.starman.ee
FI:194.215.38.3:80
US:204.152.184.139:80
EE:62.65.192.24:80
EE:62.65.192.25:80 		445 pcap raw alerts
ruleset 		http
10 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:09:56:00 Win2K-f 125.58.94.139 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
1020 lines 		Yeah : 1.3
profile 		none summary
tarball 		11 of 41 0be7637b72
NEW 		none[none] none:none
 none|none none none
13:41:00 Win2K-f 213.22.7.239 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PORTO, PORTO, PT. (DSL) 		n/a US:www.yahoo.com
US:ffmnqvypnyc.biz
:wmtpkxj.com
:vtlgmfcu.net
:qtpmuygww.net
:mxqafoinczh.com
:gnezozm.info
:pofhpr.org
:gflogh.net
:snqps.net
:qfmqjxm.info
:qbchugfpnx.com
US:dwwnxriqy.biz
US:ewyjvso.biz
:zzrgfzxweu.info
:mojelsnfx.org
:meamoev.org
:hvrmigysnz.com
:qnnbuutffy.com
:ycbqrqacqcw.info
:xojcmfh.org
:ekhndqka.org
:qlbfiostkg.net
:fgpxqj.org
:khvsaoirs.info
:ytjndrbgof.com
:kojijavh.org
:elajnixyvmm.info
:hsxbwni.net
:ywnep.info
US:jiwlmbkrh.biz
US:axgeartgz.biz
US:wzixvuez.biz
:jblnnar.net
:rzauwimf.org
:jrgeczikys.com
US:swrhpawszcf.biz
:nhrvfgwy.net
:bnnwcbbbng.info
:qvmbep.net
US:lgpxlfpaju.biz
:jpsjjk.net
:lgcpssf.org
:mqnsrora.com
US:pxmgrsnut.biz
:qibqabjuzxg.info
:chpatvrxgej.org
:chnwikyc.net
US:cjyuqgjw.biz
:qnpouqoh.net
:yxczx.net
:winhoyaa.info
:wfgvn.info
:apahalolsf.com
US:gmiklhij.biz
:hcpztnoz.net
:zlpflhkz.net
:tfxefd.com
:yugdjtll.net
:kpoxtziyl.net
:eykypgzchl.com
US:gevswxjgaho.biz
US:baekxwbhh.biz
:lgdlgjdbkwe.info
:iwtbtn.com
:aswmjmed.info
US:uvazucxjf.biz
:mwkufmok.info
:kdiiowlsns.net
:fsmldnbd.net
:piakaojx.info
US:204.152.184.139:80
US:74.208.64.145:80 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:15:08:00 WinXP 70.184.248.143 (COX.NET):
COX COMMUNICATIONS,
TULSA, OKLAHOMA, US. (DSL) 		60.190.222.139:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
CN:122.224.6.48:88
CN:60.190.222.139:65520
EU:91.206.201.39:80 		135 pcap raw alerts
ruleset 		irc
120 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 33
29 of 33		 87e1117f2a
NEW
b4fe4581c3
NEW 		3ff643aae6 [0]
599b835896[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
15:13:00 Win2K-f 93.170.84.34 (KRNET.RU):
GEOTELECOM LTD,
RU. (DSL) 		n/a US:www.getmyip.org
:checkip.dyndns.org
EU:getmyip.co.uk
DE:131.220.6.26:80
208.78.70.70:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:15:34:00 Win2K-f 96.8.227.19 (GVTC.COM):
GUADALUPE VALLEY TELEPHONE COOPERATIVE INC,
NEW BRAUNFELS, TEXAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
39 of 40		 9bdd2c95b1
NEW
cd456ac095
NEW 		d1bbd693ba [0]
d75caee680[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:15:57:00 WinXP 64.188.189.189 (-):
WINDJAMMER COMMUNICATIONS LLC,
BOSTON, MASSACHUSETTS, US. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 d8040f84d4
NEW 		d683995e84 [0] none:none
 PolyEnE| none trace
T:17:38:00 WinXP 69.145.122.214 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
BUTTE, MONTANA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
18:19:00 Win2K-f 114.120.250.18 (TELKOMSEL.CO.ID):
PT. TELEKOMUNIKASI SELULAR (TELKOMSEL) INDONESIA,
JAKARTA, JAKARTA RAYA, ID. (DSL) 		n/a US:www.getmyip.org
:checkip.dyndns.org
US:www.maxmind.com
DE:131.220.6.26:80
US:75.126.138.202:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:18:33:00 WinXP 75.95.68.102 (CLEARWIRE-DNS.NET):
CLEARWIRE US LLC,
CHARLOTTE, NORTH CAROLINA, US. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
NEW 		none[0] ASM:Graph
 PolyEnE| lines=54 trace
T:19:31:00 Win2K-f 70.184.102.222 (COX.NET):
COX COMMUNICATIONS,
PHOENIX, ARIZONA, US. (100Mbps) 		60.190.222.139:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
:pozemle.cn
93.174.92.220:80 		135 pcap raw alerts
ruleset 		irc
http
140 lines 		Yeah : 1.8
profile 		none summary
tarball 		32 of 36
7 of 41
35 of 36		 bea8cb1865
NEW
dd3a45a19c
NEW
fac78fde16
NEW 		154de51a66 [0]
none [none]
882896ab05[0] 		ASM:Graph
none:none
none:none
 Armadillo|
none|none
tElock| 		lines=91
none
none 		trace
none
trace
T:19:51:00 Win2K-f 187.13.85.238 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) 		60.190.222.139:65520 DE:proxim.ircgalaxy.pl
CN:file0129.iwillhavesexygirls.com
EU:pozeml.com
:pozemle.cn
CN:122.224.6.48:88
DE:83.133.119.206:65520
93.174.92.220:80 		445 pcap raw alerts
ruleset 		irc
http
19 lines 		Yeah : 0.8
profile 		none summary
tarball 		7 of 41 dd3a45a19c
NEW 		none[none] none:none
 none|none none none
T:20:14:00 WinXP 114.38.246.73 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:20:26:00 WinXP 201.172.85.172 (INTERCABLE.NET):
TELEVISION INTERNACIONAL S.A. DE C.V,
MONTERREY, NUEVO LEON, MX. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 b502f83a7c
NEW 		28f5be93b0 [0] none:none
 PolyEnE| none trace
T:21:20:00 WinXP 4.153.71.25 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
FAIRVIEW, TENNESSEE, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
87 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:21:42:00 WinXP 209.42.180.221 (WISPNET.NET):
WISPNET LLC,
LEXINGTON, KENTUCKY, US. (DSL) 		n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
US:208.73.210.125:80
DE:217.11.54.126:80 		445 pcap raw alerts
ruleset 		http
http
http
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 df17a625ee
NEW 		none[0] none:none
 ASPack| lines=298
embedded dns 		trace