Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

12 June 2010
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:12:00 WinXP 220.209.192.112 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a   445 pcap raw alerts
ruleset 		other
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:00:13:00 Win2K-f 208.126.64.227 (NETINS.NET):
BROOKLYN MUTUAL TELEPHONE CO,
BROOKLYN, IOWA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
276 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 17f476ffd5
NEW 		none[none] none:none
 none|none none none
T:00:38:00 WinXP 117.254.175.195 (STERLINGSTUDENTS.NET):
NIB (NATIONAL INTERNET BACKBONE),
NEW DELHI, DELHI, IN. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:00:58:00 WinXP 144.138.37.222 (TMNS.NET.AU):
TELSTRAINTERNET31,
CANBERRA, AUSTRALIAN CAPITAL TERRITORY, AU. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
4 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:01:04:00 WinXP 173.200.73.19 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:01:48:00 WinXP 112.78.73.60 (-):
VIBO TELECOM INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 cf346981b5
NEW 		2eb6c94f0a [0] ASM:Graph
 PolyEnE| lines=73 trace
T:02:52:00 Win2K-f 174.116.49.56 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:03:00:00 WinXP 151.81.25.241 (51-151.NET24.IT):
IUNET-BNET,
MILANO, LOMBARDIA, IT. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 9e23f46428
NEW 		none[none] none:none
 none|none none none
T:03:36:00 WinXP 219.84.118.30 (SO-NET.NET.TW):
SONY NETWORK TAIWAN LIMITED,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:04:52:00 Win2K-f 180.69.175.185 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 		83.133.119.206:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
CN:ku.perfectexe.com
:vbmcom.com
US:sendinvest.com
CN:sky.perfectexe.com
:findhobbits.com
US:search.toptravellingtips.com
:in.7cy.net
US:64.120.176.66:8392
64.79.86.26:8392 		135 pcap raw alerts
ruleset 		irc
http
209 lines 		Yeah : 1.8
profile 		none summary
tarball 		22 of 41
30 of 33
28 of 33
20 of 41
0 of 41
21 of 41
32 of 41
11 of 41
29 of 40
19 of 41		 34d832d249
NEW
533d15b5ce
NEW
58c343a8d8
NEW
6c6f3cffe0
NEW
b2a09dc085
NEW
b62a4e2597
NEW
c88071ad1b
NEW
c9e89abb7b
NEW
e8a7694956
NEW
ff54d9a61b
NEW 		none[none]
c67adf46e2[0]
none [0]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] 		none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
 none|none
tElock|
Armadillo|
none|none
none|none
none|none
none|none
none|none
none|none
none|none 		none
lines=126
embedded dns
lines=91
none
none
none
none
none
none
none 		none
trace
trace
none
none
none
none
none
none
none
T:04:58:00 Win2K-f 69.193.78.147 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:05:00:00 Win2K-f 114.42.172.61 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		60.190.222.139:65520 :www.sellbloom.com
US:843_1021.clicksvalidate.com
US:www.findit-quick.com
US:www.finditquick.com
US:shop-iw.forless.com
US:js.worthathousandwords.com
:in.7cy.net
DE:proxim.ircgalaxy.pl
LV:ad.ghura.pl
CN:ku.perfectexe.com
:vbmcom.com
CN:sky.perfectexe.com
174.133.57.141:80 		445 pcap raw alerts
ruleset 		http
http
irc
48 lines 		Yeah : 1.3
profile 		none summary
tarball 		20 of 41
23 of 41
21 of 41
11 of 41
9 of 39
29 of 40
19 of 41		 6c6f3cffe0
NEW
7cb0293fcc
NEW
b62a4e2597
NEW
c9e89abb7b
NEW
d5907c4c3f
NEW
e8a7694956
NEW
ff54d9a61b
NEW 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none
none
none 		none
none
none
none
none
none
none
T:05:08:00 WinXP 218.175.214.161 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 2ea5285f04
NEW 		none[none] none:none
 none|none none none
T:06:00:00 WinXP 200.100.83.135 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DIAL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
06:41:00 Win2K-f 212.252.34.8 (SUPERONLINE.COM):
SUPERONLINE INC,
ISTANBUL, ISTANBUL, TR. (DSL) 		n/a US:www.maxmind.com
:checkip.dyndns.org
DE:131.220.6.26:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:08:19:00 WinXP 88.30.108.30 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
MADRID, MADRID, ES. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:08:28:00 WinXP 85.152.190.206 (CM-85-152-193-10.TELECABLE.ES):
TELECABLE,
BARCELONA, CATALONIA, ES. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 40 5e8ccc4190
NEW 		8d5f86583f [0] ASM:Graph
 PolyEnE| lines=68 trace
T:08:37:00 Win2K-f 123.163.139.84 (163DATA.COM.CN):
CHINANET HENAN PROVINCE NETWORK,
BEIJING, BEIJING, CN. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:08:44:00 Win2K-f 125.4.28.125 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
OSAKA, OSAKA, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32
33 of 33		 07fabc79ef
NEW
53bfe15e91
NEW 		none[0]
1473091351[0] 		none:none
ASM:Graph
 Armadillo|
tElock| 		lines=90
lines=75
embedded dns 		trace
trace
T:09:03:00 WinXP 122.105.210.108 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
MELBOURNE, VICTORIA, AU. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:10:01:00 Win2K-f 4.226.156.50 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MEMPHIS, TENNESSEE, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:07:00 Win2K-f 4.224.141.237 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
INDIANAPOLIS, INDIANA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
18 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none
T:10:41:00 WinXP 125.4.240.161 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a FR:cx10man.weedns.com 135 pcap raw alerts
ruleset 		irc
606 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 41 14ad2bcd4d
NEW 		none[none] none:none
 none|none none none
T:11:06:00 WinXP 186.10.176.242 (-):
. 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a0139d7ad8
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:11:07:00 Win2K-f 69.193.68.239 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:11:21:00 Win2K-f 113.255.19.188 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
1069 lines 		Yeah : 1.3
profile 		none summary
tarball 		21 of 41 1feda65eca
NEW 		none[none] none:none
 none|none none none
T:11:28:00 Win2K-f 122.146.80.204 (SPARQNET.NET):
NEW CENTRY INFOCOM TECH. CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:12:37:00 Win2K-f 58.123.70.56 (HANANET.NET):
HANARO TELECOM INC,
KR. (DSL) 		83.133.119.206:65520 DE:proxima.ircgalaxy.pl
US:microsoft.com
LV:ad.ghura.pl
EU:873hgf7xx60.com
CN:ku.perfectexe.com
US:sendinvest.com
:findhobbits.com
US:search.toptravellingtips.com
US:208.43.250.167:80
US:64.120.176.66:8392 		135 pcap raw alerts
ruleset 		irc
http
187 lines 		Yeah : 1.8
profile 		none summary
tarball 		22 of 41
12 of 38
none
20 of 41
0 of 41
7 of 41
32 of 41
9 of 41
38 of 40		 34d832d249
NEW
5d8c5430ed
NEW
6a4845ca11
NEW
6c6f3cffe0
NEW
7c94b8a235
NEW
7c9b2638d3
NEW
c88071ad1b
NEW
f7f9bfa9c5
NEW
ffafd341d9
NEW 		none[none]
none [none]
c23d00870b[0]
none [none]
none [none]
none [none]
none [none]
none [none]
294fb27545[0] 		none:none
none:none
ASM:Graph
none:none
none:none
none:none
none:none
none:none
ASM:Graph
 none|none
none|none
tElock|
none|none
none|none
none|none
none|none
none|none
Armadillo| 		none
none
lines=120
embedded dns
none
none
none
none
none
lines=91 		none
none
trace
none
none
none
none
none
trace
T:12:54:00 Win2K-f 67.125.140.230 (PACBELL.NET):
AT&T INTERNET SERVICES,
FRESNO, CALIFORNIA, US. (DSL) 		n/a :search.youblogged.com
:www.youblogged.com
:pictureper.com
:seekbbs.com
:www.catpig.com
US:alexron.204.asklots.com
173.45.70.226:80
US:67.29.139.153:80 		135 pcap raw alerts
ruleset 		http
irc
73 lines 		Yeah : 0.8
profile 		none summary
tarball 		23 of 41 7cb0293fcc
NEW 		none[none] none:none
 none|none none none
T:13:20:00 Win2K-f 67.150.81.118 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
NASHVILLE, TENNESSEE, US. (DSL) 		n/a :gardennew.com
US:www.picturefare.com
:www.sendmedical.com
:www.setinternet.com
:picturegrow.com
:findhobbits.com
64.79.82.218:8392 		135 pcap raw alerts
ruleset 		http
irc
77 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:13:45:00 Win2K-f 113.252.254.189 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		30 of 39 1a6c7da535
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:13:45:00 Win2K-f 77.88.132.27 (NET.PL):
ELPRO - ELEKTRONIKA PROFESJONALNA WALDEMAR NITKA,
SZCZECIN, ZACHODNIOPOMORSKIE, PL. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
31 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 697963949c
NEW 		none[none] none:none
 none|none none none
T:13:45:00 Win2K-f 83.132.100.235 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
LISBON, LISBOA, PT. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 b68d420d61
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:13:47:00 Win2K-f 151.82.67.179 (51-151.NET24.IT):
IUNET-BNET,
IT. (DSL) 		n/a :www.orderfed.com
US:6618.437.discover-facts.com
US:www.advertise.com
:gardenholiday.com
US:microsoft.com
:www.sayfeed.com
US:bizbuy99.365.blueseek.com
:www.hardsivs.com
174.36.251.19:80 		139 pcap raw alerts
ruleset 		http
irc
46 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:13:48:00 WinXP 113.255.246.133 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HK. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 013a5ba10e
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:13:51:00 WinXP 62.121.86.103 (WAW.PL):
OTN GOCLAW IP ASSIGNMENT,
WARSAW, WARSZAWA, PL. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
53 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 8128405d8c
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:13:57:00 Win2K-f 92.55.240.140 (-):
TVK KOLO GORKI,
PL. (DSL) 		n/a :www.runfoods.com
:gardensms.com
US:microsoft.com
:findhobbits.com
:parkingedu.com
US:gardensend.com
:www.free50.be
US:scripts.chitika.net
US:r.localpages.com
US:www.localpages.com
:gardendegree.com
:gardenisp.com
:parkingby.com
:parkbudget.com
US:search.designer-women.co.uk
:programedu.com
:parkairfare.com
:gardeneuro.com
:gardenems.com
:sendcareer.com
US:pictureairfare.com
:searchper.com
:parkingcd.com
:parkingfan.com
:parkingbattery.com
174.36.251.19:80
64.79.82.218:8392
64.79.86.26:8392 		139 pcap raw alerts
ruleset 		http
74 lines 		Yeah : 0.8
profile 		none summary
tarball 		0 of 41 b756f66db8
NEW 		none[none] none:none
 none|none none none
T:13:58:00 WinXP 86.52.179.139 (REV.STOFANET.DK):
STOFANET-INET-CIDR,
ODENSE, FYN, DK. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
65 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 40 3490e2ea15
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:13:58:00 WinXP 86.63.107.185 (COM.PL):
ASTA-NET CUSTOMERS,
WARSAW, WARSZAWA, PL. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
57 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e3faefa56a
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:14:00:00 Win2K-f 77.254.84.173 (INETIA.PL):
INTERNETIA,
SZCZECIN, ZACHODNIOPOMORSKIE, PL. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
49 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 38 531d65bb01
NEW 		none[none] none:none
 none|none none none
T:14:21:00 Win2K-f 71.42.170.45 (RR.COM):
ROAD RUNNER HOLDCO LLC,
WETUMPKA, ALABAMA, US. (DSL) 		n/a :lookfordvd.com
:programprivate.com
:searchsandals.com
:searchnexium.com
US:microsoft.com
:picturetax.com
:parkingbudget.com
:programdisney.com
:gardendisney.com
:parkkeep.com
:parkingmain.com
:picturetip.com
:parkisp.com
:sendmedical.com
:gardenbilling.com
:programadvance.com
:gardengain.com
:searchwait.com
:pictureout.com
:www.focusdrink.com
:www.formmesh.com
:www.usehonor.com
:www.termsloan.com
:www.fiftpose.com
:www.entfool.com
174.36.138.72:80
64.79.82.218:8392
64.79.86.26:8392 		139 pcap raw alerts
ruleset 		http
59 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:14:23:00 Win2K-f 95.180.80.168 (IKOMLINE.NET):
IKOMLINE,
RS. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
37 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 e25842bcd6
NEW 		none[none] none:none
 none|none none none
T:14:28:00 WinXP 113.252.209.200 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
53 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 4dd4197eb4
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:14:28:00 Win2K-f 95.76.233.219 (-):
ASTRAL MIGRARE,
BUCHAREST, BUCURESTI, RO. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 46bf358cc3
NEW 		afaf06d6cd [0] ASM:Graph
 pex| lines=42 trace
T:14:40:00 WinXP 221.124.23.118 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
63 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 d8b2c971da
NEW 		none[none] none:none
 none|none none none
T:14:41:00 Win2K-f 208.127.87.179 (DSLEXTREME.COM):
DSL EXTREME,
WEST COVINA, CALIFORNIA, US. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 b68d420d61
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:14:42:00 WinXP 178.83.208.213 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
47 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 4dd4197eb4
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:14:42:00 WinXP 63.25.236.7 (UU.NET):
UUNET TECHNOLOGIES INC,
ALEXANDRIA, LOUISIANA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
133 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:14:46:00 Win2K-f 78.233.204.196 (PROXAD.NET):
PROXAD / FREE SAS,
FR. (DSL) 		n/a PR:m.drd3h.com 139 pcap raw alerts
ruleset 		ftp
irc
43 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 5fa6f2f4f2
NEW 		1e4ad6cdb1 [0] ASM:Graph
 ASPack| lines=3065
embedded dns 		trace
T:14:51:00 Win2K-f 77.255.38.116 (COM.PL):
NETIA,
PL. (DSL) 		n/a :www.sayfeed.com
US:bizbuy99.281.blueseek.com
:findhobbits.com
:www.hardsivs.com
US:seatfrie.795.asklots.com
:www.taxshoes.com
US:datalle.67.asklots.com
US:microsoft.com
:www.betneed.com
US:www.icityfind.com
:www.runfoods.com
64.79.82.218:8392
64.79.86.26:8392
US:67.29.139.153:80 		139 pcap raw alerts
ruleset 		http
20 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:15:17:00 WinXP 208.126.173.110 (NETINS.NET):
RIVER VALLEY TELECOMMUNICATIONS,
GRAETTINGER, IOWA, US. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 40 379a6daa0d
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:15:18:00 Win2K-f 83.39.1.210 (RIMA-TDE.NET):
TELEFONICA DE ESPANA,
OURENSE, GALICIA, ES. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 013a5ba10e
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:15:19:00 Win2K-f 212.10.96.234 (REV.STOFANET.DK):
TELIA STOFA A/S,
NAESTVED, STORSTROM, DK. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
45 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 4dd4197eb4
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:15:31:00 WinXP 71.7.133.193 (EASTLINK.CA):
EASTLINK HSI,
HALIFAX, NOVA SCOTIA, CA. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
37 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 ffbb6cbe61
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:15:33:00 Win2K-f 68.149.150.76 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 41 d6c632cb08
NEW 		none[none] none:none
 none|none none none
T:15:44:00 Win2K-f 76.202.2.149 (PACBELL.NET):
AT&T INTERNET SERVICES,
HOUSTON, TEXAS, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
59 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
NEW
b7082104e4
NEW 		1473091351 [0]
c5b49e7b82[0] 		ASM:Graph
ASM:Graph
 tElock|
tElock| 		lines=75
embedded dns
lines=41 		trace
trace
T:15:44:00 Win2K-f 68.174.76.99 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. (100Mbps) 		n/a   139 pcap raw alerts
ruleset 		ftp
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:15:46:00 Win2K-f 174.97.165.247 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		36 of 40 9363d60262
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:15:48:00 WinXP 95.180.37.93 (IKOMLINE.NET):
IKOMLINE,
RS. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
22 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 3e5dab9ea7
NEW 		none[none] none:none
 none|none none none
T:15:54:00 WinXP 208.127.160.116 (DSLEXTREME.COM):
DSL EXTREME,
LOS ANGELES, CALIFORNIA, US. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:15:57:00 WinXP 85.122.108.194 (-):
SC ROADTRANS SRL,
RO. (DSL) 		n/a PR:m.DRD3H.COM
PR:207.166.122.72:6668 		139 pcap raw alerts
ruleset 		ftp
irc
19 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 29f397698f
NEW 		none[none] none:none
 none|none none none
T:16:12:00 Win2K-f 76.164.164.149 (NEHP.NET):
NEW HOPE TELEPHONE,
HUNTSVILLE, ALABAMA, US. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 40 f897a2a60f
NEW 		none[none] none:none
 none|none none none
T:16:12:00 Win2K-f 190.208.74.184 (-):
TELMEX CHILE S.A HFC,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 5ed2885224
NEW 		none[none] none:none
 none|none none none
T:16:14:00 Win2K-f 72.174.248.233 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
DELTA, COLORADO, US. (DSL) 		n/a PR:m.DRD3H.COM
PR:207.166.122.72:6668 		139 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 17f4f7fd38
NEW 		none[none] none:none
 none|none none none
T:16:20:00 WinXP 88.160.66.246 (PROXAD.NET):
PROXAD / FREE SAS,
STRASBOURG, ALSACE, FR. (DSL) 		n/a PR:m.drd3h.com 139 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 0.8
profile 		none summary
tarball 		35 of 38 135dd35aab
NEW 		none[none] none:none
 none|none none none
T:16:34:00 WinXP 209.152.101.188 (NETINS.NET):
NETINS INC,
HUMBOLDT, IOWA, US. (100Mbps) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
21 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 e3faefa56a
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:16:37:00 WinXP 72.175.168.221 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
NEW YORK, NEW YORK, US. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
29 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 fe87c62b51
NEW 		fe87c62b51 [1] ASM:Graph
 pex| lines=19 trace
T:16:43:00 Win2K-f 115.80.159.241 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 db12dac6c7
NEW 		afaf06d6cd [0] ASM:Graph
 pex| lines=42 trace
T:16:46:00 Win2K-f 112.200.179.20 (PLDT.NET):
IPG,
LAS PINAS CITY, MANILA, PH. (DSL) 		n/a PR:m.drd3h.com 139 pcap raw alerts
ruleset 		ftp
irc
36 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 38 2533f17ad5
NEW 		none[none] none:none
 none|none none none
T:16:48:00 Win2K-f 113.252.180.107 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		38 of 41 8887d42f5c
NEW 		afaf06d6cd [0] ASM:Graph
 pex| lines=42 trace
T:16:53:00 WinXP 114.42.227.81 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a PR:m.DRD3H.COM
PR:207.166.122.72:6668 		139 pcap raw alerts
ruleset 		ftp
irc
40 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 46bf358cc3
NEW 		afaf06d6cd [0] ASM:Graph
 pex| lines=42 trace
T:17:20:00 Win2K-f 68.192.127.136 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
LAKEWOOD, NEW JERSEY, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:17:20:00 WinXP 66.50.4.27 (PRTC.NET):
PRTC RAS,
SAN JUAN, PUERTO RICO, PR. (DSL) 		60.190.222.139:65520 DE:proxim.ircgalaxy.pl
DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
irc
5 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41 5d26f533fd
NEW 		none[none] none:none
 none|none none none
17:51:00 Win2K-f 94.76.213.80 (AS29550.NET):
CANONICAL RANGE FOR HP3-LEFT,
UK. (100Mbps) 		n/a US:www.maxmind.com
:checkip.dyndns.org
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:18:16:00 Win2K-f 78.233.61.225 (PROXAD.NET):
PROXAD / FREE SAS,
FR. (DSL) 		n/a   139 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 5fa6f2f4f2
NEW 		1e4ad6cdb1 [0] ASM:Graph
 ASPack| lines=3065
embedded dns 		trace
T:18:19:00 Win2K-f 24.32.84.139 (CEBRIDGE.NET):
CEBRIDGE CONNECTIONS,
BURKBURNETT, TEXAS, US. (DSL) 		n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset 		ftp
irc
31 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 f22c5755c9
NEW 		none[none] none:none
 none|none none none
T:18:33:00 Win2K-f 122.49.241.179 (CCNET-AI.NE.JP):
COMMUNITY NETWORK CENTER INC,
TOYOKAWA, AICHI, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 32
33 of 33		 07fabc79ef
NEW
53bfe15e91
NEW 		none[0]
1473091351[0] 		none:none
ASM:Graph
 Armadillo|
tElock| 		lines=90
lines=75
embedded dns 		trace
trace
T:19:01:00 Win2K-f 122.49.244.141 (CCNET-AI.NE.JP):
COMMUNITY NETWORK CENTER INC,
TOYOKAWA, AICHI, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
88 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41
33 of 33		 26ba4fd8e8
NEW
53bfe15e91
NEW 		none[none]
1473091351[0] 		none:none
ASM:Graph
 none|none
tElock| 		none
lines=75
embedded dns 		none
trace
T:19:40:00 WinXP 4.225.211.227 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DENVER, COLORADO, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:20:55:00 WinXP 67.127.244.194 (PACBELL.NET):
APW KNOX SEEMAN,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:21:03:00 WinXP 112.104.132.79 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a PR:m.DRD3H.COM
PR:207.166.122.72:6668 		139 pcap raw alerts
ruleset 		ftp
irc
35 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 4dd4197eb4
NEW 		1d04d6dc84 [0] ASM:Graph
 ASPack| lines=3292
embedded dns 		trace
T:21:34:00 Win2K-f 70.167.78.199 (COX.NET):
COX COMMUNICATIONS,
SAN DIEGO, CALIFORNIA, US. (DSL) 		60.190.222.139:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
LV:ad.ghura.pl
CN:ku.perfectexe.com
US:sendinvest.com
:findhobbits.com
US:search.toptravellingtips.com
US:search.articleswave.co.uk
US:208.43.250.167:80 		135 pcap raw alerts
ruleset 		irc
http
208 lines 		Yeah : 1.8
profile 		none summary
tarball 		39 of 41
9 of 41
12 of 38
20 of 41
10 of 41
33 of 41
21 of 40
0 of 41		 03284f4f90
NEW
3a229391ac
NEW
5d8c5430ed
NEW
6c6f3cffe0
NEW
77828cb0f5
NEW
85ba1d361d
NEW
bcb7350137
NEW
bf0303ade8
NEW 		none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] 		none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
 none|none
none|none
none|none
none|none
none|none
none|none
none|none
none|none 		none
none
none
none
none
none
none
none 		none
none
none
none
none
none
none
none
T:21:38:00 WinXP 114.140.27.94 (FETNET.NET):
FAR EASTONE TELECOMMUNICATION CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 3ae357d17b
NEW 		none[0] none:none
 PolyEnE| lines=73 trace
T:21:40:00 WinXP 117.53.9.194 (ADACHI.NE.JP):
CABLE TELEVISION ADACHI CORP,
MIYAZAKI, MIYAZAKI, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
NEW 		none[0] none:none
 none|none lines=61 trace
T:21:51:00 Win2K-f 186.97.243.224 (-):
. 		83.133.119.206:65520 :www.catpig.com
:seekadvance.com
DE:proxim.ircgalaxy.pl
CN:ku.perfectexe.com 		445 pcap raw alerts
ruleset 		http
irc
29 lines 		Yeah : 1.3
profile 		none summary
tarball 		12 of 38
20 of 41		 5d8c5430ed
NEW
6c6f3cffe0
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
22:07:00 WinXP 186.97.243.224 (-):
. 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 8015c2d45f
NEW 		749cbc2739 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:22:55:00 WinXP 65.29.58.59 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MILWAUKEE, WISCONSIN, US. (DSL) 		62.193.249.122:3305 KR:cx10man.weedns.com 135 pcap raw alerts
ruleset 		irc
697 lines 		Yeah : 1.8
profile 		none summary
tarball 		38 of 41 ecfbf321d3
NEW 		none[none] none:none
 none|none none none
23:03:00 Win2K-f 117.102.8.222 (WORLDCALL.NET.PK):
LAHORE AMERICAN SCHOOL -LHR,
LAHORE, PUNJAB, PK. (100Mbps) 		n/a US:www.maxmind.com
US:www.getmyip.org
EU:getmyip.co.uk
:checkip.dyndns.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:78.40.35.134:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		2 of 37 223d8089f8
NEW 		none[3] none:none
 StarForce| none trace
T:23:13:00 WinXP 72.187.106.67 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW PORT RICHEY, FLORIDA, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
115 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 40
37 of 39		 1da4193446
NEW
6278c9374a
NEW 		8a97c8536a [none]
cc7aaf6ea9[none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:23:30:00 Win2K-f 65.25.73.224 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CANTON, OHIO, US. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
10 lines 		Yeah : 1.3
profile 		none summary
tarball 		none none none none none none none