Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

02 August 2010
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:06:00 WinXP 188.176.70.105 (DSL.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
DK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:00:11:00 Win2K-f 61.95.250.169 (MANTRAONLINE.COM):
USED FOR NETWORK INFRASTRUCTURE,
NEW DELHI, DELHI, IN. (100Mbps) n/a US:www.maxmind.com
:checkip.dyndns.org
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:02:14:00 Win2K-f 110.11.206.190 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 60.190.222.139:65520 DE:proxima.ircgalaxy.pl
US:microsoft.com 135 pcap raw alerts
ruleset irc
155 lines Yeah : 1.8
profile none summary
tarball 39 of 41
31 of 33 ab9c4b5f21
NEW
d789c8d157
NEW 5fe48b2dcc [0]
5f6572479f[0] ASM:Graph
ASM:Graph
Armadillo|
PolyEnE| lines=42
lines=113
embedded dns trace
trace

T:02:41:00 Win2K-f 114.44.113.132 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 91.188.59.12:65520 83.133.119.206:65520 DE:proxima.ircgalaxy.pl
LV:ad.ghura.pl 445 pcap raw alerts
ruleset irc
http
17 lines Yeah : 0.8
profile none summary
tarball 31 of 41
32 of 42 31ae779411
NEW
85025082b4
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:03:03:00 WinXP 93.102.231.238 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
PT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 30 of 32 6f89425f8a
NEW 6480c2f949 [0] ASM:Graph
PolyEnE| lines=73 trace

T:04:55:00 WinXP 79.163.157.0 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WROCLAW, DOLNOSLASKIE, PL. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 41 5c6df5141d
NEW none[none] none:none
none|none none none

T:05:09:00 WinXP 213.102.100.254 (TELE2.DE):
TELE2 GERMANY GMBH,
DE. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:05:11:00 WinXP 61.218.191.251 (-):
LIAN HONG BUSINESS CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
118 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 761a66b891
NEW
98d05c039b
NEW b469dac5dc [0]
none [none] ASM:Graph
none:none
tElock|
none|none lines=64
embedded dns
none trace
none

T:06:12:00 Win2K-f 208.126.64.227 (NETINS.NET):
BROOKLYN MUTUAL TELEPHONE CO,
BROOKLYN, IOWA, US. (DSL) n/a DE:irc.zief.pl
LV:ad.ghura.pl 135 pcap raw alerts
ruleset irc
http
309 lines Yeah : 1.3
profile none summary
tarball 40 of 41
32 of 42 17f476ffd5
NEW
85025082b4
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:06:29:00 WinXP 201.69.105.186 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 42 fe4eef18e1
NEW none[none] none:none
none|none none none

T:06:40:00 Win2K-f 89.178.202.78 (CORBINA.RU):
BROADBAND CUSTOMERS IN MOSCOW,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a DE:irc.zief.pl
LV:ad.ghura.pl
US:gg.arrancar.org
US:69.43.160.145:555 445 pcap raw alerts
ruleset irc
http
40 lines Argh : 0.3
profile none summary
tarball 31 of 41 31ae779411
NEW none[none] none:none
none|none none none

T:07:03:00 Win2K-f 70.182.94.31 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. (DSL) 91.188.59.12:65520 83.133.119.206:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
LV:ad.ghura.pl 135 pcap raw alerts
ruleset irc
http
136 lines Yeah : 1.8
profile none summary
tarball 31 of 41
32 of 36
35 of 36 31ae779411
NEW
bea8cb1865
NEW
fac78fde16
NEW none[none]
154de51a66[0]
882896ab05[0] none:none
ASM:Graph
ASM:Graph
none|none
Armadillo|
tElock| none
lines=91
lines=126
embedded dns none
trace
trace

T:07:22:00 WinXP 58.123.70.7 (HANANET.NET):
HANARO TELECOM INC,
KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 3 of 41
33 of 33 8b41cb7a41
NEW
97fef473b9
NEW ef18d720f3 [0]
ff4e7d6992[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=90
lines=64
embedded dns trace
trace

T:07:34:00 WinXP 87.205.67.44 (INETIA.PL):
INTERNETIA,
POZNAN, WIELKOPOLSKIE, PL. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 0.8
profile none summary
tarball 36 of 40 9363d60262
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:07:35:00 Win2K-f 82.249.159.193 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 42 067d2ab57e
NEW none[none] none:none
none|none none none

T:07:35:00 WinXP 221.126.151.199 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:07:38:00 Win2K-f 83.159.103.201 (LIBERTYSURF.NET):
TELECOM ITALIA FRANCE BROADBAND POOLS,
PARIS, ILE-DE-FRANCE, FR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 30 of 39 1a6c7da535
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:07:41:00 WinXP 217.68.182.176 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 0.8
profile none summary
tarball 41 of 42 250e546031
NEW none[none] none:none
none|none none none

T:07:46:00 WinXP 110.8.69.24 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 91.188.59.12:65520 DE:proxima.ircgalaxy.pl
US:microsoft.com
LV:91.188.59.12:65520 135 pcap raw alerts
ruleset irc
99 lines Yeah : 1.8
profile none summary
tarball none
38 of 40 6a4845ca11
NEW
ffafd341d9
NEW c23d00870b [0]
294fb27545[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=120
embedded dns
lines=91 trace
trace

T:07:50:00 Win2K-f 77.95.49.218 (STANSAT.PL):
STANSAT IP SUBSCRIBERS,
WARSAW, WARSZAWA, PL. (DSL) n/a 139 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 40 of 41 c9aed378f1
NEW 4fadf3fb74 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:07:56:00 Win2K-f 125.4.239.229 (ZAQ.NE.JP):
J:COM WEST CO. LTD,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 39 of 41
40 of 41 1b1db1c992
NEW
8a50345c2f
NEW a8036b5105 [0]
585123125f[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:08:02:00 Win2K-f 70.61.169.2 (RR.COM):
ROAD RUNNER HOLDCO LLC,
KETTERING, OHIO, US. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:03:00 WinXP 87.205.192.197 (INETIA.PL):
INTERNETIA,
WARSAW, WARSZAWA, PL. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
47 lines Yeah : 0.8
profile none summary
tarball 40 of 42 7960f6113b
NEW none[none] none:none
none|none none none

T:08:07:00 WinXP 75.119.111.22 (LDMI.COM):
IDEAL TECHNOLOGY SOLUTIONS US INC,
DETROIT, MICHIGAN, US. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
55 lines Yeah : 0.8
profile none summary
tarball 40 of 41 b68d420d61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:11:00 WinXP 94.251.249.102 (-):
SERVERS STREAM COMMUNICATIONS,
PL. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
43 lines Yeah : 0.8
profile none summary
tarball 40 of 41 c13a6c3da5
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:16:00 Win2K-f 174.1.97.24 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 c4f4cf6afa
NEW none[none] none:none
none|none none none

T:08:18:00 Win2K-f 81.84.68.169 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 42 88f39e2bbf
NEW none[none] none:none
none|none none none

T:08:18:00 WinXP 88.28.118.197 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
MADRID, MADRID, ES. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
59 lines Yeah : 0.8
profile none summary
tarball 37 of 40 4dd4197eb4
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:32:00 WinXP 82.67.180.48 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
49 lines Yeah : 0.8
profile none summary
tarball 39 of 40 379a6daa0d
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:35:00 Win2K-f 113.254.112.208 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 42 ae80523c0e
NEW none[none] none:none
none|none none none

T:08:53:00 WinXP 86.63.107.185 (COM.PL):
ASTA-NET CUSTOMERS,
WARSAW, WARSZAWA, PL. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
35 lines Yeah : 0.8
profile none summary
tarball 40 of 41 e3faefa56a
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:57:00 WinXP 92.83.125.89 (-):
SMALL CUSTOMERS,
BUCHAREST, BUCURESTI, RO. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
55 lines Yeah : 0.8
profile none summary
tarball 40 of 41 e3faefa56a
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:08:58:00 Win2K-f 115.81.55.24 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 41 fe87c62b51
NEW fe87c62b51 [1] ASM:Graph
pex| lines=19 trace

T:08:59:00 Win2K-f 208.103.159.234 (CORETEL.NET):
CORETEL AMERICA INC,
MYERSTOWN, PENNSYLVANIA, US. (DIAL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 36 of 40 9363d60262
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:09:02:00 WinXP 208.103.145.3 (CORETEL.NET):
CORETEL AMERICA INC,
WESTMINSTER, MARYLAND, US. (DIAL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
54 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:09:21:00 Win2K-f 178.83.209.233 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 40 4dd4197eb4
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:09:34:00 WinXP 70.68.59.66 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
COQUITLAM, BRITISH COLUMBIA, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 35 of 42
39 of 41 598fd8ba00
NEW
b3bf8ce518
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:09:36:00 WinXP 112.200.179.60 (PLDT.NET):
IPG,
LAS PINAS CITY, MANILA, PH. (DSL) n/a PR:m.drd3h.com
PR:207.166.122.75:6668 139 pcap raw alerts
ruleset ftp
irc
29 lines Yeah : 0.8
profile none summary
tarball 39 of 42 ae80523c0e
NEW none[none] none:none
none|none none none

T:09:47:00 Win2K-f 118.232.184.89 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 41 e25842bcd6
NEW none[none] none:none
none|none none none

T:09:53:00 WinXP 172.130.55.237 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:09:54:00 WinXP 218.191.121.14 (HUTCHCITY.COM):
HUTCHISON GLOBAL COMMUNICATIONS,
HONG KONG, HONG KONG (SAR), HK. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 0.8
profile none summary
tarball 38 of 40 3490e2ea15
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:00:00 WinXP 79.40.155.103 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA NET,
ROME, LAZIO, IT. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:10:04:00 Win2K-f 89.39.33.38 (FDX.RO):
SC FULL DUPLEX SRL,
BUCHAREST, BUCURESTI, RO. (DSL) n/a PR:m.DRD3H.COM
PR:207.166.122.75:6668 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 0.8
profile none summary
tarball 38 of 41 fe87c62b51
NEW fe87c62b51 [1] ASM:Graph
pex| lines=19 trace

T:10:04:00 Win2K-f 85.66.146.116 (BACS-NET.HU):
FIBERNET COMMUNICATION CO,
BUDAPEST, BUDAPEST, HU. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 40 013a5ba10e
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:04:00 WinXP 137.118.218.233 (WILKES.NET):
NEONOVA NETWORK SERVICES,
COLSTRIP, MONTANA, US. (100Mbps) n/a PR:m.DRD3H.COM
PR:207.166.122.75:6668 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 0.8
profile none summary
tarball 39 of 40 379a6daa0d
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:11:00 Win2K-f 66.43.224.174 (NETINS.NET):
ALPINE COMMUNICATIONS,
ELKADER, IOWA, US. (DIAL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 40 50cdd5c6cf
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:20:00 Win2K-f 113.19.209.130 (VSNL.NET.IN):
INTERNET SERVICE PROVIDER,
IN. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 41 e25842bcd6
NEW none[none] none:none
none|none none none

T:10:24:00 WinXP 86.63.125.9 (COM.PL):
ASTA-NET CUSTOMERS,
WARSAW, WARSZAWA, PL. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
27 lines Yeah : 0.8
profile none summary
tarball 40 of 41 e3faefa56a
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:31:00 WinXP 77.64.159.227 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
LEIPZIG, SACHSEN, DE. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 0.8
profile none summary
tarball 41 of 41 f16fcee967
NEW none[none] none:none
none|none none none

T:10:51:00 Win2K-f 41.250.28.82 (IAM.NET.MA):
AFRINIC,
CASABLANCA, CASABLANCA, MA. (DSL) 143.225.93.198:65267 AR:pimp.foilball.info 135 pcap raw alerts
ruleset irc
841 lines Yeah : 1.3
profile none summary
tarball 31 of 42 96a0cbeb88
NEW none[none] none:none
none|none none none

T:11:01:00 Win2K-f 92.115.34.86 (HOST-STATIC-92-115-28-10.MOLDTELECOM.MD):
JSC MOLDTELECOM SA,
CHISINAU, CHISINAU, MD. (DSL) 143.225.93.198:65267 AR:pimp.foilball.info
IT:143.225.93.198:65267 135 pcap raw alerts
ruleset irc
778 lines Yeah : 1.3
profile none summary
tarball 17 of 42 6e4e6297a0
NEW none[none] none:none
none|none none none

T:11:29:00 Win2K-f 89.152.115.181 (CPE.NETCABO.PT):
TVCABO-PORTUGAL CABLE MODEM NETWORK,
PT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 f534041536
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:11:30:00 WinXP 81.198.157.193 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. (DSL) n/a PR:m.DRD3H.COM
PR:207.166.122.75:6668 139 pcap raw alerts
ruleset ftp
irc
19 lines Yeah : 0.8
profile none summary
tarball 36 of 40 9363d60262
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:11:37:00 WinXP 67.106.48.106 (CONCENTRIC.NET):
XO COMMUNICATIONS,
SALT LAKE CITY, UTAH, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:11:46:00 Win2K-f 193.198.181.228 (CARNET.HR):
CARNET-BNET-XCARNET-ST,
SPLIT, SPLITSKO-DALMATINSKA, HR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 40 379a6daa0d
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:12:09:00 Win2K-f 180.177.131.163 (-):
. n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 0.8
profile none summary
tarball 41 of 41 5ed2885224
NEW none[none] none:none
none|none none none

T:12:21:00 Win2K-f 174.1.89.149 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 0.8
profile none summary
tarball 40 of 41 c4f4cf6afa
NEW none[none] none:none
none|none none none

T:12:27:00 WinXP 119.154.130.163 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:12:32:00 WinXP 67.9.234.77 (RR.COM):
ROAD RUNNER HOLDCO LLC,
EL PASO, TEXAS, US. (DSL) n/a :moscow-advokat.ru
SE:ozbytes.dal.net
:flanders.be.eu.undernet.org
SE:broadway.ny.us.dal.net
SE:coins.dal.net
:lia.zanet.net
:washington.dc.us.undernet.org
SE:viking.dal.net
SE:vancouver.dal.net
FI:london.uk.eu.undernet.org
:lulea.se.eu.undernet.org
:los-angeles.ca.us.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:12:36:00 Win2K-f 109.87.137.156 (JWS.COM):
EU-ZZ,
UK. (DSL) 143.225.93.198:65267 AR:pimp.foilball.info 135 pcap raw alerts
ruleset irc
703 lines Yeah : 1.3
profile none summary
tarball 29 of 42 957eacda80
NEW none[none] none:none
none|none none none

T:12:55:00 Win2K-f 85.66.186.5 (BACS-NET.HU):
FIBERNET COMMUNICATION CO,
BUDAPEST, BUDAPEST, HU. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:13:06:00 Win2K-f 123.195.126.40 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 41 e25842bcd6
NEW none[none] none:none
none|none none none

T:13:14:00 WinXP 70.71.245.134 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
LANGLEY, BRITISH COLUMBIA, CA. (DSL) n/a US:gg.arrancar.org
US:69.43.160.145:555 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 40 of 41 f3932b94a6
NEW 910494cc45 [0] ASM:Graph
none|none lines=546 trace

T:13:22:00 WinXP 200.100.143.100 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DIAL) n/a DE:proxim.ircgalaxy.pl
DE:citi-bank.ru
DE:213.155.0.224:80
LV:91.188.59.12:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 42 46223f7d9a
NEW none[none] none:none
none|none none none

T:13:43:00 Win2K-f 72.51.228.221 (NEWWAVECOMM.NET):
NEW WAVE COMMUNICATIONS,
MALDEN, MISSOURI, US. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 0.8
profile none summary
tarball 40 of 41 ae7a5cd8b1
NEW 18ff3687ad [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:14:05:00 Win2K-f 82.250.87.233 (PROXAD.NET):
PROXAD / FREE SAS,
LILLE, NORD-PAS-DE-CALAIS, FR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:14:40:00 Win2K-f 118.232.238.197 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a PR:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
31 lines Yeah : 0.8
profile none summary
tarball 40 of 40 0629d7fc42
NEW none[none] none:none
none|none none none

T:14:41:00 Win2K-f 68.147.3.53 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1008 lines Yeah : 1.3
profile none summary
tarball 31 of 41 682a384fe9
NEW none[3] none:none
none|none none trace

T:14:51:00 WinXP 173.31.86.30 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
MIDDLETOWN, NEW YORK, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 8583b476c4
NEW
b6a8e96230
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:14:54:00 WinXP 180.218.242.23 (-):
. n/a PR:m.DRD3H.COM
PR:207.166.122.75:6668 139 pcap raw alerts
ruleset ftp
irc
33 lines Yeah : 0.8
profile none summary
tarball 39 of 40 379a6daa0d
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:15:14:00 WinXP 174.6.0.122 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:16:43:00 Win2K-f 178.79.11.166 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 ffbb6cbe61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

18:02:00 Win2K-f 24.80.177.65 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a US:www.maxmind.com
EU:getmyip.co.uk
:www.vouchercodes.com
:checkip.dyndns.org
US:www.getmyip.org
208.78.70.70:80
US:67.15.94.80:80
US:75.126.138.202:80
94.236.56.130:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 2 of 37 409ef22885
NEW none[3] none:none
UPX| none trace

18:45:00 WinXP 174.6.0.122 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:20:50:00 WinXP 186.10.159.158 (-):
. n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:21:51:00 WinXP 190.108.155.78 (E-CORPNET.ORG):
TELEFONICA MOVIL DE CHILE S.A,
SANTIAGO, REGION METROPOLITANA, CL. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 f45285574e
NEW d984958bf9 [0] ASM:Graph
PolyEnE| lines=68 trace

T:22:33:00 WinXP 99.112.116.227 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:22:54:00 Win2K-f 180.218.8.75 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 39 of 41
40 of 41 1b1db1c992
NEW
8a50345c2f
NEW a8036b5105 [0]
585123125f[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:23:51:00 WinXP 4.224.180.46 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
DRESDEN, OHIO, US. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace