Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

20 December 2010
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:52:00 WinXP 125.230.112.50 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:01:19:00 WinXP 61.205.5.100 (EONET.NE.JP):
K-OPTICOM CORPORATION,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] none:none
none|none lines=60 trace

T:01:46:00 Win2K-f 4.141.65.140 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
QUEENSBURY, NEW YORK, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
89 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:01:57:00 WinXP 121.121.110.97 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 32 of 32 5818023061
NEW none[0] none:none
PolyEnE| lines=68 trace

T:03:03:00 WinXP 38.125.55.86 (COGENTCO.COM):
PSINET INC,
US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

03:37:00 WinXP 118.233.131.112 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 43 of 43 c318ecb80c
NEW none[none] none:none
none|none none none

T:03:53:00 Win2K-f 24.211.45.105 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MARION, SOUTH CAROLINA, US. (DSL) n/a US:gg.arrancar.org
US:69.43.160.145:555 135 pcap raw alerts
ruleset other
158 lines Yeah : 1.3
profile none summary
tarball 37 of 41 51a03793ab
NEW 429f7618d3 [0] ASM:Graph
none|none lines=546 trace

03:56:00 WinXP 118.233.129.8 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 42 2a3119fb5a
NEW none[none] none:none
none|none none none

04:09:00 WinXP 61.62.187.230 (SO-NET.NET.TW):
SONY NETWORK TAIWAN LIMITED,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:04:15:00 WinXP 151.82.55.221 (51-151.NET24.IT):
IUNET-BNET,
MILANO, LOMBARDIA, IT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:04:31:00 WinXP 119.154.53.229 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
QUETTA, BALOCHISTAN, PK. (DIAL) n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 32 of 32 5818023061
NEW none[0] none:none
PolyEnE| lines=68 trace

T:04:40:00 Win2K-f 1.227.99.46 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 40 of 41
5 of 41 14f47ffd1e
NEW
50437008d9
NEW 90bf4b99ff [0]
c1b09ac5d7[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=56
embedded dns
lines=90 trace
trace

T:05:32:00 WinXP 121.120.90.80 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:06:10:00 WinXP 218.42.227.18 (EONET.NE.JP):
K-OPTICOM CORPORATION,
KOBE, HYOGO, JP. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:06:18:00 WinXP 87.96.173.92 (BLIXTVIK.SE):
BLIXTVIK INTERNET OCH TELEFONI AB,
STOCKHOLM, STOCKHOLMS LAN, SE. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

06:25:00 WinXP 218.42.227.18 (EONET.NE.JP):
K-OPTICOM CORPORATION,
KOBE, HYOGO, JP. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:07:01:00 WinXP 64.179.173.118 (IW.NET):
PRAIRIEWAVE CABLE MODEM DHCP,
YANKTON, SOUTH DAKOTA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 40
38 of 40 67f1a33096
NEW
724cf0dc37
NEW 148e04eaab [0]
901dd267d4[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:08:13:00 WinXP 59.103.212.224 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 43 21cca19488
NEW none[none] none:none
none|none none none

T:08:17:00 Win2K-f 117.104.61.69 (T-COM.NE.JP):
TOKAI CORPORATION,
SHIZUOKA, SHIZUOKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 6b315f5dbc
NEW
7938865f8c
NEW 7604b94520 [0]
a9b9e4904b[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

08:18:00 WinXP 114.36.0.22 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 ee77d33bdd
NEW none[none] none:none
none|none none none

T:08:25:00 WinXP 61.150.5.66 (163DATA.COM.CN):
XI'AN DATA BRANCH XIAN CITY SHAANXI PROVINCE,
XIAN, SHAANXI, CN. (DSL) n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:09:01:00 WinXP 180.68.125.201, 122.224.5.167 (INVALID IPV4 ADDRESS):
INVALID IPV4 ADDRESS,
INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS, INVALID IPV4 ADDRESS. (INVALID IPV4 ADDRESS) 91.193.194.67:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
CN:k.perfectexe.com
EU:www.derquda.com
CN:exe4.perfectexe.com
EU:justnewleft.ru
CN:d.perfectexe.com
:atlasmortgagees.info
:animalelectricity.info
:computersinternets.info
:trumpetlicks.com
:www.google.com
CN:122.224.6.48:666
74.125.19.99:80
EU:91.204.48.97:80 135 pcap raw alerts
ruleset irc
http
171 lines Yeah : 1.8
profile none summary
tarball 33 of 42
39 of 41
37 of 43
29 of 43
31 of 33 735053e788
NEW
ab9c4b5f21
NEW
b285975966
NEW
b34e640329
NEW
d789c8d157
NEW none[none]
5fe48b2dcc[0]
none [none]
none [none]
5f6572479f[0] none:none
ASM:Graph
none:none
none:none
ASM:Graph
none|none
Armadillo|
none|none
none|none
PolyEnE| none
lines=42
none
none
lines=113
embedded dns none
trace
none
none
trace

T:09:03:00 WinXP 114.137.5.251 (HINET.NET):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 41 5c6df5141d
NEW none[none] none:none
none|none none none

T:09:23:00 WinXP 89.117.247.25 (ERDVES.LT):
SC LITHUANIAN RADIO AND TV CENTER,
VILNIUS, VILNIAUS APSKRITIS, LT. (DSL) n/a US:m.drd3h.com 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 38 of 41 f996bf0275
NEW 1e4ad6cdb1 [0] ASM:Graph
ASPack| lines=3065
embedded dns trace

T:09:25:00 Win2K-f 95.180.51.183 (IKOMLINE.NET):
IKOMLINE,
RS. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 41 of 41 17f4f7fd38
NEW none[none] none:none
none|none none none

T:09:25:00 Win2K-f 78.60.238.37 (ZEBRA.LT):
LIETUVOS-TELEKOMAS,
VILNIUS, VILNIAUS APSKRITIS, LT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 b68d420d61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:09:29:00 WinXP 77.254.0.4 (INETIA.PL):
INTERNETIA,
ZAWIERCIE, KATOWICE, PL. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 36 of 40 9363d60262
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:09:35:00 WinXP 84.109.225.67 (BEZEQINT.NET):
CABLES-CUSTOMERS-CONNECTION,
JERUSALEM, YERUSHALAYIM, IL. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 41 of 41 17f4f7fd38
NEW none[none] none:none
none|none none none

T:09:38:00 WinXP 88.222.67.110 (-):
KAUNAS MEGANET AREA10 NETWORK,
KAUNAS, KAUNO APSKRITIS, LT. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 37 of 43 ce2d40e28c
NEW none[none] none:none
none|none none none

T:09:39:00 Win2K-f 87.7.198.187 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
PISA, TOSCANA, IT. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 e3faefa56a
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:09:48:00 Win2K-f 186.19.27.56 (-):
. n/a US:m.drd3h.com
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 40 of 42 088fcebecf
NEW none[none] none:none
none|none none none

T:09:52:00 WinXP 186.180.21.167 (-):
. n/a DE:citi-bank.ru
:kidos-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 31 of 42 da28d7ab5c
NEW none[none] none:none
none|none none none

T:09:58:00 Win2K-f 84.109.9.69 (BEZEQINT.NET):
CABLES-CUSTOMERS-CONNECTION,
TEL AVIV, TEL AVIV, IL. (DSL) n/a 139 pcap raw alerts
ruleset ftp
10 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:03:00 WinXP 46.109.64.156 (-):
. n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 36 of 40 9363d60262
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:03:00 WinXP 88.73.151.33 (ARCOR-IP.NET):
ARCOR-DSL-NET,
BERLIN, BERLIN, DE. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball 40 of 43 81540770eb
NEW none[none] none:none
none|none none none

T:10:13:00 Win2K-f 82.249.240.11 (PROXAD.NET):
PROXAD / FREE SAS,
FOURMIES, NORD-PAS-DE-CALAIS, FR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 40 3490e2ea15
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:14:00 WinXP 178.36.171.47 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 43 50465eaf96
NEW none[none] none:none
none|none none none

T:10:25:00 WinXP 91.204.37.213 (KUZNETSOVSK.NET):
ENERGY.NET (KUZNETSOVSK),
KIEV, KYYIV, UA. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 37 of 40 f14fd68756
NEW f14fd68756 [1] ASM:Graph
pex| lines=19 trace

T:10:29:00 Win2K-f 89.46.113.235 (C-SOLUTION.RO):
SC C SOLUTION SRL,
BUCHAREST, BUCURESTI, RO. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 41 29a3030e16
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:35:00 Win2K-f 89.231.124.83 (MM.PL):
SZEL-SAT,
PL. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 37 of 40 50cdd5c6cf
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:38:00 WinXP 89.186.138.140 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
MAGDEBURG, SACHSEN-ANHALT, DE. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 41 of 41 f16fcee967
NEW none[none] none:none
none|none none none

T:10:50:00 Win2K-f 92.80.146.233 (ROMTELECOM.NET):
ROMTELECOM DATA NETWORK,
GALATI, GALATI, RO. (DSL) 70.107.249.167:3921 US:h.maqder.info
US:70.107.249.167:3921 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 1.3
profile none summary
tarball 29 of 41 3e95ce386c
NEW none[none] none:none
none|none none none

T:10:50:00 WinXP 94.52.166.161 (-):
NEW COM TELECOMUNICATII SA,
BUCHAREST, BUCURESTI, RO. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 41 of 41 c03793a035
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:10:56:00 Win2K-f 82.229.250.215 (PROXAD.NET):
PROXAD / FREE SAS,
STRASBOURG, ALSACE, FR. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 40 50cdd5c6cf
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:11:03:00 WinXP 77.64.129.255 (PRIMACOM.NET):
PRIMACOM-HEADENDS,
CHEMNITZ, SACHSEN, DE. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 41 of 41 f16fcee967
NEW none[none] none:none
none|none none none

T:11:07:00 Win2K-f 208.103.156.118 (CORETEL.NET):
CORETEL AMERICA INC,
MYERSTOWN, PENNSYLVANIA, US. (DIAL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 b68d420d61
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:11:21:00 Win2K-f 178.233.49.79 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 41 494871556a
NEW none[none] none:none
none|none none none

T:11:22:00 Win2K-f 218.163.42.157 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 42 of 43 8cdf1ff83e
NEW none[none] none:none
none|none none none

T:11:22:00 WinXP 188.18.127.193 (PERMONLINE.RU):
OJSC URALSVYAZINFORM,
EKATERINBURG, SVERDLOVSK, RU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 42 of 43 3370517167
NEW none[none] none:none
none|none none none

T:11:27:00 WinXP 92.36.41.152 (SKYLINK.RU):
MOSCOW CELLULAR COMMUNICATIONS,
RU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 42 of 43 a8fc800d16
NEW none[none] none:none
none|none none none

T:11:30:00 Win2K-f 8.24.65.61 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DSL) n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 43 3584c66b3c
NEW none[none] none:none
none|none none none

T:11:32:00 WinXP 86.63.64.36 (COM.PL):
ASTA-NET PILA POLAND,
WARSAW, WARSZAWA, PL. (DSL) 70.107.249.167:3921 US:h.maqder.info
US:70.107.249.167:3921 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 1.3
profile none summary
tarball 41 of 43 a5d5c8ec12
NEW none[none] none:none
none|none none none

T:11:41:00 WinXP 86.63.124.242 (COM.PL):
ASTA-NET CUSTOMERS,
WARSAW, WARSZAWA, PL. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 40 of 41 e3faefa56a
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:11:54:00 Win2K-f 59.103.69.28 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
LAHORE, PUNJAB, PK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:11:57:00 WinXP 78.192.169.107 (PROXAD.NET):
PROXAD INTERNET SERVICE PROVIDER IN FRANCE,
FR. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 39 of 41 1b3d8e9fe7
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:12:04:00 Win2K-f 87.204.189.101 (COM.PL):
NETIA,
WARSAW, WARSZAWA, PL. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 39 of 41 29f397698f
NEW none[none] none:none
none|none none none

T:12:08:00 WinXP 84.0.188.227 (T-ONLINE.HU):
DSL DYNAMIC POOL T-ONLINE HUNGARY,
BUDAPEST, BUDAPEST, HU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
14 lines Yeah : 0.8
profile none summary
tarball 41 of 42 c049ae8bc8
NEW none[none] none:none
none|none none none

T:12:13:00 Win2K-f 62.178.24.94 (SURFER.AT):
UPC TELEKABEL,
VIENNA, WIEN, AT. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
20 lines Yeah : 0.8
profile none summary
tarball 40 of 41 8128405d8c
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:12:18:00 WinXP 178.36.156.112 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 42 of 43 03ee456782
NEW none[none] none:none
none|none none none

T:12:18:00 WinXP 77.254.148.210 (INETIA.PL):
INTERNETIA,
KRAKOW, MALOPOLSKIE, PL. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 42 of 43 c3f889a086
NEW none[none] none:none
none|none none none

T:12:25:00 Win2K-f 109.235.94.79 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 ec8ab501b3
NEW bac4cc6eec [0] ASM:Graph
Armadillo| lines=218 trace

T:12:28:00 Win2K-f 94.253.155.88 (XNET.HR):
BNET HRVATSKA,
HR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 41 6075efaf84
NEW none[none] none:none
none|none none none

T:12:31:00 WinXP 122.126.34.76 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 41 of 42 7d6256075e
NEW none[none] none:none
none|none none none

T:12:34:00 Win2K-f 187.35.61.233 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SANTO ANDRé, SAO PAULO, BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 41 ec8ab501b3
NEW bac4cc6eec [0] ASM:Graph
Armadillo| lines=218 trace

T:12:38:00 WinXP 78.233.26.213 (PROXAD.NET):
PROXAD / FREE SAS,
FR. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
28 lines Yeah : 0.8
profile none summary
tarball 41 of 41 db12dac6c7
NEW afaf06d6cd [0] ASM:Graph
pex| lines=42 trace

T:13:04:00 Win2K-f 92.82.230.165 (ROMTELECOM.NET):
ROMTELECOM DATA NETWORK,
RO. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 42 a3adf5694f
NEW none[none] none:none
none|none none none

T:13:12:00 Win2K-f 186.19.27.115 (-):
. n/a 139 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 40f180428a
NEW none[none] none:none
none|none none none

T:13:13:00 Win2K-f 187.34.179.121 (VELOXZONE.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 37 of 42 68d9aa22f9
NEW none[none] none:none
none|none none none

T:13:22:00 WinXP 79.163.119.221 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WARSAW, WARSZAWA, PL. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 34 d20f157117
NEW 738f555183 [0] ASM:Graph
PolyEnE| lines=68 trace

T:13:25:00 WinXP 77.47.71.247 (CABLESURF.DE):
KKG-GUE-DHCP-SPACE,
BERLIN, BERLIN, DE. (DSL) n/a US:m.DRD3H.COM
US:66.197.134.136:6668 139 pcap raw alerts
ruleset ftp
irc
24 lines Yeah : 0.8
profile none summary
tarball 35 of 40 c473a72583
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:13:26:00 WinXP 85.193.225.229 (ELPOS.NET):
CABLE TV ELPOS LTD. THRID POOL,
BIALYSTOK, PODLASKIE, PL. (DSL) n/a :node04.hewson.cns.ufl.edu
:wpad
**:gwc.jooz.net
:node02.hewson.cns.ufl.edu
**:gcache.cloppy.net
:ygwc.y-0.net
:gwc.mine.nu
**:bbs.robertwoolley.co.uk
:cache.kicks-ass.net
:filecloset.com
:gwc2.908middle.us
:crab2.dyndns.org
DE:gwc1c.olden.ch.3557.nyud.net 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 39 of 41 5db8fa5a5f
NEW none[none] none:none
none|none none none

T:13:41:00 Win2K-f 195.228.97.182 (TISZANET.HU):
HUNGARIAN TELECOM MATAV,
BUDAPEST, BUDAPEST, HU. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 42 of 43 a8fc800d16
NEW none[none] none:none
none|none none none

T:13:45:00 WinXP 24.79.138.127 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball 39 of 43 bad4c0311c
NEW none[none] none:none
none|none none none

T:13:49:00 WinXP 46.102.17.187 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 42 a5afad5d2f
NEW none[none] none:none
none|none none none

T:14:12:00 Win2K-f 118.166.74.145 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 38 of 43 8f4d2d39e2
NEW none[none] none:none
none|none none none

T:14:19:00 WinXP 74.63.227.146 (LSTN.NET):
LIMESTONE NETWORKS INC,
DALLAS, TEXAS, US. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 40 of 40 013a5ba10e
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:14:20:00 WinXP 188.173.15.75 (RIPE.NET):
EUROPEAN REGIONAL REGISTRY,
UK. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
18 lines Yeah : 0.8
profile none summary
tarball 40 of 43 531a598a70
NEW none[none] none:none
none|none none none

T:14:27:00 Win2K-f 92.47.167.200 (METRO.ONLINE.KZ):
JSC KAZAKHTELECOM KARAGANDA AFFILIATE,
KARAGANDA, WEST KAZAKHSTAN, KZ. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 40 of 42 f6c29b5afe
NEW none[none] none:none
none|none none none

T:14:34:00 WinXP 78.139.227.215 (TOMTELNET.RU):
TOMTEL. DOCSIS AND FTTH ISP IN TOMSK AND SEVERSK,
MOSCOW, MOSCOW CITY, RU. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 40 of 41 c13a6c3da5
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:15:20:00 WinXP 95.74.227.153 (-):
TELECOM ITALIA MOBILE,
IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 42 d1ee5191a5
NEW none[none] none:none
none|none none none

T:15:39:00 WinXP 178.179.172.131 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 39 of 43 4410d5ed68
NEW none[none] none:none
none|none none none

T:15:42:00 WinXP 82.229.93.152 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 40 of 41 e3faefa56a
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

15:48:00 WinXP 38.125.55.86 (COGENTCO.COM):
PSINET INC,
US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:15:48:00 Win2K-f 96.11.192.145 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CINCINNATI, OHIO, US. (DSL) n/a 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 40 of 42 45885d17fa
NEW none[none] none:none
none|none none none

16:10:00 WinXP 50.9.197.207 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

16:28:00 Win2K-f 210.212.213.82 (-):
THE TRANSPORT COMMISSIONER,
HYDERABAD, ANDHRA PRADESH, IN. (100Mbps) n/a US:www.maxmind.com
EU:getmyip.co.uk
GB:www.vouchercodez.com
EU:checkip.dyndns.org
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
7 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:16:33:00 WinXP 67.206.183.160 (ELTOPIA.NET):
ELTOPIA.COM LLC,
US. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:16:36:00 Win2K-f 210.212.213.82 (-):
THE TRANSPORT COMMISSIONER,
HYDERABAD, ANDHRA PRADESH, IN. (100Mbps) n/a US:www.maxmind.com
:checkip.dyndns.org
DE:131.220.6.26:80
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:16:55:00 WinXP 85.217.147.179 (ARB-WR01.EVO.BG):
EVO IP ADDRESS SPACE,
SOFIA, GRAD SOFIYA, BG. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
30 lines Yeah : 0.8
profile none summary
tarball 37 of 40 50cdd5c6cf
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:17:08:00 WinXP 87.16.11.228 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
SCANDIANO, EMILIA-ROMAGNA, IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:17:09:00 WinXP 202.105.139.34 (-):
SHENZHEN DUMMY COLLEGE GARDEN MANAGE SERVE CENTER,
SHENZHEN, GUANGDONG, CN. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 42 of 43
40 of 43 331a6f5295
NEW
a1d87adbad
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

17:09:00 WinXP 87.16.11.228 (RETAIL.TELECOMITALIA.IT):
TELECOM ITALIA S.P.A. TIN EASY LITE,
SCANDIANO, EMILIA-ROMAGNA, IT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:17:12:00 Win2K-f 173.26.22.210 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
MIDDLETOWN, NEW YORK, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:17:19:00 WinXP 82.255.39.94 (PROXAD.NET):
PROXAD / FREE SAS,
MARSEILLE, PROVENCE-ALPES-COTE D'AZUR, FR. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
25 lines Yeah : 0.8
profile none summary
tarball 40 of 40 013a5ba10e
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

T:17:50:00 Win2K-f 189.46.163.74 (TELESP.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 42 of 43 29de5324e1
NEW none[none] none:none
none|none none none

T:19:05:00 WinXP 66.80.150.209 (MEGAPATH.NET):
MEGAPATH NETWORKS INC,
SILVER SPRING, MARYLAND, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:19:08:00 WinXP 116.94.213.91 (OHASHI10.BBIQ.JP):
KYUSHU TELECOMMUNICATION NETWORK CO. INC,
NAGASAKI, NAGASAKI, JP. (DSL) n/a 139 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:19:58:00 Win2K-f 211.23.226.98 (-):
LIOU-TZUNG-YI-TC,
TAIPEI, T'AI-PEI, TW. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
116 lines Yeah : 1.3
profile none summary
tarball 39 of 41
37 of 40 5d445c59d8
NEW
8a54950abb
NEW 892e12db7b [0]
f6b9e43917[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:20:30:00 WinXP 78.92.51.166 (T-ONLINE.HU):
T-ONLINE DSL CLIENT POOL,
PECS, BARANYA, HU. (DSL) 74.117.174.122:16667 CA:bbs.moiservice.com 445 pcap raw alerts
ruleset ftp
irc
37 lines Yeah : 1.3
profile none summary
tarball 42 of 43 a347fd87e7
NEW none[none] none:none
none|none none none

T:21:21:00 WinXP 24.226.206.141 (CGOCABLE.NET):
COGECO CABLE CANADA INC,
RIMOUSKI, QUEBEC, CA. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 d6df3972a0
NEW none[0] none:none
PolyEnE| lines=65 trace

T:22:07:00 WinXP 189.65.243.179 (TIMBRASIL.COM.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
SãO PAULO, SAO PAULO, BR. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:22:23:00 WinXP 75.37.173.251 (SBCGLOBAL.NET):
JASON LEE,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:22:34:00 Win2K-f 68.148.128.61 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 37 of 41 a09afd3528
NEW none[none] none:none
none|none none none

T:22:53:00 Win2K-f 89.115.152.59 (-):
ILINK REZIDENTIAL,
BUCHAREST, BUCURESTI, RO. (DSL) n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 42 of 43 8bff1912e0
NEW none[none] none:none
none|none none none

T:22:56:00 WinXP 112.110.154.115 (-):
GPRS VAS SERVICES,
IN. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 2d91a8cacb
NEW none[none] none:none
none|none none none

T:23:00:00 WinXP 190.132.239.36 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
UY. (DIAL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 41 5c6df5141d
NEW none[none] none:none
none|none none none

T:23:23:00 WinXP 219.112.185.229 (THN.NE.JP):
TOKAI CORPORATION,
SHIZUOKA, SHIZUOKA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 6b315f5dbc
NEW
7938865f8c
NEW 7604b94520 [0]
a9b9e4904b[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace