Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

03 February 2011
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:32:00 Win2K-f 24.79.164.25 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
WINNIPEG, MANITOBA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1011 lines Yeah : 1.3
profile none summary
tarball 14 of 43
22 of 41 107618e56b
NEW
1e5b4de25f
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:01:02:00 WinXP 115.119.94.199 (VSNL.NET.IN):
INTERNET SERVICE PROVIDER,
IN. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] none:none
none|none lines=60 trace

T:02:08:00 WinXP 119.77.144.128 (UBBN.NET):
UNION BROADBAND NETWORK,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:03:32:00 WinXP 121.120.149.73 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 42 of 43 420b1a76c4
NEW none[none] none:none
none|none none none

03:54:00 WinXP 119.77.144.128 (UBBN.NET):
UNION BROADBAND NETWORK,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:04:14:00 WinXP 173.168.182.128 (RR.COM):
ROAD RUNNER HOLDCO LLC,
OLDSMAR, FLORIDA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 40 1761e9db94
NEW
d1e83e2d0a
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:04:32:00 WinXP 81.198.19.25 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 40 of 43 2e1de2483f
NEW none[none] none:none
none|none none none

04:47:00 WinXP 81.198.19.25 (-):
ADDRESS POOL FOR LTC-HOME CUSTOMERS,
RIGA, RIGA, LV. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 43 2e1de2483f
NEW none[none] none:none
none|none none none

06:05:00 WinXP 204.111.82.218 (SHENTEL.NET):
SHENTEL SERVICE COMPANY,
EDINBURG, VIRGINIA, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

T:06:40:00 Win2K-f 72.48.64.31 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS SAN ANTONIO HUB,
SAN ANTONIO, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
114 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:06:42:00 WinXP 79.163.238.152 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
PL. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

T:06:49:00 WinXP 175.106.57.215 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 e8180dbc02
NEW none[none] none:none
none|none none none

T:07:05:00 WinXP 180.207.204.61 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:07:28:00 WinXP 50.9.214.202 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:08:16:00 WinXP 121.121.186.167 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:08:27:00 WinXP 183.83.158.77 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 32 of 32 488d27fe97
NEW none[none] none:none
none|none none none

T:08:52:00 WinXP 164.132.69.194 (-):
IUNET S.P.A,
MILANO, LOMBARDIA, IT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 c3d60054fc
NEW none[none] none:none
none|none none none

T:08:58:00 WinXP 113.211.179.198 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 32 of 32 b502f83a7c
NEW 28f5be93b0 [0] ASM:Graph
PolyEnE| lines=73 trace

T:09:17:00 WinXP 112.78.65.92 (-):
VIBO TELECOM INC,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:09:29:00 WinXP 173.218.45.165 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:09:38:00 WinXP 121.120.250.164 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 42 of 43 420b1a76c4
NEW none[none] none:none
none|none none none

T:10:37:00 WinXP 180.218.124.244 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 42 751685117f
NEW none[none] none:none
none|none none none

T:10:47:00 WinXP 180.207.249.20 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:11:25:00 Win2K-f 67.83.214.254 (OPTONLINE.NET):
OPTIMUM ONLINE (CABLEVISION SYSTEMS),
PATERSON, NEW JERSEY, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:11:54:00 Win2K-f 27.98.18.14 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
99 lines Yeah : 1.3
profile none summary
tarball 39 of 40
40 of 41 6a6aaa5b73
NEW
8bde6dd126
NEW 63889c9976 [0]
885c68f500[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=42
lines=64
embedded dns trace
trace

T:12:16:00 Win2K-f 67.198.110.148 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS NETWORKS INC,
HARLINGEN, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:12:17:00 Win2K-f 24.106.163.138 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBUS, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
39 of 41 0563ea7af7
NEW
7e1532574f
NEW bc2e11a802 [0]
e6930769d0[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=65
embedded dns
lines=91 trace
trace

T:12:44:00 WinXP 109.54.175.251 (JWS.COM):
EU-ZZ,
UK. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:13:05:00 Win2K-f 24.123.239.226 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GERMANTOWN, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:13:21:00 WinXP 113.210.6.45 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:13:29:00 WinXP 190.132.89.160 (ANTELDATA.NET.UY):
ANCEL,
UY. (DIAL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 43 bf6c0846af
NEW none[none] none:none
none|none none none

T:13:34:00 WinXP 137.118.138.27 (WILKES.NET):
NEONOVA NETWORK SERVICES,
WILKESBORO, NORTH CAROLINA, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 1d0ce31c6d
NEW none[none] none:none
none|none none none

13:57:00 WinXP 113.210.6.45 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:14:19:00 WinXP 46.56.134.134 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:15:22:00 WinXP 93.102.98.253 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
COIMBRA, COIMBRA, PT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:15:34:00 Win2K-f 61.230.193.110 (PRESTONAUTO.COM):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a 135 pcap raw alerts
ruleset other
671 lines Yeah : 1.3
profile none summary
tarball 36 of 41 cc04277ea8
NEW bac4cc6eec [0] ASM:Graph
Armadillo| lines=218 trace

T:15:40:00 WinXP 91.194.198.96 (TRONIC.PL):
P.H.U. TRONIC,
PL. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 38 of 42 8a2553433c
NEW none[none] none:none
none|none none none

T:16:33:00 WinXP 98.135.161.8 (WINDSTREAM.NET):
ALLTEL SIP CUSTOMERS - OMAHA,
COLUMBIA, SOUTH CAROLINA, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 aad01847fa
NEW none[none] none:none
none|none none none

T:16:58:00 WinXP 204.111.24.111 (SHENTEL.NET):
SHENTEL SERVICE COMPANY,
US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

T:18:50:00 Win2K-f 203.114.106.150 (-):
BAMNETNARONGWITAYAKOMSCHOOL,
BANGKOK, KRUNG THEP, TH. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:19:05:00 Win2K-f 70.65.148.243 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
LETHBRIDGE, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 37 of 39 ef08153145
NEW none[none] none:none
none|none none none

T:19:17:00 Win2K-f 204.101.21.17 (QC.CA):
BELL MOBILITY INC,
MONTREAL, QUEBEC, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

20:28:00 WinXP 151.23.103.202 (-):
INFOSTRADA (IUNET),
NAPOLI, CAMPANIA, IT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:20:36:00 WinXP 61.227.143.84 (PRESTONAUTO.COM):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 43 5f0878d78e
NEW none[none] none:none
none|none none none

T:20:41:00 WinXP 123.193.85.77 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 43 622f232702
NEW none[none] none:none
none|none none none

T:21:10:00 WinXP 98.135.155.191 (WINDSTREAM.NET):
ALLTEL SIP CUSTOMERS - OMAHA,
NEW YORK, NEW YORK, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:21:24:00 WinXP 115.83.135.58 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 32 of 32 488d27fe97
NEW none[none] none:none
none|none none none

21:29:00 WinXP 98.135.155.191 (WINDSTREAM.NET):
ALLTEL SIP CUSTOMERS - OMAHA,
NEW YORK, NEW YORK, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:21:48:00 Win2K-f 175.113.64.57 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 3 of 41
33 of 33 8b41cb7a41
NEW
97fef473b9
NEW ef18d720f3 [0]
ff4e7d6992[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=90
lines=64
embedded dns trace
trace

T:22:03:00 WinXP 61.227.139.235 (PRESTONAUTO.COM):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru
:bitermi.com
US:casamusicaldelgado.com
:berkanenow.com
US:cdfshow.com.br 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 43 5f0878d78e
NEW none[none] none:none
none|none none none

T:22:51:00 WinXP 113.210.168.2 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 40 of 43 60c4a8055b
NEW none[none] none:none
none|none none none

T:22:51:00 WinXP 172.129.8.158 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

22:56:00 Win2K-f 220.231.117.26 (LOCALHOST):
ADSLDEFINITEIP-NET,
HO CHI MINH CITY, HO CHI MINH, VN. (DSL) n/a US:www.maxmind.com
EU:getmyip.co.uk
US:www.vouchercodes.net
EU:checkip.dyndns.org
US:208.43.124.51:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 0 of 43
28 of 39 5f5561beef
NEW
847cce8313
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:23:03:00 Win2K-f 175.112.95.161 (-):
. 91.193.194.67:65520 EU:proxim.ircgalaxy.pl
US:microsoft.com
CN:lb.perfectexe.com
CN:dick.perfectexe.com
CN:2b.perfectexe.com
CN:hn.yigeyuming.com
:a.95622.com
:1.95622.com
CN:222.170.127.203:88 135 pcap raw alerts
ruleset irc
http
175 lines Yeah : 1.8
profile none summary
tarball 28 of 42
40 of 43
29 of 43
24 of 42
40 of 43 8809b6417c
NEW
92b7f99e20
NEW
b34e640329
NEW
c413ca56c4
NEW
ec7cec691c
NEW none[none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none none
none
none
none
none

23:13:00 WinXP 204.111.83.203 (SHENTEL.NET):
SHENTEL SERVICE COMPANY,
EDINBURG, VIRGINIA, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

T:23:17:00 Win2K-f 112.201.69.109 (PLDT.NET):
IPG,
LAS PINAS CITY, MANILA, PH. (DSL) n/a
174.133.57.141:80
CN:222.170.127.203:88 135 pcap raw alerts
ruleset http
18 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:23:20:00 Win2K-f 96.11.111.219 (RR.COM):
ROAD RUNNER HOLDCO LLC,
US. (DSL) n/a 135 pcap raw alerts
ruleset other
1004 lines Yeah : 1.3
profile none summary
tarball 32 of 41 43b8f21924
NEW none[3] none:none
none|none none trace

T:23:26:00 Win2K-f 65.210.63.19 (-):
SUBURBAN HOSPITAL INC,
POTOMAC, MARYLAND, US. (DSL) n/a
CN:222.170.127.203:88 445 pcap raw alerts
ruleset http
32 lines Yeah : 0.8
profile none summary
tarball 2 of 43 8a38ffaca1
NEW none[none] none:none
none|none none none

T:23:44:00 Win2K-f 218.164.103.65 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 60.190.222.139:65520 :a.95622.com
CN:dick.perfectexe.com
CN:2b.perfectexe.com
EU:proxim.ircgalaxy.pl
CN:lb.perfectexe.com
CN:222.170.127.203:88 445 pcap raw alerts
ruleset http
irc
23 lines Yeah : 1.3
profile none summary
tarball none none none none none none none